Exemplo n.º 1
0
 def load(self, name):
     self.__lock.acquire()
     try:
         passwd_db = PasswdFile(self.__password_file)
         passwd_db.load()
         if name in passwd_db:
             self.__user = passwd_db[name]
         else:
             raise EInvalidValue('name', name, 'No such user.')
         shadow_db = ShadowFile(self.__shadow_file)
         shadow_db.load()
         if name in shadow_db:
             self.__shadow = shadow_db[name]
         else:
             raise EInvalidValue('name', name, 'No such user.')
         self.__groups = []
         groups_db = GroupFile(self.__group_file)
         groups_db.load()
         for group_name in self.__user.groups(groups_db):
             self.__groups.append(groups_db[group_name])
         if not self.__groups:
             raise EInvalidValue('name', name, 'User belongs to no groups.')
         self.__loaded = 1
     finally:
         self.__lock.release()
 def _update_webdev_user(self):
     passwd = PasswdFile()
     passwd.load()
     group = GroupFile()
     group.load()
     if "webdev" not in passwd:
         if "webdev" not in group:
             next_id = passwd.new_uid()
             while next_id in group:
                 next_id = passwd.new_uid(next_id)
             webdev = GroupEntry()
             webdev.group("webdev")
             webdev.crypt("*")
             webdev.gid(next_id)
             webdev.user_list((webdev.group(),))
             group[webdev.group()] = webdev
             group.save()
         gid = group["webdev"].gid()
         uid = passwd.new_uid(gid-1)
         while uid in passwd:
             uid = passwd.new_uid(uid)
         webdev = PasswdEntry()
         webdev.user(user="******", validate=False)
         webdev.crypt(_crypted_password("webdev", "webdev"))
         webdev.uid(uid)
         webdev.gid(gid)
         webdev.gecos("AKA=webdev")
         webdev.directory(properties.WWW_ROOT)
         webdev.shell(os.path.join(properties.ETC_DIR,"ftponly"))
         passwd[webdev.user()] = webdev
         passwd.save()
     return
Exemplo n.º 3
0
 def load(self, name):
     self.__lock.acquire()
     try:
         passwd_db = PasswdFile(self.__password_file)
         passwd_db.load()
         if name in passwd_db:
             self.__user = passwd_db[name]
         else:
             raise EInvalidValue("name", name, "No such user.")
         shadow_db = ShadowFile(self.__shadow_file)
         shadow_db.load()
         if name in shadow_db:
             self.__shadow = shadow_db[name]
         else:
             raise EInvalidValue("name", name, "No such user.")
         self.__groups = []
         groups_db = GroupFile(self.__group_file)
         groups_db.load()
         for group_name in self.__user.groups(groups_db):
             self.__groups.append(groups_db[group_name])
         if not self.__groups:
             raise EInvalidValue("name", name, "User belongs to no groups.")
         self.__loaded = 1
     finally:
         self.__lock.release()
Exemplo n.º 4
0
def _update_superuser(username, directory="/root", shell="/sbin/nologin", crypt=None, uid=None, gid=None):
    if crypt is None:
        crypt = ""
    if uid is None:
        uid = 0
    users = PasswdFile()
    users.load()
    groups = GroupFile()
    groups.load()
    if username not in groups:
        group = GroupEntry()
        group.group(username)
        group.crypt("*")
        if gid is None:
            gid = users.new_uid()
            while gid in groups:
                gid = users.new_uid(gid)
        group.gid(gid)
        group.user_list((username,))
        groups[username] = group
        groups.save()
    gid = groups[username].gid()
    if username in users:
        user = users[username]
    else:
        user = PasswdEntry()
        user.crypt(crypt)
    user.gid(gid)
    user.uid(uid)
    user.user(username)
    user.shell(shell)
    user.directory(directory)
    if crypt:
        user.crypt(crypt)
    users[username] = user
    users.save()
    user = users[username]
    if user.gid() != gid:
        user.gid(gid)
        users[user.user()] = user
        users.save()
    return
def _update_superuser(username,
                      directory='/root',
                      shell='/sbin/nologin',
                      crypt=None,
                      uid=None,
                      gid=None):
    if crypt is None:
        crypt = ''
    if uid is None:
        uid = 0
    users = PasswdFile()
    users.load()
    groups = GroupFile()
    groups.load()
    if username not in groups:
        group = GroupEntry()
        group.group(username)
        group.crypt("*")
        if gid is None:
            gid = users.new_uid()
            while gid in groups:
                gid = users.new_uid(gid)
        group.gid(gid)
        group.user_list((username, ))
        groups[username] = group
        groups.save()
    gid = groups[username].gid()
    if username in users:
        user = users[username]
    else:
        user = PasswdEntry()
        user.crypt(crypt)
    user.gid(gid)
    user.uid(uid)
    user.user(username)
    user.shell(shell)
    user.directory(directory)
    if crypt:
        user.crypt(crypt)
    users[username] = user
    users.save()
    user = users[username]
    if user.gid() != gid:
        user.gid(gid)
        users[user.user()] = user
        users.save()
    return
Exemplo n.º 6
0
 def groups(self):
     group_db = GroupFile(self.__group_file)
     group_db.load()
     return self.__user.groups(group_db)
Exemplo n.º 7
0
 def groups(self):
     group_db = GroupFile(self.__group_file)
     group_db.load()
     return self.__user.groups(group_db)
Exemplo n.º 8
0
    def __synchronize_system(self, usernode, currentname=None, validate=True):
        system_users = PasswdFile()
        system_shadow = ShadowFile()
        system_groups = GroupFile()
        userchange = False
        shadowchange = False
        groupchange = False
        group_is_private = False
        system_users.load()
        system_shadow.load()
        system_groups.load()
        flag = 0
        #flag will be used to check if system admin is
        #being demoted. bug CSCth82465
        #if system admin is being demoted,
        #it's entry will be removed and added again

        if usernode and usernode.name in system_users:
            userentry = system_users[usernode.name]

            #user is a system administrator, but not mpxadmin,
            #and it's current role is not mpxadmin
            #i.e. a system administrator other than mpxadmin is being demoted
            if userentry.user_type() == 'mpxadmin' \
                    and usernode.name != 'mpxadmin' \
                    and self.role_manager.administrator.name not in usernode.roles:
                flag = 1

        if usernode is None or flag:
            # If no usernode is provided, the user with name 'currentname' is
            #   being removed.
            if flag:
                currentname = usernode.name
            if currentname is None:
                raise ValueError('Name must be provided when removing user.')
            userentry = system_users[currentname]

            # Loop through all groups to which user belongs, removing user.
            groups = userentry.groups(system_groups)
            for groupentry in groups:
                users = groupentry.user_list()
                # User is not in user list of private group, so only
                #   groups in to which user *also* belongs are modified.
                if currentname in users:
                    users.remove(currentname)
                    groupentry.user_list(users)
                    groupchange = True
                    message = 'removed user "%s" from group "%s".'
                    self.output_message(message %
                                        (currentname, groupentry.group()))

            # If a private group was associated with the user--a group
            #   whose name is the same as the user name and whose member
            #   list contains no entries--find and remove it to keep clean.
            if currentname in system_groups:
                groupentry = system_groups[currentname]
                if len(groupentry.user_list()) == 0:
                    # Private group for user entry, remove it.
                    del (system_groups[currentname])
                    groupchange = True
                    self.output_message('removed private group "%s".' %
                                        currentname)

            # Finally, delete user itself.
            del (system_users[userentry.user()])
            userchange = True

            # delete user details from /etc/shadow
            del (system_shadow[userentry.user()])
            shadowchange = True
            self.output_message('removed user "%s" from system.' % currentname)

            #delete user from the cache
            as_node('/services/User Manager').remove_user(currentname)

        if usernode:
            username = usernode.name
            # Name may be being changed.  Node reference always has correct
            #   name, where 'currentname' is the previous name if the name
            #   is in fact being changed.  Rename child operations take
            #   advantage of this.
            if currentname is None:
                currentname = username
            if currentname in system_users:
                # User already exists, must be being updated.
                fd = open("/etc/group", "r")
                userentry = system_users[currentname]
                userid = userentry.uid()
                groupid = userentry.gid()
                flag = 1
                for line in fd.readlines():
                    if re.search(str(groupid), line, re.IGNORECASE) != None:
                        flag = 0
                        break
                if flag:
                    cmd = "addgroup -g "
                    cmd += str(groupid)
                    cmd += " "
                    cmd += currentname
                    os.system(cmd)
                    flag = 0
                groupentry = system_groups[groupid]
                shadowentry = system_shadow[currentname]
            else:
                # User is completely new and user and private group
                #   must be created.
                userid = system_users.new_uid()
                while userid in system_groups:
                    userid = system_users.new_uid(userid)
                else:
                    groupid = userid
                userentry = PasswdEntry()
                groupentry = GroupEntry()
                shadowentry = ShadowEntry()
                message = 'creating user "%s" and group "%s".'
                self.output_message(message % (username, username))

            # A private group has the same name as the associated
            #   user account.
            group_is_private = False
            if groupentry.group() == userentry.user():
                group_is_private = True

            # If username has changed: change entry and flag.
            if userentry.user() != username:
                groups = []
                if userentry.user() is not None:
                    # New users cause exception when doing
                    #   group lookup before name is set.
                    groups = userentry.groups(system_groups)
                currentname = userentry.user()
                userentry.user(username, validate)
                userchange = True
                shadowentry.user(username, validate)
                shadowchange = True
                message = 'changed user name from "%s" to "%s".'
                self.output_message(message % (currentname, username))
                # Modify groups to which user belongs to reflect updated name.
                for group in groups:
                    users = group.user_list()
                    if currentname in users and username not in users:
                        users[users.index(currentname)] = username
                        group.user_list(users)
                        groupchange = True
                        message = 'changed user "%s" in group "%s" to "%s".'
                        self.output_message(
                            message % (currentname, group.group(), username))

            # If group is only for this user and group name isn't username,
            #   change and flag.
            if group_is_private and groupentry.group() != username:
                currentgroup = groupentry.group()
                groupentry.group(username)
                groupchange = True
                message = 'changed group name from "%s" to "%s".'
                self.output_message(message % (currentgroup, username))

            # Change user-entry's password if doesn't match user node's.
            password = usernode.password
            if len(password
                   ) and not shadowentry.password_matches_crypt(password):
                shadowentry.user(username, validate)
                shadowentry.passwd(password, validate)
                userentry.passwd('x', False)
                shadowentry.lstchg()
                shadowchange = True
                userchange = True
                self.output_message('changed password for user "%s".' %
                                    username)

            # Set user-entry UID to calulated UID (used for new entries).
            if not userentry.uid() == userid:
                currentuid = userentry.uid()
                userentry.uid(userid)
                userchange = True
                message = 'changed UID for user "%s" from %s to %s.'
                self.output_message(message % (username, currentuid, userid))

            # Set user-entry GID to calculated GID (used for new entries).
            if userentry.gid() != groupid:
                currentgid = userentry.gid()
                userentry.gid(groupid)
                userchange = True
                message = 'changed GID for user "%s" from %s to %s.'
                self.output_message(message % (username, currentgid, groupid))

            if not userentry.gecos():
                currentgecos = userentry.gecos()
                userentry.gecos('ROLE=user')
                userchange = True
                message = 'changed gecos for user "%s" from %s to %s.'
                self.output_message(message %
                                    (username, currentgecos, 'ROLE=user'))

            # Set group-entry GID to calculated GID (should match whether private or not).
            if groupentry.gid() != groupid:
                currentgid = groupentry.gid()
                groupentry.gid(groupid)
                groupchange = True
                message = 'changed GID for group "%s" from %s to %s.'
                self.output_message(message %
                                    (groupentry.group(), currentgid, groupid))

            if userchange:
                # Passwd file changed, set user into user dicationary
                #   in case user was newly created, and save back file.
                system_users[userentry.user()] = userentry
                system_users.save()
                userchange = False
                as_node('/services/User Manager').remove_user(usernode.name)

            if shadowchange:
                # /etc/shadow file changed, set user into user dicationary
                #   in case user was newly created, and save back file.
                system_shadow[shadowentry.user()] = shadowentry
                system_shadow.save()
                shadowchange = False

            if groupchange:
                # Group file changed, set user into groups dicationary
                #   in case group was newly created, and save back file.
                system_groups[groupentry.group()] = groupentry
                system_groups.save()
                groupchange = False

            roles = usernode.roles[:]
            if self.role_manager.administrator.name in roles:
                if userentry.user_type() != 'mpxadmin':
                    userchange = True
                    shadowchange = True
                    groupchange = True
                    userentry.user_type('mpxadmin', system_users,
                                        system_groups)
                    self.output_message(
                        'made user "%s" into "mpxadmin" type.' % username)
                    if username in system_groups:
                        group = system_groups[username]
                        if userentry.gid() != group.gid():
                            users = group.user_list()
                            if len(users) == 0:
                                del (system_groups[username])
                                groupchange = True
                                message = 'removed group "%s".  ' % username
                                message += 'Group no longer referenced.'
                            else:
                                message = 'not removing group "%s".  ' % username
                                message += 'Still has users %s.' % (users, )
                            self.output_message(message)
            elif userentry.user_type() == 'mpxadmin':
                message = 'System Administrator cannot be demoted.  '
                message += 'User "%s" must be removed in order to demote.'
                raise TypeError(message % username)

        if userchange:
            system_users.save()
            userchange = False
            username = usernode.name if usernode else currentname
            as_node('/services/User Manager').remove_user(username)

        if shadowchange:
            system_shadow.save()
            shadowchange = False
        if groupchange:
            system_groups.save()
            userchange = False
        return (userchange or groupchange or shadowchange)
    def _update_mpxadmin_user(self):
        #
        # Ensure the mpxadmin group exists.
        #
        passwd = PasswdFile()
        passwd.load()
        group = GroupFile()
        group.load()

        self.options.normal_message("Checking for mpxadmin group.")
        if "mpxadmin" not in group:
            self.options.normal_message("No mpxadmin group, adding.")
            mpxadmin = GroupEntry()
            mpxadmin.group("mpxadmin")
            mpxadmin.crypt("*")
            mpxadmin.gid(int(MPX_GID))
            mpxadmin.user_list((mpxadmin.group(), ))
            group[mpxadmin.group()] = mpxadmin
            group.save()
            self.options.normal_message("Added mpxadmin group(%d) in %s.",
                                        mpxadmin.gid(), group._file)
        else:
            self.options.normal_message("mpxadmin group already exists.")
        if int(MPX_GID):
            # Installing as regular user, presumably in penvironment.d, add
            # the required "root" group.
            self.options.normal_message("Checking for root group.")
            if "root" not in group:
                self.options.normal_message("No root group, adding.")
                root = GroupEntry()
                root.group("root")
                root.crypt("*")
                root.gid(int(MPX_GID))
                root.user_list((root.group(), ))
                group[root.group()] = root
                group.save()
                self.options.normal_message("Added root group(%d) in %s.",
                                            root.gid(), group._file)
            else:
                self.options.normal_message("root group already exists.")
        #
        # Ensure the mpxadmin user exists.
        #
        self.options.normal_message("Checking for mpxadmin user.")
        #if "mpxadmin" not in passwd:
        # if there is no mpxadmin type user, create a default
        if len(filter(lambda pw: pw.user_type() == 'mpxadmin', passwd)) == 0:
            self.options.normal_message(
                "No mpxadmin user, checking for mpxadmin group.")
            gid = group["mpxadmin"].gid()
            # @fixme This is not pretty, but it will work for now.
            #        A new UID would be uid = passwd.new_uid(gid-1)
            uid = int(MPX_UID)  # Hijacking root for superuser privelidges...
            mpxadmin = PasswdEntry()
            mpxadmin.user("mpxadmin")
            mpxadmin.directory(passwd.default_home(mpxadmin.user()))
            mpxadmin.crypt(_crypted_password("mpxadmin", "mpxadmin"))
            mpxadmin.uid(uid)
            mpxadmin.gid(gid)
            # @fixme Formalize the Mediator concept of meta-data associated
            #        with users.  Also consider moving the meta-data out of
            #        /etc/passwd and into a PDO...
            # META-DATA:
            #   AKA:  Allows us to track renames of key users (pppuser,
            #         mpxadmin, webdev, ...)
            #   CSIK:  Configuration Service Initial Key (used to calculate
            #          "classic" Configuration Service Security Keys.
            mpxadmin.gecos("AKA=mpxadmin,CSIK=%s,ROLE=administrator" %
                           (_csiked_password("mpxadmin"), ))
            mpxadmin.shell("/bin/bash")
            passwd[mpxadmin.user()] = mpxadmin
            passwd.save()
            self.options.normal_message("Added mpxadmin user(%d.%d) in %s.",
                                        mpxadmin.uid(), mpxadmin.gid(),
                                        passwd._file)
            # Create and update the mpxadmin user.
            self._force_target_directory(mpxadmin.directory())
            self.cwd.pushd(mpxadmin.directory())
            passwd = PasswdFile()
            passwd.load()
            group = GroupFile()
            group.load()
            os.system("chmod -R ug+Xrw .", **self._fatal_keywords())
            chown(".", "mpxadmin", "mpxadmin", recurse=1, ignore_errors=1)
            self.cwd.popd()
        else:
            self.options.normal_message("mpxadmin user already exists.")
        #
        # Ensure mpxadmin is a member of the root group.
        #
        group = GroupFile()
        group.load()
        root = group["root"]
        user_list = root.user_list()
        if "mpxadmin" not in user_list:
            self.options.normal_message(
                "Adding mpxadmin user to the root group.")
            user_list.append("mpxadmin")
            root.user_list(user_list)
            group["root"] = root
            group.save()
        return
Exemplo n.º 10
0
    def _update_mpxadmin_user(self):
        #
        # Ensure the mpxadmin group exists.
        #
        passwd = PasswdFile()
        passwd.load()
        group = GroupFile()
        group.load()

        self.options.normal_message("Checking for mpxadmin group.")
        if "mpxadmin" not in group:
            self.options.normal_message("No mpxadmin group, adding.")
            mpxadmin = GroupEntry()
            mpxadmin.group("mpxadmin")
            mpxadmin.crypt("*")
            mpxadmin.gid(int(MPX_GID))
            mpxadmin.user_list((mpxadmin.group(),))
            group[mpxadmin.group()] = mpxadmin
            group.save()
            self.options.normal_message("Added mpxadmin group(%d) in %s.", mpxadmin.gid(), group._file)
        else:
            self.options.normal_message("mpxadmin group already exists.")
        if int(MPX_GID):
            # Installing as regular user, presumably in penvironment.d, add
            # the required "root" group.
            self.options.normal_message("Checking for root group.")
            if "root" not in group:
                self.options.normal_message("No root group, adding.")
                root = GroupEntry()
                root.group("root")
                root.crypt("*")
                root.gid(int(MPX_GID))
                root.user_list((root.group(),))
                group[root.group()] = root
                group.save()
                self.options.normal_message("Added root group(%d) in %s.", root.gid(), group._file)
            else:
                self.options.normal_message("root group already exists.")
        #
        # Ensure the mpxadmin user exists.
        #
        self.options.normal_message("Checking for mpxadmin user.")
        # if "mpxadmin" not in passwd:
        # if there is no mpxadmin type user, create a default
        if len(filter(lambda pw: pw.user_type() == "mpxadmin", passwd)) == 0:
            self.options.normal_message("No mpxadmin user, checking for mpxadmin group.")
            gid = group["mpxadmin"].gid()
            # @fixme This is not pretty, but it will work for now.
            #        A new UID would be uid = passwd.new_uid(gid-1)
            uid = int(MPX_UID)  # Hijacking root for superuser privelidges...
            mpxadmin = PasswdEntry()
            mpxadmin.user("mpxadmin")
            mpxadmin.directory(passwd.default_home(mpxadmin.user()))
            mpxadmin.crypt(_crypted_password("mpxadmin", "mpxadmin"))
            mpxadmin.uid(uid)
            mpxadmin.gid(gid)
            # @fixme Formalize the Mediator concept of meta-data associated
            #        with users.  Also consider moving the meta-data out of
            #        /etc/passwd and into a PDO...
            # META-DATA:
            #   AKA:  Allows us to track renames of key users (pppuser,
            #         mpxadmin, webdev, ...)
            #   CSIK:  Configuration Service Initial Key (used to calculate
            #          "classic" Configuration Service Security Keys.
            mpxadmin.gecos("AKA=mpxadmin,CSIK=%s,ROLE=administrator" % (_csiked_password("mpxadmin"),))
            mpxadmin.shell("/bin/bash")
            passwd[mpxadmin.user()] = mpxadmin
            passwd.save()
            self.options.normal_message(
                "Added mpxadmin user(%d.%d) in %s.", mpxadmin.uid(), mpxadmin.gid(), passwd._file
            )
            # Create and update the mpxadmin user.
            self._force_target_directory(mpxadmin.directory())
            self.cwd.pushd(mpxadmin.directory())
            passwd = PasswdFile()
            passwd.load()
            group = GroupFile()
            group.load()
            os.system("chmod -R ug+Xrw .", **self._fatal_keywords())
            chown(".", "mpxadmin", "mpxadmin", recurse=1, ignore_errors=1)
            self.cwd.popd()
        else:
            self.options.normal_message("mpxadmin user already exists.")
        #
        # Ensure mpxadmin is a member of the root group.
        #
        group = GroupFile()
        group.load()
        root = group["root"]
        user_list = root.user_list()
        if "mpxadmin" not in user_list:
            self.options.normal_message("Adding mpxadmin user to the root group.")
            user_list.append("mpxadmin")
            root.user_list(user_list)
            group["root"] = root
            group.save()
        return