def update(name,
password=None,
fullname=None,
description=None,
home=None,
homedrive=None,
logonscript=None,
profile=None,
expiration_date=None,
expired=None,
account_disabled=None,
unlock_account=None,
password_never_expires=None,
disallow_change_password=None):
# pylint: disable=anomalous-backslash-in-string
'''
Updates settings for the windows user. Name is the only required parameter.
Settings will only be changed if the parameter is passed a value.
.. versionadded:: 2015.8.0
Args:
name (str): The user name to update.
password (str, optional): New user password in plain text.
fullname (str, optional): The user's full name.
description (str, optional): A brief description of the user account.
home (str, optional): The path to the user's home directory.
homedrive (str, optional): The drive letter to assign to the home
directory. Must be the Drive Letter followed by a colon. ie: U:
logonscript (str, optional): The path to the logon script.
profile (str, optional): The path to the user's profile directory.
expiration_date (date, optional): The date and time when the account
expires. Can be a valid date/time string. To set to never expire
pass the string 'Never'.
expired (bool, optional): Pass `True` to expire the account. The user
will be prompted to change their password at the next logon. Pass
`False` to mark the account as 'not expired'. You can't use this to
negate the expiration if the expiration was caused by the account
expiring. You'll have to change the `expiration_date` as well.
account_disabled (bool, optional): True disables the account. False
enables the account.
unlock_account (bool, optional): True unlocks a locked user account.
False is ignored.
password_never_expires (bool, optional): True sets the password to never
expire. False allows the password to expire.
disallow_change_password (bool, optional): True blocks the user from
changing the password. False allows the user to change the password.
Returns:
bool: True if successful. False is unsuccessful.
CLI Example:
.. code-block:: bash
salt '*' user.update bob password=secret profile=C:\\Users\\Bob
home=\\server\homeshare\bob homedrive=U:
'''
# pylint: enable=anomalous-backslash-in-string
if six.PY2:
name = _to_unicode(name)
password = _to_unicode(password)
fullname = _to_unicode(fullname)
description = _to_unicode(description)
home = _to_unicode(home)
homedrive = _to_unicode(homedrive)
logonscript = _to_unicode(logonscript)
profile = _to_unicode(profile)
# Make sure the user exists
# Return an object containing current settings for the user
try:
user_info = win32net.NetUserGetInfo(None, name, 4)
except win32net.error as exc:
log.error('Failed to update user %s', name)
log.error('nbr: %s', exc.winerror)
log.error('ctx: %s', exc.funcname)
log.error('msg: %s', exc.strerror)
return False
# Check parameters to update
# Update the user object with new settings
if password:
user_info['password'] = password
if home:
user_info['home_dir'] = home
if homedrive:
user_info['home_dir_drive'] = homedrive
if description:
user_info['comment'] = description
if logonscript:
user_info['script_path'] = logonscript
if fullname:
user_info['full_name'] = fullname
if profile:
user_info['profile'] = profile
if expiration_date:
if expiration_date == 'Never':
user_info['acct_expires'] = win32netcon.TIMEQ_FOREVER
else:
try:
dt_obj = salt.utils.dateutils.date_cast(expiration_date)
except (ValueError, RuntimeError):
return 'Invalid Date/Time Format: {0}'.format(expiration_date)
user_info['acct_expires'] = time.mktime(dt_obj.timetuple())
if expired is not None:
if expired:
user_info['password_expired'] = 1
else:
user_info['password_expired'] = 0
if account_disabled is not None:
if account_disabled:
user_info['flags'] |= win32netcon.UF_ACCOUNTDISABLE
else:
user_info['flags'] &= ~win32netcon.UF_ACCOUNTDISABLE
if unlock_account is not None:
if unlock_account:
user_info['flags'] &= ~win32netcon.UF_LOCKOUT
if password_never_expires is not None:
if password_never_expires:
user_info['flags'] |= win32netcon.UF_DONT_EXPIRE_PASSWD
else:
user_info['flags'] &= ~win32netcon.UF_DONT_EXPIRE_PASSWD
if disallow_change_password is not None:
if disallow_change_password:
user_info['flags'] |= win32netcon.UF_PASSWD_CANT_CHANGE
else:
user_info['flags'] &= ~win32netcon.UF_PASSWD_CANT_CHANGE
# Apply new settings
try:
win32net.NetUserSetInfo(None, name, 4, user_info)
except win32net.error as exc:
log.error('Failed to update user %s', name)
log.error('nbr: %s', exc.winerror)
log.error('ctx: %s', exc.funcname)
log.error('msg: %s', exc.strerror)
return False
return True
def delete(name, purge=False, force=False):
'''
Remove a user from the minion
Args:
name (str): The name of the user to delete
purge (bool, optional): Boolean value indicating that the user profile
should also be removed when the user account is deleted. If set to
True the profile will be removed. Default is False.
force (bool, optional): Boolean value indicating that the user account
should be deleted even if the user is logged in. True will log the
user out and delete user.
Returns:
bool: True if successful, otherwise False
CLI Example:
.. code-block:: bash
salt '*' user.delete name
'''
if six.PY2:
name = _to_unicode(name)
# Check if the user exists
try:
user_info = win32net.NetUserGetInfo(None, name, 4)
except win32net.error as exc:
log.error('User not found: %s', name)
log.error('nbr: %s', exc.winerror)
log.error('ctx: %s', exc.funcname)
log.error('msg: %s', exc.strerror)
return False
# Check if the user is logged in
# Return a list of logged in users
try:
sess_list = win32ts.WTSEnumerateSessions()
except win32ts.error as exc:
log.error('No logged in users found')
log.error('nbr: %s', exc.winerror)
log.error('ctx: %s', exc.funcname)
log.error('msg: %s', exc.strerror)
# Is the user one that is logged in
logged_in = False
session_id = None
for sess in sess_list:
if win32ts.WTSQuerySessionInformation(None, sess['SessionId'],
win32ts.WTSUserName) == name:
session_id = sess['SessionId']
logged_in = True
# If logged in and set to force, log the user out and continue
# If logged in and not set to force, return false
if logged_in:
if force:
try:
win32ts.WTSLogoffSession(win32ts.WTS_CURRENT_SERVER_HANDLE,
session_id, True)
except win32ts.error as exc:
log.error('User not found: %s', name)
log.error('nbr: %s', exc.winerror)
log.error('ctx: %s', exc.funcname)
log.error('msg: %s', exc.strerror)
return False
else:
log.error('User %s is currently logged in.', name)
return False
# Remove the User Profile directory
if purge:
try:
sid = getUserSid(name)
win32profile.DeleteProfile(sid)
except pywintypes.error as exc:
(number, context, message) = exc.args
if number == 2: # Profile Folder Not Found
pass
else:
log.error('Failed to remove profile for %s', name)
log.error('nbr: %s', exc.winerror)
log.error('ctx: %s', exc.funcname)
log.error('msg: %s', exc.strerror)
return False
# And finally remove the user account
try:
win32net.NetUserDel(None, name)
except win32net.error as exc:
log.error('Failed to delete user %s', name)
log.error('nbr: %s', exc.winerror)
log.error('ctx: %s', exc.funcname)
log.error('msg: %s', exc.strerror)
return False
return True
def info(name):
'''
Return user information
Args:
name (str): Username for which to display information
Returns:
dict: A dictionary containing user information
- fullname
- username
- SID
- passwd (will always return None)
- comment (same as description, left here for backwards compatibility)
- description
- active
- logonscript
- profile
- home
- homedrive
- groups
- password_changed
- successful_logon_attempts
- failed_logon_attempts
- last_logon
- account_disabled
- account_locked
- password_never_expires
- disallow_change_password
- gid
CLI Example:
.. code-block:: bash
salt '*' user.info jsnuffy
'''
if six.PY2:
name = _to_unicode(name)
ret = {}
items = {}
try:
items = win32net.NetUserGetInfo(None, name, 4)
except win32net.error:
pass
if items:
groups = []
try:
groups = win32net.NetUserGetLocalGroups(None, name)
except win32net.error:
pass
ret['fullname'] = items['full_name']
ret['name'] = items['name']
ret['uid'] = win32security.ConvertSidToStringSid(items['user_sid'])
ret['passwd'] = items['password']
ret['comment'] = items['comment']
ret['description'] = items['comment']
ret['active'] = (
not bool(items['flags'] & win32netcon.UF_ACCOUNTDISABLE))
ret['logonscript'] = items['script_path']
ret['profile'] = items['profile']
ret['failed_logon_attempts'] = items['bad_pw_count']
ret['successful_logon_attempts'] = items['num_logons']
secs = time.mktime(datetime.now().timetuple()) - items['password_age']
ret['password_changed'] = datetime.fromtimestamp(secs). \
strftime('%Y-%m-%d %H:%M:%S')
if items['last_logon'] == 0:
ret['last_logon'] = 'Never'
else:
ret['last_logon'] = datetime.fromtimestamp(items['last_logon']).\
strftime('%Y-%m-%d %H:%M:%S')
ret['expiration_date'] = datetime.fromtimestamp(items['acct_expires']).\
strftime('%Y-%m-%d %H:%M:%S')
ret['expired'] = items['password_expired'] == 1
if not ret['profile']:
ret['profile'] = _get_userprofile_from_registry(name, ret['uid'])
ret['home'] = items['home_dir']
ret['homedrive'] = items['home_dir_drive']
if not ret['home']:
ret['home'] = ret['profile']
ret['groups'] = groups
if items['flags'] & win32netcon.UF_DONT_EXPIRE_PASSWD == 0:
ret['password_never_expires'] = False
else:
ret['password_never_expires'] = True
if items['flags'] & win32netcon.UF_ACCOUNTDISABLE == 0:
ret['account_disabled'] = False
else:
ret['account_disabled'] = True
if items['flags'] & win32netcon.UF_LOCKOUT == 0:
ret['account_locked'] = False
else:
ret['account_locked'] = True
if items['flags'] & win32netcon.UF_PASSWD_CANT_CHANGE == 0:
ret['disallow_change_password'] = False
else:
ret['disallow_change_password'] = True
ret['gid'] = ''
return ret
else:
return {}
def update(name,
password=None,
fullname=None,
description=None,
home=None,
homedrive=None,
logonscript=None,
profile=None,
expiration_date=None,
expired=None,
account_disabled=None,
unlock_account=None,
password_never_expires=None,
disallow_change_password=None):
r'''
Updates settings for the windows user. Name is the only required parameter.
Settings will only be changed if the parameter is passed a value.
.. versionadded:: 2015.8.0
:param str name:
The user name to update.
:param str password:
New user password in plain text.
:param str fullname:
The user's full name.
:param str description:
A brief description of the user account.
:param str home:
The path to the user's home directory.
:param str homedrive:
The drive letter to assign to the home directory. Must be the Drive Letter
followed by a colon. ie: U:
:param str logonscript:
The path to the logon script.
:param str profile:
The path to the user's profile directory.
:param date expiration_date: The date and time when the account expires. Can
be a valid date/time string. To set to never expire pass the string 'Never'.
:param bool expired: Pass `True` to expire the account. The user will be
prompted to change their password at the next logon. Pass `False` to mark
the account as 'not expired'. You can't use this to negate the expiration if
the expiration was caused by the account expiring. You'll have to change
the `expiration_date` as well.
:param bool account_disabled: True disables the account. False enables the
account.
:param bool unlock_account: True unlocks a locked user account. False is
ignored.
:param bool password_never_expires: True sets the password to never expire.
False allows the password to expire.
:param bool disallow_change_password: True blocks the user from changing
the password. False allows the user to change the password.
:return: True if successful. False is unsuccessful.
:rtype: bool
CLI Example:
.. code-block:: bash
salt '*' user.update bob password=secret profile=C:\Users\Bob
home=\\server\homeshare\bob homedrive=U:
'''
# Make sure the user exists
# Return an object containing current settings for the user
try:
user_info = win32net.NetUserGetInfo(None, name, 4)
except win32net.error as exc:
(number, context, message) = exc
log.error('Failed to update user {0}'.format(name))
log.error('nbr: {0}'.format(number))
log.error('ctx: {0}'.format(context))
log.error('msg: {0}'.format(message))
return False
# Check parameters to update
# Update the user object with new settings
if password:
user_info['password'] = password
if home:
user_info['home_dir'] = home
if homedrive:
user_info['home_dir_drive'] = homedrive
if description:
user_info['comment'] = description
if logonscript:
user_info['script_path'] = logonscript
if fullname:
user_info['full_name'] = fullname
if profile:
user_info['profile'] = profile
if expiration_date:
if expiration_date == 'Never':
user_info['acct_expires'] = win32netcon.TIMEQ_FOREVER
else:
try:
dt_obj = salt.utils.date_cast(expiration_date)
except (ValueError, RuntimeError):
return 'Invalid Date/Time Format: {0}'.format(expiration_date)
user_info['acct_expires'] = time.mktime(dt_obj.timetuple())
if expired is not None:
if expired:
user_info['password_expired'] = 1
else:
user_info['password_expired'] = 0
if account_disabled is not None:
if account_disabled:
user_info['flags'] |= win32netcon.UF_ACCOUNTDISABLE
else:
user_info['flags'] ^= win32netcon.UF_ACCOUNTDISABLE
if unlock_account is not None:
if unlock_account:
user_info['flags'] ^= win32netcon.UF_LOCKOUT
if password_never_expires is not None:
if password_never_expires:
user_info['flags'] |= win32netcon.UF_DONT_EXPIRE_PASSWD
else:
user_info['flags'] ^= win32netcon.UF_DONT_EXPIRE_PASSWD
if disallow_change_password is not None:
if disallow_change_password:
user_info['flags'] |= win32netcon.UF_PASSWD_CANT_CHANGE
else:
user_info['flags'] ^= win32netcon.UF_PASSWD_CANT_CHANGE
# Apply new settings
try:
win32net.NetUserSetInfo(None, name, 4, user_info)
except win32net.error as exc:
(number, context, message) = exc
log.error('Failed to update user {0}'.format(name))
log.error('nbr: {0}'.format(number))
log.error('ctx: {0}'.format(context))
log.error('msg: {0}'.format(message))
return False
return True
def delete(name,
purge=False,
force=False):
'''
Remove a user from the minion
:param str name:
The name of the user to delete
:param bool purge:
Boolean value indicating that the user profile should also be removed when
the user account is deleted. If set to True the profile will be removed.
:param bool force:
Boolean value indicating that the user account should be deleted even if the
user is logged in. True will log the user out and delete user.
:return:
True if successful
:rtype: bool
CLI Example:
.. code-block:: bash
salt '*' user.delete name
'''
# Check if the user exists
try:
user_info = win32net.NetUserGetInfo(None, name, 4)
except win32net.error as exc:
(number, context, message) = exc
log.error('User not found: {0}'.format(name))
log.error('nbr: {0}'.format(number))
log.error('ctx: {0}'.format(context))
log.error('msg: {0}'.format(message))
return False
# Check if the user is logged in
# Return a list of logged in users
try:
sess_list = win32ts.WTSEnumerateSessions()
except win32ts.error as exc:
(number, context, message) = exc
log.error('No logged in users found')
log.error('nbr: {0}'.format(number))
log.error('ctx: {0}'.format(context))
log.error('msg: {0}'.format(message))
# Is the user one that is logged in
logged_in = False
session_id = None
for sess in sess_list:
if win32ts.WTSQuerySessionInformation(None, sess['SessionId'], win32ts.WTSUserName) == name:
session_id = sess['SessionId']
logged_in = True
# If logged in and set to force, log the user out and continue
# If logged in and not set to force, return false
if logged_in:
if force:
try:
win32ts.WTSLogoffSession(win32ts.WTS_CURRENT_SERVER_HANDLE, session_id, True)
except win32ts.error as exc:
(number, context, message) = exc
log.error('User not found: {0}'.format(name))
log.error('nbr: {0}'.format(number))
log.error('ctx: {0}'.format(context))
log.error('msg: {0}'.format(message))
return False
else:
log.error('User {0} is currently logged in.'.format(name))
return False
# Remove the User Profile directory
if purge:
try:
sid = getUserSid(name)
win32profile.DeleteProfile(sid)
except pywintypes.error as exc:
(number, context, message) = exc
if number == 2: # Profile Folder Not Found
pass
else:
log.error('Failed to remove profile for {0}'.format(name))
log.error('nbr: {0}'.format(number))
log.error('ctx: {0}'.format(context))
log.error('msg: {0}'.format(message))
return False
# And finally remove the user account
try:
win32net.NetUserDel(None, name)
except win32net.error as exc:
(number, context, message) = exc
log.error('Failed to delete user {0}'.format(name))
log.error('nbr: {0}'.format(number))
log.error('ctx: {0}'.format(context))
log.error('msg: {0}'.format(message))
return False
return True
def getDomainUser(username, domain=None, info_level=0):
if userExists(username, domain):
return win32net.NetUserGetInfo(domain, username, info_level)
else:
return None
def userExists(username, domain=None):
try:
win32net.NetUserGetInfo(domain, username, 0)
return True
except:
return False
def startAutomation(**kwargs):
# kwargs arguments.
project = kwargs.get('project')
test_run_id = kwargs.get('test_run_id')
try:
# Complete name (if is using the VPN).
full_name = win32net.NetUserGetInfo(win32net.NetGetAnyDCName(),
win32api.GetUserName(),
2)["full_name"]
except:
# Windows login (if is not using the VPN).
full_name = os.getlogin()
try:
testsetpathmanual = Aux.directories["EvidenceFolderManual"]
Aux.createDirectory(testsetpathmanual)
# Execute the action to get the manual evidences.
test_case_id_list, n_iterations_list, id_azure_list, n_test_case_list = Azure.manualEvidences(
project, test_run_id)
for test_case_id in test_case_id_list:
list_steps, name_testcase, summary, cont_steps, change_download_config = Azure.startSteps(
project, test_case_id)
step_initial = 0
step_final = cont_steps
n_print = 0
n_iterations = n_iterations_list.pop(
0) # Get the number of the iterations for the test order.
id_azure = id_azure_list.pop(0)
n_test_case = n_test_case_list.pop(0)
# Create the TestSet folder.
testsetpath = os.path.join(
Aux.directories["EvidenceFolder"],
Aux.otherConfigs["ETSName"] + str(test_case_id) + " - " +
name_testcase)
if os.path.exists(testsetpath):
shutil.rmtree(testsetpath)
os.makedirs(testsetpath)
Aux.addLogs("General", Aux.logs["EvidenceFolder"])
Aux.createDirectory(testsetpath)
print(
f"{classes.Textcolor.WARNING}{Aux.otherConfigs['GeneratingEvidence']['Msg']}"
f"{classes.Textcolor.END}\n")
# Create an EST file.
word_path = Aux.directories["ESTFile"] + ' ' + Aux.otherConfigs[
"Language"] + '.docx'
# Create evidence step by step per Iteration.
for n_iteration in range(1, n_iterations + 1):
# Move the prints to the correct folder and rename the evidences - Order by older first.
filenames = os.listdir(Aux.directories["EvidenceFolderManual"])
for filename in filenames:
if n_print == cont_steps: break
if (filename.endswith("png")) and \
(("CT" + str(n_test_case) + "-IT" + str(n_iteration)) in filename):
file_newname = 'Screenshot_' + str(n_print) + '.png'
# Rename the prints and move to the correct Test Case folder.
os.rename(
os.path.join(testsetpathmanual, filename),
os.path.join(testsetpathmanual, file_newname))
shutil.move(
os.path.join(testsetpathmanual, file_newname),
testsetpath)
n_print += 1
n_print = 0
est = Aux.wordAddSteps(
test_run_id, test_case_id,
name_testcase + " - ITERATION " + str(n_iteration),
summary, word_path, testsetpath,
list_steps[step_initial:step_final], "OK", full_name)
if est is None:
Aux.addLogs(
"General", Aux.logs["ErrorEST"],
name_testcase + " - ITERATION " + str(n_iteration))
pdf = Aux.wordToPDF(est)
if pdf is None:
Aux.addLogs(
"General", Aux.logs["ErrorConvertPDF"],
name_testcase + " - ITERATION " + str(n_iteration))
if (est is not None) and (pdf is not None):
# Add the evidence to the Run and the Test case.
Aux.addLogs(
"General", Aux.logs["ConvertPDF"],
name_testcase + " - ITERATION " + str(n_iteration))
Azure.SaveEvidenceRun(
project, test_run_id, id_azure,
Aux.directories["EvidenceFolder"],
Aux.otherConfigs["ETSName"] + str(test_case_id) +
" - " + name_testcase, n_iteration)
Azure.SaveEvidenceTestCase(
project, Aux.directories["EvidenceFolder"],
test_case_id, Aux.otherConfigs["ETSName"] +
str(test_case_id) + " - " + name_testcase, n_iteration)
# Clear the evidences prints.
Aux.deleteFiles(path_log=testsetpath, extension="png")
n_test_case += 1
shutil.rmtree(testsetpathmanual)
except Exception as ex:
print(
f"{classes.Textcolor.FAIL}{Aux.logs['ErrorStartAutomation']['Msg']}{classes.Textcolor.END}",
ex)
Aux.addLogs("General", Aux.logs["ErrorStartAutomation"], str(ex))
exit(1)
Aux.addLogs("EndExecution")
def get_display_name():
user_info = win32net.NetUserGetInfo(win32net.NetGetAnyDCName(),
win32api.GetUserName(), 2)
fullname = user_info["full_name"]
return fullname
win32cred.CredWrite(cred)
pwd = None
print win32cred.CredRead(target, win32cred.CRED_TYPE_DOMAIN_PASSWORD)
## Marshal saved credential and use it to log on
mc = win32cred.CredMarshalCredential(win32cred.UsernameTargetCredential,
target)
th = win32security.LogonUser(mc, None, '', win32con.LOGON32_LOGON_INTERACTIVE,
win32con.LOGON32_PROVIDER_DEFAULT)
win32security.ImpersonateLoggedOnUser(th)
print 'GetUserName:'******'s profile. (first check if user has a roaming profile)
username, domain = win32cred.CredUIParseUserName(target)
user_info_4 = win32net.NetUserGetInfo(None, username, 4)
profilepath = user_info_4['profile']
## LoadUserProfile apparently doesn't like an empty string
if not profilepath:
profilepath = None
## leave Flags in since 2.3 still chokes on some types of optional keyword args
hk = win32profile.LoadUserProfile(th, {
'UserName': username,
'Flags': 0,
'ProfilePath': profilepath
})
## Get user's environment variables in a form that can be passed to win32process.CreateProcessAsUser
env = win32profile.CreateEnvironmentBlock(th, False)
## Cleanup should probably be in a finally block
def action(objectxmpp, action, sessionid, data, message, dataerreur):
logging.getLogger().debug(
"###################################################")
logging.getLogger().debug("call %s from %s" % (plugin, message['from']))
logging.getLogger().debug(
"###################################################")
dataerreur = {
"action": "result" + action,
"data": {
"msg": "error plugin : " + action
},
'sessionid': sessionid,
'ret': 255,
'base64': False
}
if objectxmpp.config.agenttype in ['machine']:
logging.getLogger().debug(
"#######################################################")
logging.getLogger().debug(
"##############AGENT INSTALL KEY MACHINE################")
logging.getLogger().debug(
"#######################################################")
if not 'key' in data:
objectxmpp.send_message_agent(message['from'],
dataerreur,
mtype='chat')
return
#install keypub on AM
if sys.platform.startswith('linux'):
import pwd
import grp
#verify compte pulse exist
try:
uid = pwd.getpwnam("pulseuser").pw_uid
gid = grp.getgrnam("pulseuser").gr_gid
gidroot = grp.getgrnam("root").gr_gid
except:
#le compte n'existe pas
result = simplecommand(
encode_strconsole(
"adduser --system --group --home /var/lib/pulse2 --shell /bin/rbash --disabled-password pulseuser"
))
uid = pwd.getpwnam("pulseuser").pw_uid
gid = grp.getgrnam("pulseuser").gr_gid
gidroot = grp.getgrnam("root").gr_gid
authorized_keys_path = os.path.join(
os.path.expanduser('~pulseuser'), '.ssh', 'authorized_keys')
if not os.path.isdir(os.path.dirname(authorized_keys_path)):
os.makedirs(os.path.dirname(authorized_keys_path), 0700)
if not os.path.isfile(authorized_keys_path):
file_put_contents(authorized_keys_path, "")
os.chown(os.path.dirname(authorized_keys_path), uid, gid)
os.chown(authorized_keys_path, uid, gid)
os.chown(authorized_keys_path, uid, gid)
packagepath = os.path.join(os.path.expanduser('~pulseuser'),
'packages')
pathuser = os.path.join(os.path.expanduser('~pulseuser'))
if not os.path.isdir(pathuser):
os.chmod(pathuser, 751)
if not os.path.isdir(packagepath):
os.makedirs(packagepath, 0764)
os.chown(packagepath, uid, gidroot)
os.chmod(os.path.dirname(authorized_keys_path), 0700)
os.chmod(authorized_keys_path, 0644)
os.chmod(packagepath, 0764)
result = simplecommand(
encode_strconsole("chown -R pulseuser: '******'"))
elif sys.platform.startswith('win'):
import win32net
# check if pulse account exists
try:
win32net.NetUserGetInfo('', 'pulse', 0)
except:
# pulse account doesn't exist
pulseuserpassword = uuid.uuid4().hex
pulseuserhome = os.path.join(os.environ["ProgramFiles"],
'Pulse')
result = simplecommand(
encode_strconsole(
'net user "pulse" "%s" /ADD /COMMENT:"Pulse user with admin rights on the system" /PROFILEPATH:"%s"'
% (pulseuserpassword, pulseuserhome)))
logging.getLogger().debug("Creation of pulse user: %s" %
result)
authorized_keys_path = os.path.join(os.environ["ProgramFiles"],
'Pulse', '.ssh',
'authorized_keys')
if not os.path.isdir(os.path.dirname(authorized_keys_path)):
os.makedirs(os.path.dirname(authorized_keys_path), 0700)
if not os.path.isfile(authorized_keys_path):
file_put_contents(authorized_keys_path, "")
currentdir = os.getcwd()
os.chdir(os.path.join(os.environ["ProgramFiles"], 'OpenSSH'))
result = simplecommand(
encode_strconsole(
'powershell -ExecutionPolicy Bypass -Command ". .\FixHostFilePermissions.ps1 -Confirm:$false"'
))
os.chdir(currentdir)
logging.getLogger().debug(
"Reset of permissions on ssh keys and folders: %s" % result)
elif sys.platform.startswith('darwin'):
authorized_keys_path = os.path.join(
os.path.join(os.path.expanduser('~pulse'), '.ssh',
'authorized_keys'))
else:
return
authorized_keys_content = file_get_contents(authorized_keys_path)
if not data['key'] in authorized_keys_content:
#add en append la key dans le fichier
file_put_contents_w_a(authorized_keys_path, data['key'], "a")
logging.getLogger().debug("install key ARS [%s]" % message['from'])
if sessionid.startswith("command"):
notify = "Notify | QuickAction"
else:
notify = "Deployment | Cluster | Notify"
objectxmpp.xmpplog('INSTALL key ARS %s on AM %s' %
(message['from'], objectxmpp.boundjid.bare),
type='deploy',
sessionname=sessionid,
priority=-1,
action="",
who=objectxmpp.boundjid.bare,
how="",
why="",
module=notify,
date=None,
fromuser="",
touser="")
else:
logging.getLogger().warning(
"key ARS [%s] : is already installed." % message['from'])
#if on veut que ce soit notifier dans le deployement
#if sessionid.startswith("command"):
#notify = "Notify | QuickAction"
#else:
#notify = "Deployment | Cluster | Notify"
#objectxmpp.xmpplog("key ARS [%s] : is already installed on AM %s."%(message['from'], objectxmpp.boundjid.bare),
#type = 'deploy',
#sessionname = sessionid,
#priority = -1,
#action = "",
#who = objectxmpp.boundjid.bare,
#how = "",
#why = "",
#module = notify,
#date = None ,
#fromuser = "",
#touser = "")
else:
logging.getLogger().debug(
"#######################################################")
logging.getLogger().debug(
"##############AGENT RELAY SERVER KEY MACHINE###########")
logging.getLogger().debug(
"#######################################################")
# send keupub ARM TO AM
# ARM ONLY DEBIAN
# lit la key Public
key = ""
key = file_get_contents(os.path.join('/', 'root', '.ssh',
'id_rsa.pub'))
if key == "":
dataerreur['data'][
'msg'] = "%s : KEY ARM MISSING" % dataerreur['data']['msg']
objectxmpp.send_message_agent(message['from'],
dataerreur,
mtype='chat')
return
if not 'jidAM' in data:
dataerreur['data'][
'msg'] = "%s JID AM MISSING" % dataerreur['data']['msg']
objectxmpp.send_message_agent(message['from'],
dataerreur,
mtype='chat')
return
datasend = {
"action": action,
"data": {
"key": key
},
'sessionid': sessionid,
'ret': 255,
'base64': False
}
objectxmpp.send_message_agent(data['jidAM'], datasend, mtype='chat')
def info(name):
'''
Return user information
:param str name:
Username for which to display information
:returns:
A dictionary containing user information
- fullname
- username
- SID
- passwd (will always return None)
- comment (same as description, left here for backwards compatibility)
- description
- active
- logonscript
- profile
- home
- homedrive
- groups
- gid
:rtype: dict
CLI Example:
.. code-block:: bash
salt '*' user.info jsnuffy
'''
ret = {}
items = {}
try:
items = win32net.NetUserGetInfo(None, name, 4)
except win32net.error:
pass
if items:
groups = []
try:
groups = win32net.NetUserGetLocalGroups(None, name)
except win32net.error:
pass
ret['fullname'] = items['full_name']
ret['name'] = items['name']
ret['uid'] = win32security.ConvertSidToStringSid(items['user_sid'])
ret['passwd'] = items['password']
ret['comment'] = items['comment']
ret['description'] = items['comment']
ret['active'] = (
not bool(items['flags'] & win32netcon.UF_ACCOUNTDISABLE))
ret['logonscript'] = items['script_path']
ret['profile'] = items['profile']
if not ret['profile']:
ret['profile'] = _get_userprofile_from_registry(name, ret['uid'])
ret['home'] = items['home_dir']
ret['homedrive'] = items['home_dir_drive']
if not ret['home']:
ret['home'] = ret['profile']
ret['groups'] = groups
ret['gid'] = ''
return ret
def update(name,
password=None,
fullname=None,
description=None,
home=None,
homedrive=None,
logonscript=None,
profile=None):
r'''
Updates settings for the windows user. Name is the only required parameter.
Settings will only be changed if the parameter is passed a value.
.. versionadded:: 2015.8.0
:param str name:
The user name to update.
:param str password:
New user password in plain text.
:param str fullname:
The user's full name.
:param str description:
A brief description of the user account.
:param str home:
The path to the user's home directory.
:param str homedrive:
The drive letter to assign to the home directory. Must be the Drive Letter
followed by a colon. ie: U:
:param str logonscript:
The path to the logon script.
:param str profile:
The path to the user's profile directory.
:return:
True if successful. False is unsuccessful.
:rtype: bool
CLI Example:
.. code-block:: bash
salt '*' user.update bob password=secret profile=C:\Users\Bob
home=\\server\homeshare\bob homedrive=U:
'''
# Make sure the user exists
# Return an object containing current settings for the user
try:
user_info = win32net.NetUserGetInfo(None, name, 4)
except win32net.error as exc:
(number, context, message) = exc
log.error('Failed to update user {0}'.format(name))
log.error('nbr: {0}'.format(number))
log.error('ctx: {0}'.format(context))
log.error('msg: {0}'.format(message))
return False
# Check parameters to update
# Update the user object with new settings
if password:
user_info['password'] = password
if home:
user_info['home_dir'] = home
if homedrive:
user_info['home_dir_drive'] = homedrive
if description:
user_info['comment'] = description
if logonscript:
user_info['script_path'] = logonscript
if fullname:
user_info['full_name'] = fullname
if profile:
user_info['profile'] = profile
# Apply new settings
try:
win32net.NetUserSetInfo(None, name, 4, user_info)
except win32net.error as exc:
(number, context, message) = exc
log.error('Failed to update user {0}'.format(name))
log.error('nbr: {0}'.format(number))
log.error('ctx: {0}'.format(context))
log.error('msg: {0}'.format(message))
return False
return True
# DEFAULT_USER_DIR
# DEFAULT_USER_CONFIG
# DEFAULT_SYSTEM_DIR
##################################################
IS_WINDOWS = sys.platform.lower().startswith("win")
LOCAL_USER_ID = LOCAL_USERNAME = getpass.getuser()
LOCAL_USERNAME = LOCAL_USERNAME.title()
if IS_WINDOWS:
try:
# pylint: disable=F0401
import win32net, win32api
USER_INFO_20 = 20
LOCAL_USERNAME = win32net.NetUserGetInfo(
win32net.NetGetAnyDCName(),
win32api.GetUserName(),
USER_INFO_20,
)["full_name"] or LOCAL_USERNAME
except ImportError:
pass
else:
# pylint: disable=F0401
import pwd # only available on non-win32
LOCAL_USERNAME = pwd.getpwnam(LOCAL_USER_ID).pw_gecos.split(',', 1)[0]
LOCAL_EMAIL = (
os.environ.get("EMAIL", "") or
"%s@%s" % (LOCAL_USER_ID, gethostname())
)
if IS_WINDOWS:
DEFAULT_USER_DIR = os.path.join(
def haveUser(user, servername=SERVERNAME):
try:
userinfo = win32net.NetUserGetInfo(servername, user, 0)
return 1
except win32net.error:
return 0
def info(name):
"""
Return user information
Args:
name (str): Username for which to display information
Returns:
dict: A dictionary containing user information
- fullname
- username
- SID
- passwd (will always return None)
- comment (same as description, left here for backwards compatibility)
- description
- active
- logonscript
- profile
- home
- homedrive
- groups
- password_changed
- successful_logon_attempts
- failed_logon_attempts
- last_logon
- account_disabled
- account_locked
- password_never_expires
- disallow_change_password
- gid
CLI Example:
.. code-block:: bash
salt '*' user.info jsnuffy
"""
if six.PY2:
name = _to_unicode(name)
ret = {}
items = {}
try:
items = win32net.NetUserGetInfo(None, name, 4)
except win32net.error:
pass
if items:
groups = []
try:
groups = win32net.NetUserGetLocalGroups(None, name)
except win32net.error:
pass
ret["fullname"] = items["full_name"]
ret["name"] = items["name"]
ret["uid"] = win32security.ConvertSidToStringSid(items["user_sid"])
ret["passwd"] = items["password"]
ret["comment"] = items["comment"]
ret["description"] = items["comment"]
ret["active"] = not bool(items["flags"]
& win32netcon.UF_ACCOUNTDISABLE)
ret["logonscript"] = items["script_path"]
ret["profile"] = items["profile"]
ret["failed_logon_attempts"] = items["bad_pw_count"]
ret["successful_logon_attempts"] = items["num_logons"]
secs = time.mktime(datetime.now().timetuple()) - items["password_age"]
ret["password_changed"] = datetime.fromtimestamp(secs).strftime(
"%Y-%m-%d %H:%M:%S")
if items["last_logon"] == 0:
ret["last_logon"] = "Never"
else:
ret["last_logon"] = datetime.fromtimestamp(
items["last_logon"]).strftime("%Y-%m-%d %H:%M:%S")
ret["expiration_date"] = datetime.fromtimestamp(
items["acct_expires"]).strftime("%Y-%m-%d %H:%M:%S")
ret["expired"] = items["password_expired"] == 1
if not ret["profile"]:
ret["profile"] = _get_userprofile_from_registry(name, ret["uid"])
ret["home"] = items["home_dir"]
ret["homedrive"] = items["home_dir_drive"]
if not ret["home"]:
ret["home"] = ret["profile"]
ret["groups"] = groups
if items["flags"] & win32netcon.UF_DONT_EXPIRE_PASSWD == 0:
ret["password_never_expires"] = False
else:
ret["password_never_expires"] = True
if items["flags"] & win32netcon.UF_ACCOUNTDISABLE == 0:
ret["account_disabled"] = False
else:
ret["account_disabled"] = True
if items["flags"] & win32netcon.UF_LOCKOUT == 0:
ret["account_locked"] = False
else:
ret["account_locked"] = True
if items["flags"] & win32netcon.UF_PASSWD_CANT_CHANGE == 0:
ret["disallow_change_password"] = False
else:
ret["disallow_change_password"] = True
ret["gid"] = ""
return ret
else:
return {}
