def load(self, name): self.__lock.acquire() try: passwd_db = PasswdFile(self.__password_file) passwd_db.load() if name in passwd_db: self.__user = passwd_db[name] else: self.__user = None raise EInvalidValue('name', name, 'No such user.') self.__file_modified = passwd_db.last_modified() # loading /etc/shadow database shadow_db = ShadowFile(self.__shadow_file) shadow_db.load() if name in shadow_db: self.__shadow = shadow_db[name] else: self.__shadow = None raise EInvalidValue('User (', name, ') does not exist in shadow') self.__shadow_file_modified = shadow_db.last_modified() self.__loaded = 1 finally: self.__lock.release()
def load(self,name): self.__lock.acquire() try: passwd_db = PasswdFile(self.__password_file) passwd_db.load() if name in passwd_db: self.__user = passwd_db[name] else: self.__user = None raise EInvalidValue('name',name,'No such user.') self.__file_modified = passwd_db.last_modified() # loading /etc/shadow database shadow_db = ShadowFile(self.__shadow_file) shadow_db.load() if name in shadow_db: self.__shadow = shadow_db[name] else: self.__shadow = None raise EInvalidValue('User (' ,name, ') does not exist in shadow') self.__shadow_file_modified = shadow_db.last_modified() self.__loaded = 1 finally: self.__lock.release()
def load(self, name): self.__lock.acquire() try: passwd_db = PasswdFile(self.__password_file) passwd_db.load() if name in passwd_db: self.__user = passwd_db[name] else: raise EInvalidValue('name', name, 'No such user.') shadow_db = ShadowFile(self.__shadow_file) shadow_db.load() if name in shadow_db: self.__shadow = shadow_db[name] else: raise EInvalidValue('name', name, 'No such user.') self.__groups = [] groups_db = GroupFile(self.__group_file) groups_db.load() for group_name in self.__user.groups(groups_db): self.__groups.append(groups_db[group_name]) if not self.__groups: raise EInvalidValue('name', name, 'User belongs to no groups.') self.__loaded = 1 finally: self.__lock.release()
def configure(self, config): for attrname in self.readonly: current = getattr(self, attrname, None) incoming = config.get(attrname) if None not in (current, incoming) and (current != incoming): message = 'Attribute "%s" is readonly for User "%s". ' message += 'Overriding new value %s with current value %s.' message = message % (attrname, self.name, incoming, current) msglog.log('broadway', msglog.types.WARN, message) config[attrname] = current self.description = config.get('description', self.description) self.homepage = config.get('homepage', self.homepage) # Ignoring password if all astericks. password = config.get('password', "") if config.has_key('old_password') and config.get('old_password') == '': raise Exception("Invalid Old Password") old_password = config.get('old_password', None) if password and (password != len(password) * '*'): system_users = PasswdFile() system_users.load() if old_password and config.get('name', '') in system_users: system_shadow = ShadowFile() system_shadow.load() shadowentry = system_shadow[config.get('name')] if not shadowentry.password_matches_crypt(old_password): raise Exception("Invalid Old Password") self.__set_password(password) self.password = password super(User, self).configure(config) if config.has_key('roles'): self.set_roles(list(config.get('roles', self.roles)))
def load(self, name): self.__lock.acquire() try: passwd_db = PasswdFile(self.__password_file) passwd_db.load() if name in passwd_db: self.__user = passwd_db[name] else: raise EInvalidValue("name", name, "No such user.") shadow_db = ShadowFile(self.__shadow_file) shadow_db.load() if name in shadow_db: self.__shadow = shadow_db[name] else: raise EInvalidValue("name", name, "No such user.") self.__groups = [] groups_db = GroupFile(self.__group_file) groups_db.load() for group_name in self.__user.groups(groups_db): self.__groups.append(groups_db[group_name]) if not self.__groups: raise EInvalidValue("name", name, "User belongs to no groups.") self.__loaded = 1 finally: self.__lock.release()
def set_password(self,password, validate=True): self.__lock.acquire() try: shadow_db = ShadowFile(self.__shadow_file) shadow_db.load() shadowentry = shadow_db[self.name()] shadowentry.passwd(password, validate) shadow_db[self.name()] = shadowentry shadow_db.save() finally: self.__lock.release() self.load(self.name())
def save(self): self.__lock.acquire() try: passwd_db = PasswdFile(self.__password_file) passwd_db.load() passwd_db[self.name()] = self.password_entry() passwd_db.save() # save /etc/shadow content shadow_db = ShadowFile(self.__shadow_file) shadow_db.load() shadow_db[self.name()] = self.shadow_entry() shadow_db.save() finally: self.__lock.release() self.load(self.name())
def is_dirty(self): if not self.__loaded: return 1 self.__lock.acquire() try: passwd_db = PasswdFile(self.__password_file) if not passwd_db.exists(): return 1 else: return not not (passwd_db.last_modified() > self.__file_modified) shadow_db = ShadowFile(self.__shadow_file) if not shadow_db.exists(): return 1 else: return not not (shadow_db.last_modified() > self.__shadow_file_modified) finally: self.__lock.release()
def set_password(self, password, validate=True): self.__lock.acquire() try: shadow_db = ShadowFile(self.__shadow_file) shadow_db.load() shadowentry = shadow_db[self.name()] shadowentry.passwd(password, validate) shadow_db[self.name()] = shadowentry shadow_db.save() finally: self.__lock.release() self.load(self.name())
def __synchronize_system(self, usernode, currentname=None, validate=True): system_users = PasswdFile() system_shadow = ShadowFile() system_groups = GroupFile() userchange = False shadowchange = False groupchange = False group_is_private = False system_users.load() system_shadow.load() system_groups.load() flag = 0 #flag will be used to check if system admin is #being demoted. bug CSCth82465 #if system admin is being demoted, #it's entry will be removed and added again if usernode and usernode.name in system_users: userentry = system_users[usernode.name] #user is a system administrator, but not mpxadmin, #and it's current role is not mpxadmin #i.e. a system administrator other than mpxadmin is being demoted if userentry.user_type() == 'mpxadmin' \ and usernode.name != 'mpxadmin' \ and self.role_manager.administrator.name not in usernode.roles: flag = 1 if usernode is None or flag: # If no usernode is provided, the user with name 'currentname' is # being removed. if flag: currentname = usernode.name if currentname is None: raise ValueError('Name must be provided when removing user.') userentry = system_users[currentname] # Loop through all groups to which user belongs, removing user. groups = userentry.groups(system_groups) for groupentry in groups: users = groupentry.user_list() # User is not in user list of private group, so only # groups in to which user *also* belongs are modified. if currentname in users: users.remove(currentname) groupentry.user_list(users) groupchange = True message = 'removed user "%s" from group "%s".' self.output_message(message % (currentname, groupentry.group())) # If a private group was associated with the user--a group # whose name is the same as the user name and whose member # list contains no entries--find and remove it to keep clean. if currentname in system_groups: groupentry = system_groups[currentname] if len(groupentry.user_list()) == 0: # Private group for user entry, remove it. del (system_groups[currentname]) groupchange = True self.output_message('removed private group "%s".' % currentname) # Finally, delete user itself. del (system_users[userentry.user()]) userchange = True # delete user details from /etc/shadow del (system_shadow[userentry.user()]) shadowchange = True self.output_message('removed user "%s" from system.' % currentname) #delete user from the cache as_node('/services/User Manager').remove_user(currentname) if usernode: username = usernode.name # Name may be being changed. Node reference always has correct # name, where 'currentname' is the previous name if the name # is in fact being changed. Rename child operations take # advantage of this. if currentname is None: currentname = username if currentname in system_users: # User already exists, must be being updated. fd = open("/etc/group", "r") userentry = system_users[currentname] userid = userentry.uid() groupid = userentry.gid() flag = 1 for line in fd.readlines(): if re.search(str(groupid), line, re.IGNORECASE) != None: flag = 0 break if flag: cmd = "addgroup -g " cmd += str(groupid) cmd += " " cmd += currentname os.system(cmd) flag = 0 groupentry = system_groups[groupid] shadowentry = system_shadow[currentname] else: # User is completely new and user and private group # must be created. userid = system_users.new_uid() while userid in system_groups: userid = system_users.new_uid(userid) else: groupid = userid userentry = PasswdEntry() groupentry = GroupEntry() shadowentry = ShadowEntry() message = 'creating user "%s" and group "%s".' self.output_message(message % (username, username)) # A private group has the same name as the associated # user account. group_is_private = False if groupentry.group() == userentry.user(): group_is_private = True # If username has changed: change entry and flag. if userentry.user() != username: groups = [] if userentry.user() is not None: # New users cause exception when doing # group lookup before name is set. groups = userentry.groups(system_groups) currentname = userentry.user() userentry.user(username, validate) userchange = True shadowentry.user(username, validate) shadowchange = True message = 'changed user name from "%s" to "%s".' self.output_message(message % (currentname, username)) # Modify groups to which user belongs to reflect updated name. for group in groups: users = group.user_list() if currentname in users and username not in users: users[users.index(currentname)] = username group.user_list(users) groupchange = True message = 'changed user "%s" in group "%s" to "%s".' self.output_message( message % (currentname, group.group(), username)) # If group is only for this user and group name isn't username, # change and flag. if group_is_private and groupentry.group() != username: currentgroup = groupentry.group() groupentry.group(username) groupchange = True message = 'changed group name from "%s" to "%s".' self.output_message(message % (currentgroup, username)) # Change user-entry's password if doesn't match user node's. password = usernode.password if len(password ) and not shadowentry.password_matches_crypt(password): shadowentry.user(username, validate) shadowentry.passwd(password, validate) userentry.passwd('x', False) shadowentry.lstchg() shadowchange = True userchange = True self.output_message('changed password for user "%s".' % username) # Set user-entry UID to calulated UID (used for new entries). if not userentry.uid() == userid: currentuid = userentry.uid() userentry.uid(userid) userchange = True message = 'changed UID for user "%s" from %s to %s.' self.output_message(message % (username, currentuid, userid)) # Set user-entry GID to calculated GID (used for new entries). if userentry.gid() != groupid: currentgid = userentry.gid() userentry.gid(groupid) userchange = True message = 'changed GID for user "%s" from %s to %s.' self.output_message(message % (username, currentgid, groupid)) if not userentry.gecos(): currentgecos = userentry.gecos() userentry.gecos('ROLE=user') userchange = True message = 'changed gecos for user "%s" from %s to %s.' self.output_message(message % (username, currentgecos, 'ROLE=user')) # Set group-entry GID to calculated GID (should match whether private or not). if groupentry.gid() != groupid: currentgid = groupentry.gid() groupentry.gid(groupid) groupchange = True message = 'changed GID for group "%s" from %s to %s.' self.output_message(message % (groupentry.group(), currentgid, groupid)) if userchange: # Passwd file changed, set user into user dicationary # in case user was newly created, and save back file. system_users[userentry.user()] = userentry system_users.save() userchange = False as_node('/services/User Manager').remove_user(usernode.name) if shadowchange: # /etc/shadow file changed, set user into user dicationary # in case user was newly created, and save back file. system_shadow[shadowentry.user()] = shadowentry system_shadow.save() shadowchange = False if groupchange: # Group file changed, set user into groups dicationary # in case group was newly created, and save back file. system_groups[groupentry.group()] = groupentry system_groups.save() groupchange = False roles = usernode.roles[:] if self.role_manager.administrator.name in roles: if userentry.user_type() != 'mpxadmin': userchange = True shadowchange = True groupchange = True userentry.user_type('mpxadmin', system_users, system_groups) self.output_message( 'made user "%s" into "mpxadmin" type.' % username) if username in system_groups: group = system_groups[username] if userentry.gid() != group.gid(): users = group.user_list() if len(users) == 0: del (system_groups[username]) groupchange = True message = 'removed group "%s". ' % username message += 'Group no longer referenced.' else: message = 'not removing group "%s". ' % username message += 'Still has users %s.' % (users, ) self.output_message(message) elif userentry.user_type() == 'mpxadmin': message = 'System Administrator cannot be demoted. ' message += 'User "%s" must be removed in order to demote.' raise TypeError(message % username) if userchange: system_users.save() userchange = False username = usernode.name if usernode else currentname as_node('/services/User Manager').remove_user(username) if shadowchange: system_shadow.save() shadowchange = False if groupchange: system_groups.save() userchange = False return (userchange or groupchange or shadowchange)