Пример #1
0
    def create_user(self, name, **kwargs):
        """
        Creates users for the system using the GNU passwd tools. This
        will work on an GNU system. This should be overriden on
        distros where useradd is not desirable or not available.
        """

        # Add the user
        self.add_user(name, **kwargs)

        # Set password if plain-text password provided and non-empty
        if 'plain_text_passwd' in kwargs and kwargs['plain_text_passwd']:
            self.set_passwd(name, kwargs['plain_text_passwd'])

        # Default locking down the account.  'lock_passwd' defaults to True.
        # lock account unless lock_password is False.
        if kwargs.get('lock_passwd', True):
            self.lock_passwd(name)

        # Configure sudo access
        if 'sudo' in kwargs:
            self.write_sudo_rules(name, kwargs['sudo'])

        # Import SSH keys
        if 'ssh_authorized_keys' in kwargs:
            keys = set(kwargs['ssh_authorized_keys']) or []
            ssh_util.setup_user_keys(keys, name, options=None)

        return True
Пример #2
0
def apply_credentials(keys, user, disable_root, disable_root_opts):

    keys = set(keys)
    if user:
        ssh_util.setup_user_keys(keys, user)

    if disable_root:
        if not user:
            user = "******"
        key_prefix = disable_root_opts.replace('$USER', user)
    else:
        key_prefix = ''

    ssh_util.setup_user_keys(keys, 'root', options=key_prefix)
Пример #3
0
    def create_user(self, name, **kwargs):
        """
        Creates users for the system using the GNU passwd tools. This
        will work on an GNU system. This should be overriden on
        distros where useradd is not desirable or not available.
        """

        # Add the user
        self.add_user(name, **kwargs)

        # Set password if plain-text password provided and non-empty
        if 'plain_text_passwd' in kwargs and kwargs['plain_text_passwd']:
            self.set_passwd(name, kwargs['plain_text_passwd'])

        # Set password if hashed password is provided and non-empty
        if 'hashed_passwd' in kwargs and kwargs['hashed_passwd']:
            self.set_passwd(name, kwargs['hashed_passwd'], hashed=True)

        # Default locking down the account.  'lock_passwd' defaults to True.
        # lock account unless lock_password is False.
        if kwargs.get('lock_passwd', True):
            self.lock_passwd(name)

        # Configure sudo access
        if 'sudo' in kwargs:
            self.write_sudo_rules(name, kwargs['sudo'])

        # Import SSH keys
        if 'ssh_authorized_keys' in kwargs:
            # Try to handle this in a smart manner.
            keys = kwargs['ssh_authorized_keys']
            if isinstance(keys, six.string_types):
                keys = [keys]
            if isinstance(keys, dict):
                keys = list(keys.values())
            if keys is not None:
                if not isinstance(keys, (tuple, list, set)):
                    LOG.warn("Invalid type '%s' detected for"
                             " 'ssh_authorized_keys', expected list,"
                             " string, dict, or set.", type(keys))
                else:
                    keys = set(keys) or []
                    ssh_util.setup_user_keys(keys, name, options=None)

        return True
Пример #4
0
    def create_user(self, name, **kwargs):
        self.add_user(name, **kwargs)

        # Set password if plain-text password provided and non-empty
        if 'plain_text_passwd' in kwargs and kwargs['plain_text_passwd']:
            self.set_passwd(name, kwargs['plain_text_passwd'])

        # Default locking down the account. 'lock_passwd' defaults to True.
        # lock account unless lock_password is False.
        if kwargs.get('lock_passwd', True):
            self.lock_passwd(name)

        # Configure sudo access
        if 'sudo' in kwargs:
            self.write_sudo_rules(name, kwargs['sudo'])

        # Import SSH keys
        if 'ssh_authorized_keys' in kwargs:
            keys = set(kwargs['ssh_authorized_keys']) or []
            ssh_util.setup_user_keys(keys, name, options=None)
Пример #5
0
    def create_user(self, name, **kwargs):
        self.add_user(name, **kwargs)

        # Set password if plain-text password provided and non-empty
        if 'plain_text_passwd' in kwargs and kwargs['plain_text_passwd']:
            self.set_passwd(name, kwargs['plain_text_passwd'])

        # Default locking down the account. 'lock_passwd' defaults to True.
        # lock account unless lock_password is False.
        if kwargs.get('lock_passwd', True):
            self.lock_passwd(name)

        # Configure sudo access
        if 'sudo' in kwargs:
            self.write_sudo_rules(name, kwargs['sudo'])

        # Import SSH keys
        if 'ssh_authorized_keys' in kwargs:
            keys = set(kwargs['ssh_authorized_keys']) or []
            ssh_util.setup_user_keys(keys, name, options=None)
Пример #6
0
    def create_user(self, name, **kwargs):
        """
        Creates users for the system using the GNU passwd tools. This
        will work on an GNU system. This should be overriden on
        distros where useradd is not desirable or not available.
        """

        # Add the user
        self.add_user(name, **kwargs)

        # Set password if plain-text password provided and non-empty
        if 'plain_text_passwd' in kwargs and kwargs['plain_text_passwd']:
            self.set_passwd(name, kwargs['plain_text_passwd'])

        # Default locking down the account.  'lock_passwd' defaults to True.
        # lock account unless lock_password is False.
        if kwargs.get('lock_passwd', True):
            self.lock_passwd(name)

        # Configure sudo access
        if 'sudo' in kwargs:
            self.write_sudo_rules(name, kwargs['sudo'])

        # Import SSH keys
        if 'ssh_authorized_keys' in kwargs:
            # Try to handle this in a smart manner.
            keys = kwargs['ssh_authorized_keys']
            if isinstance(keys, six.string_types):
                keys = [keys]
            if isinstance(keys, dict):
                keys = list(keys.values())
            if keys is not None:
                if not isinstance(keys, (tuple, list, set)):
                    LOG.warn("Invalid type '%s' detected for"
                             " 'ssh_authorized_keys', expected list,"
                             " string, dict, or set.", type(keys))
                else:
                    keys = set(keys) or []
                    ssh_util.setup_user_keys(keys, name, options=None)

        return True
Пример #7
0
    def create_user(self, name, **kwargs):
        """
        Creates users for the system using the GNU passwd tools. This
        will work on an GNU system. This should be overriden on
        distros where useradd is not desirable or not available.
        """

        # Add a snap user, if requested
        if 'snapuser' in kwargs:
            return self.add_snap_user(name, **kwargs)

        # Add the user
        self.add_user(name, **kwargs)

        # Set password if plain-text password provided and non-empty
        if 'plain_text_passwd' in kwargs and kwargs['plain_text_passwd']:
            self.set_passwd(name, kwargs['plain_text_passwd'])

        # Set password if hashed password is provided and non-empty
        if 'hashed_passwd' in kwargs and kwargs['hashed_passwd']:
            self.set_passwd(name, kwargs['hashed_passwd'], hashed=True)

        # Default locking down the account.  'lock_passwd' defaults to True.
        # lock account unless lock_password is False.
        if kwargs.get('lock_passwd', True):
            self.lock_passwd(name)

        # Configure sudo access
        if 'sudo' in kwargs and kwargs['sudo'] is not False:
            self.write_sudo_rules(name, kwargs['sudo'])

        # Import SSH keys
        if 'ssh_authorized_keys' in kwargs:
            # Try to handle this in a smart manner.
            keys = kwargs['ssh_authorized_keys']
            if isinstance(keys, str):
                keys = [keys]
            elif isinstance(keys, dict):
                keys = list(keys.values())
            if keys is not None:
                if not isinstance(keys, (tuple, list, set)):
                    LOG.warning(
                        "Invalid type '%s' detected for"
                        " 'ssh_authorized_keys', expected list,"
                        " string, dict, or set.", type(keys))
                    keys = []
                else:
                    keys = set(keys) or []
            ssh_util.setup_user_keys(set(keys), name)
        if 'ssh_redirect_user' in kwargs:
            cloud_keys = kwargs.get('cloud_public_ssh_keys', [])
            if not cloud_keys:
                LOG.warning(
                    'Unable to disable SSH logins for %s given'
                    ' ssh_redirect_user: %s. No cloud public-keys present.',
                    name, kwargs['ssh_redirect_user'])
            else:
                redirect_user = kwargs['ssh_redirect_user']
                disable_option = ssh_util.DISABLE_USER_OPTS
                disable_option = disable_option.replace('$USER', redirect_user)
                disable_option = disable_option.replace('$DISABLE_USER', name)
                ssh_util.setup_user_keys(set(cloud_keys),
                                         name,
                                         options=disable_option)
        return True
Пример #8
0
    def create_user(self, name, **kwargs):
        """
        Creates or partially updates the ``name`` user in the system.

        This defers the actual user creation to ``self.add_user`` or
        ``self.add_snap_user``, and most of the keys in ``kwargs`` will be
        processed there if and only if the user does not already exist.

        Once the existence of the ``name`` user has been ensured, this method
        then processes these keys (for both just-created and pre-existing
        users):

        * ``plain_text_passwd``
        * ``hashed_passwd``
        * ``lock_passwd``
        * ``sudo``
        * ``ssh_authorized_keys``
        * ``ssh_redirect_user``
        """

        # Add a snap user, if requested
        if "snapuser" in kwargs:
            return self.add_snap_user(name, **kwargs)

        # Add the user
        self.add_user(name, **kwargs)

        # Set password if plain-text password provided and non-empty
        if "plain_text_passwd" in kwargs and kwargs["plain_text_passwd"]:
            self.set_passwd(name, kwargs["plain_text_passwd"])

        # Set password if hashed password is provided and non-empty
        if "hashed_passwd" in kwargs and kwargs["hashed_passwd"]:
            self.set_passwd(name, kwargs["hashed_passwd"], hashed=True)

        # Default locking down the account.  'lock_passwd' defaults to True.
        # lock account unless lock_password is False.
        if kwargs.get("lock_passwd", True):
            self.lock_passwd(name)

        # Configure sudo access
        if "sudo" in kwargs and kwargs["sudo"] is not False:
            self.write_sudo_rules(name, kwargs["sudo"])

        # Import SSH keys
        if "ssh_authorized_keys" in kwargs:
            # Try to handle this in a smart manner.
            keys = kwargs["ssh_authorized_keys"]
            if isinstance(keys, str):
                keys = [keys]
            elif isinstance(keys, dict):
                keys = list(keys.values())
            if keys is not None:
                if not isinstance(keys, (tuple, list, set)):
                    LOG.warning(
                        "Invalid type '%s' detected for"
                        " 'ssh_authorized_keys', expected list,"
                        " string, dict, or set.",
                        type(keys),
                    )
                    keys = []
                else:
                    keys = set(keys) or []
            ssh_util.setup_user_keys(set(keys), name)
        if "ssh_redirect_user" in kwargs:
            cloud_keys = kwargs.get("cloud_public_ssh_keys", [])
            if not cloud_keys:
                LOG.warning(
                    "Unable to disable SSH logins for %s given"
                    " ssh_redirect_user: %s. No cloud public-keys present.",
                    name,
                    kwargs["ssh_redirect_user"],
                )
            else:
                redirect_user = kwargs["ssh_redirect_user"]
                disable_option = ssh_util.DISABLE_USER_OPTS
                disable_option = disable_option.replace("$USER", redirect_user)
                disable_option = disable_option.replace("$DISABLE_USER", name)
                ssh_util.setup_user_keys(
                    set(cloud_keys), name, options=disable_option
                )
        return True
Пример #9
0
def apply_credentials(keys, user):

    keys = set(keys)
    if user:
        ssh_util.setup_user_keys(keys, user)
Пример #10
0
    def create_user(self, name, **kwargs):
        """
        Creates users for the system using the GNU passwd tools. This
        will work on an GNU system. This should be overriden on
        distros where useradd is not desirable or not available.
        """

        # Add a snap user, if requested
        if 'snapuser' in kwargs:
            return self.add_snap_user(name, **kwargs)

        # Add the user
        self.add_user(name, **kwargs)

        # Set password if plain-text password provided and non-empty
        if 'plain_text_passwd' in kwargs and kwargs['plain_text_passwd']:
            self.set_passwd(name, kwargs['plain_text_passwd'])

        # Set password if hashed password is provided and non-empty
        if 'hashed_passwd' in kwargs and kwargs['hashed_passwd']:
            self.set_passwd(name, kwargs['hashed_passwd'], hashed=True)

        # Default locking down the account.  'lock_passwd' defaults to True.
        # lock account unless lock_password is False.
        if kwargs.get('lock_passwd', True):
            self.lock_passwd(name)

        # Configure sudo access
        if 'sudo' in kwargs and kwargs['sudo'] is not False:
            self.write_sudo_rules(name, kwargs['sudo'])

        # Import SSH keys
        if 'ssh_authorized_keys' in kwargs:
            # Try to handle this in a smart manner.
            keys = kwargs['ssh_authorized_keys']
            if isinstance(keys, six.string_types):
                keys = [keys]
            elif isinstance(keys, dict):
                keys = list(keys.values())
            if keys is not None:
                if not isinstance(keys, (tuple, list, set)):
                    LOG.warning("Invalid type '%s' detected for"
                                " 'ssh_authorized_keys', expected list,"
                                " string, dict, or set.", type(keys))
                    keys = []
                else:
                    keys = set(keys) or []
            ssh_util.setup_user_keys(set(keys), name)
        if 'ssh_redirect_user' in kwargs:
            cloud_keys = kwargs.get('cloud_public_ssh_keys', [])
            if not cloud_keys:
                LOG.warning(
                    'Unable to disable ssh logins for %s given'
                    ' ssh_redirect_user: %s. No cloud public-keys present.',
                    name, kwargs['ssh_redirect_user'])
            else:
                redirect_user = kwargs['ssh_redirect_user']
                disable_option = ssh_util.DISABLE_USER_OPTS
                disable_option = disable_option.replace('$USER', redirect_user)
                disable_option = disable_option.replace('$DISABLE_USER', name)
                ssh_util.setup_user_keys(
                    set(cloud_keys), name, options=disable_option)
        return True