def add_princ(self, uid, password=None):
'''
Adds a Kerberos principal.
uid: the user id for the principal
password: (optional) a string consisting of the user's password; if no
string is provided the user will be prompted to enter one
'''
if password is None:
password = get_user_password(
'Enter password for principal %s@%s: ' % (uid, REALM))
debug('Adding Kerberos principal...')
self.krb_wics.addprinc('%s@%s' % (uid, REALM), password)
def main():
'CLI dispatch logic'
def print_usage():
print '''
Usage: python weo.py [OPTIONS...]
-h, --help Prints this help message
-v Turns on verbose mode
Standard commands
-----------------
--renew Renews a user's account. Can optionally
specify number of terms, up to three (i.e.
--num-terms=2). Must specify --username
--adduser Adds a user. Must also specify
--username and --fullname
--addgroup Adds a group. Must also specify
--groupname and --groupdesc
--add-user-to-group Adds a user to a group. Must also specify
--groupname and --username
--remove-user-from-group Removes a user from a group. Must
also specify --groupname and --username
Parameters:
--username=[name] A user's id. Must be 3-8 lowercase ASCII
characters.
--fullname=["N. Ame"] A user's full name. Use quotes if it
contains spaces.
--groupname=[name] A group's id. Must be 3-10 lowercase ASCII
characters.
--groupdesc=["D Esc"] A group's description. Use quotes if it
contains spaces.
Advanced commands
-----------------
LDAP Only:
--add-ldap-user Adds a user to the LDAP database. Must also
specify --username and --fullname
--unlock-nextuid Unlocks the special nextuid user.
--unlock-nextgid Unlocks the special nextgid group.
Kerberos Only:
--add-krb-princ Adds a Kerberos principal for a user. Must
also specify --username
'''
# getopt returns options and arguments, but we take no arguments
(opts, _) = getopt.getopt(
sys.argv[1:],
'hv',
[
'help',
'unlock-nextuid',
'unlock-nextgid',
'add-ldap-user',
'add-krb-princ',
'adduser',
'addgroup',
'add-user-to-group',
'remove-user-from-group',
'renew',
'username='******'fullname=',
'groupname=',
'groupdesc=',
'num-terms=',
])
opts = dict(opts)
if '-v' in opts:
weo.log.VERBOSE = True
verbose('opts: ' + str(opts))
if not opts or '--help' in opts or '-h' in opts:
print_usage()
sys.exit(0)
if '--add-ldap-user' in opts:
if opts.get('--username') and opts.get('--fullname'):
username = check_username(opts['--username'])
debug('Okay, adding user %s' % username)
l = wics_ldap()
l.add_user(username, opts['--fullname'])
exit_with_msg(
'Failed to add user %s :(' % username,
'User %s successfully added.' % username)
if '--add-krb-princ' in opts:
if opts.get('--username'):
username = check_username(opts['--username'])
debug('Okay, adding Kerberos principal %s@%s' %
(username, REALM))
k = wics_krb5()
k.add_princ(username)
exit_with_msg(
'Failed to add Kerberos principal %s@%s :(' % (username,
REALM),
'Principal %s@%s successfully added.' % (username, REALM))
if '--adduser' in opts:
if opts.get('--username') and opts.get('--fullname'):
username = check_username(opts['--username'])
debug('Okay, adding user %s' % username)
# Throws an exception before opening LDAP/KRB connections
# if passwords don't match
password = get_user_password(
"Please enter the new user's password: ")
l = wics_ldap()
k = wics_krb5()
l.add_user(username, opts['--fullname'])
k.add_princ(username, password=password)
exit_with_msg(
'Failed to add user %s :(' % username,
'User %s successfully added.' % username)
if '--addgroup' in opts:
if opts.get('--groupname') and opts.get('--groupdesc'):
groupname = check_username(opts['--groupname'], maxlen=10)
debug('Okay, adding group %s' % groupname)
l = wics_ldap()
l.add_group(groupname, opts['--groupdesc'])
exit_with_msg(
'Failed to add group %s :(' % groupname,
'Group %s successfully added.' % groupname)
if '--add-user-to-group' in opts:
if opts.get('--username') and opts.get('--groupname'):
username = opts['--username']
groupname = opts['--groupname']
debug('Okay, adding user %s to group %s' % (username, groupname))
l = wics_ldap()
l.add_user_to_group(groupname, username)
exit_with_msg(
'Failed to add user %s to group %s :(' % (username, groupname),
'User %s successfully added to group %s' %
(username, groupname))
if '--remove-user-from-group' in opts:
if opts.get('--username') and opts.get('--groupname'):
username = opts['--username']
groupname = opts['--groupname']
debug('Okay, removing user %s from group %s' %
(username, groupname))
l = wics_ldap()
l.remove_user_from_group(groupname, username)
exit_with_msg(
'Failed to remove user %s from group %s :(' %
(username, groupname),
'User %s successfully removed from group %s' %
(username, groupname))
if '--renew' in opts:
if opts.get('--username'):
username = opts['--username']
num_terms = opts.get('--num-terms')
l = wics_ldap()
if num_terms is not None:
debug('Okay, renewing user %s for %s terms' %
(username, num_terms))
l.renew_user(username, num_terms=int(num_terms))
else:
debug('Okay, renewing user %s' % username)
l.renew_user(username)
exit_with_msg(
'Failed to renew user %s for specified terms :(' % username,
'User %s successfully renewed!' % username)
if '--unlock-nextuid' in opts:
l = wics_ldap()
l.unlock('uid=inuse,ou=People,' + BASE, 'uid=nextuid')
sys.exit(0)
if '--unlock-nextgid' in opts:
l = wics_ldap()
l.unlock('cn=inuse,ou=Group,' + BASE, 'cn=nextgid')
sys.exit(0)