def AddUser(username, password=None, labels=None, token=None):
"""Implementation of the add_user command."""
if not username:
raise UserError("Cannot add user: User must have a non-empty name")
token = data_store.GetDefaultToken(token)
user_urn = "aff4:/users/%s" % username
try:
if aff4.FACTORY.Open(user_urn, users.GRRUser, token=token):
raise UserError("Cannot add user %s: User already exists." %
username)
except aff4.InstantiationError:
pass
fd = aff4.FACTORY.Create(user_urn, users.GRRUser, mode="rw", token=token)
# Note this accepts blank passwords as valid.
if password is None:
password = getpass.getpass(
prompt="Please enter password for user '%s': " % username)
fd.SetPassword(password)
if labels:
fd.AddLabels(set(labels), owner="GRR")
fd.Close()
EPrint("Added user %s." % username)
events.Events.PublishEvent("Audit",
events.AuditEvent(user=token.username,
action="USER_ADD",
urn=user_urn),
token=token)
def DeleteUser(username, token=None):
"""Deletes an existing user."""
if not username:
raise UserError("User must have a non-empty name")
token = data_store.GetDefaultToken(token)
user_urn = "aff4:/users/%s" % username
try:
aff4.FACTORY.Open(user_urn, users.GRRUser, token=token)
except aff4.InstantiationError:
EPrint("User %s not found." % username)
return
aff4.FACTORY.Delete(user_urn, token=token)
EPrint("User %s has been deleted." % username)
events.Events.PublishEvent("Audit",
events.AuditEvent(user=token.username,
action="USER_DELETE",
urn=user_urn),
token=token)
def UpdateUser(username,
password,
add_labels=None,
delete_labels=None,
token=None):
"""Implementation of the update_user command."""
if not username:
raise UserError("User must have a non-empty name")
token = data_store.GetDefaultToken(token)
user_urn = "aff4:/users/%s" % username
try:
fd = aff4.FACTORY.Open(user_urn, users.GRRUser, mode="rw", token=token)
except aff4.InstantiationError:
raise UserError("User %s does not exist." % username)
# Note this accepts blank passwords as valid.
if password:
if not isinstance(password, basestring):
password = getpass.getpass(
prompt="Please enter password for user '%s': " % username)
fd.SetPassword(password)
# Use sets to dedup input.
current_labels = set()
# Build a list of existing labels.
for label in fd.GetLabels():
current_labels.add(label.name)
# Build a list of labels to be added.
expanded_add_labels = set()
if add_labels:
for label in add_labels:
# Split up any space or comma separated labels in the list.
labels = label.split(",")
expanded_add_labels.update(labels)
# Build a list of labels to be removed.
expanded_delete_labels = set()
if delete_labels:
for label in delete_labels:
# Split up any space or comma separated labels in the list.
labels = label.split(",")
expanded_delete_labels.update(labels)
# Set subtraction to remove labels being added and deleted at the same time.
clean_add_labels = expanded_add_labels - expanded_delete_labels
clean_del_labels = expanded_delete_labels - expanded_add_labels
# Create final list using difference to only add new labels.
final_add_labels = clean_add_labels - current_labels
# Create final list using intersection to only remove existing labels.
final_del_labels = clean_del_labels & current_labels
if final_add_labels:
fd.AddLabels(final_add_labels, owner="GRR")
if final_del_labels:
fd.RemoveLabels(final_del_labels, owner="GRR")
fd.Close()
EPrint("Updated user %s" % username)
ShowUser(username, token=token)
events.Events.PublishEvent("Audit",
events.AuditEvent(user=token.username,
action="USER_UPDATE",
urn=user_urn),
token=token)