def AddUser(username, password=None, labels=None, token=None):
"""Implementation of the add_user command."""
token = data_store.GetDefaultToken(token)
user_urn = "aff4:/users/%s" % username
try:
if aff4.FACTORY.Open(user_urn, users.GRRUser, token=token):
raise UserError("Cannot add user %s: User already exists." % username)
except aff4.InstantiationError:
pass
fd = aff4.FACTORY.Create(user_urn, users.GRRUser, mode="rw", token=token)
# Note this accepts blank passwords as valid.
if password is None:
password = getpass.getpass(prompt="Please enter password for user '%s': " %
username)
fd.SetPassword(password)
if labels:
fd.AddLabels(*set(labels), owner="GRR")
fd.Close()
EPrint("Added user %s." % username)
events.Events.PublishEvent(
"Audit",
events.AuditEvent(
user=token.username, action="USER_ADD", urn=user_urn),
token=token)
def DeleteUser(username, token=None):
"""Deletes an existing user."""
token = data_store.GetDefaultToken(token)
user_urn = "aff4:/users/%s" % username
try:
aff4.FACTORY.Open(user_urn, users.GRRUser, token=token)
except aff4.InstantiationError:
EPrint("User %s not found." % username)
return
aff4.FACTORY.Delete(user_urn, token=token)
EPrint("User %s has been deleted." % username)
events.Events.PublishEvent(
"Audit",
events.AuditEvent(
user=token.username, action="USER_DELETE", urn=user_urn),
token=token)
def UpdateUser(username,
password,
add_labels=None,
delete_labels=None,
token=None):
"""Implementation of the update_user command."""
token = data_store.GetDefaultToken(token)
user_urn = "aff4:/users/%s" % username
try:
fd = aff4.FACTORY.Open(user_urn, users.GRRUser, mode="rw", token=token)
except aff4.InstantiationError:
raise UserError("User %s does not exist." % username)
# Note this accepts blank passwords as valid.
if password:
if not isinstance(password, basestring):
password = getpass.getpass(
prompt="Please enter password for user '%s': " % username)
fd.SetPassword(password)
# Use sets to dedup input.
current_labels = set()
# Build a list of existing labels.
for label in fd.GetLabels():
current_labels.add(label.name)
# Build a list of labels to be added.
expanded_add_labels = set()
if add_labels:
for label in add_labels:
# Split up any space or comma separated labels in the list.
labels = label.split(",")
expanded_add_labels.update(labels)
# Build a list of labels to be removed.
expanded_delete_labels = set()
if delete_labels:
for label in delete_labels:
# Split up any space or comma separated labels in the list.
labels = label.split(",")
expanded_delete_labels.update(labels)
# Set subtraction to remove labels being added and deleted at the same time.
clean_add_labels = expanded_add_labels - expanded_delete_labels
clean_del_labels = expanded_delete_labels - expanded_add_labels
# Create final list using difference to only add new labels.
final_add_labels = clean_add_labels - current_labels
# Create final list using intersection to only remove existing labels.
final_del_labels = clean_del_labels & current_labels
if final_add_labels:
fd.AddLabels(*final_add_labels, owner="GRR")
if final_del_labels:
fd.RemoveLabels(*final_del_labels, owner="GRR")
fd.Close()
EPrint("Updated user %s" % username)
ShowUser(username, token=token)
events.Events.PublishEvent(
"Audit",
events.AuditEvent(
user=token.username, action="USER_UPDATE", urn=user_urn),
token=token)
