def chpasswd(self, user, password): wok_log.info("In UserModel.chpasswd method") if isinstance(user, unicode): user = user.encode('utf-8') if not isinstance(user, str) or not user.strip(): raise InvalidParameter('GINUSER0002E') if isinstance(password, unicode): password = password.encode('utf-8') if not isinstance(password, str) or not password.strip(): raise InvalidParameter('GINUSER0003E') adm = libuser.admin() user_obj = adm.lookupUserByName(user) if not user_obj: wok_log.error("User '%s' not found" % user) raise NotFoundError('GINUSER0011E', {'user': user}) try: adm.setpassUser(user_obj, password, False) # False flag indicates that password is not encrypted wok_log.info("Successfully changed password for user '%s'" % user) except Exception as e: err_msg = e.message if e.message else e wok_log.error("Failed to change password for user '%s'. " "Error: '%s'" % (user, err_msg)) raise OperationFailed( 'GINUSER0024E', {'user': user, 'err': err_msg}) wok_log.info("End of UserModel.chpasswd method")
def checkUserExists(self, username, root="/mnt/sysimage"): childpid = os.fork() if not childpid: if not root in ["","/"]: os.chroot(root) os.chdir("/") del(os.environ["LIBUSER_CONF"]) self.admin = libuser.admin() if self.admin.lookupUserByName(username): os._exit(0) else: os._exit(1) try: status = os.waitpid(childpid, 0)[1] except OSError as e: log.critical("exception from waitpid while creating a user: %s %s", e.errno, e.strerror) return False if os.WIFEXITED(status) and (os.WEXITSTATUS(status) == 0): return True else: return False
def delete_group(groupname): if not isinstance(groupname, str) or not groupname.strip(): raise InvalidParameter('GINUSER0012E', {'group': groupname}) adm = libuser.admin() group_id = int(get_group_gid(groupname)) if group_id <= 1000: wok_log.error('Ignoring deletion of system group "%s" with gid %s' % (groupname, group_id)) return group_obj = adm.lookupGroupById(group_id) if not group_obj: wok_log.error('Could not locate group "%s" with gid %s' % (groupname, group_id)) return if not adm.enumerateUsersByGroup(groupname): # groups prepend with '%' if '%' + groupname in get_sudoers(admin_check=False): raise OperationFailed('GINUSER0017E', {'group': groupname}) try: adm.deleteGroup(group_obj) except Exception as e: raise OperationFailed('GINUSER0029E', { 'group': groupname, 'err': e.__str__() })
def __init__(self): self.__bus = dbus.SystemBus() bus_name = dbus.service.BusName( "org.mandrivalinux.mcc2.Users", bus=self.__bus) dbus.service.Object.__init__( self, bus_name, "/org/mandrivalinux/mcc2/Users") self.__loop = gobject.MainLoop() self.__libuser = libuser.admin() self.__action = 'org.mandrivalinux.mcc2.auth_admin_keep' config = ConfigParser.ConfigParser() config.read('/usr/share/mandriva/config/mcc2.cfg') policy_level = config.get('policy', 'level') if policy_level == 'application': self.__action = 'org.mandrivalinux.mcc2.users.auth_admin_keep' if policy_level == 'method': self.__action = None
def get_users(exclude_system_users=True): if exclude_system_users: return [user.pw_name for user in pwd.getpwall() if user.pw_uid >= 1000] admin = libuser.admin() return admin.enumerateUsers()
def delete_group(groupname): wok_log.info('in delete_group(). group name: %s' % groupname) if not isinstance(groupname, str) or not groupname.strip(): wok_log.error('group name is not non-empty string. ' 'group name %s' % groupname) raise InvalidParameter('GINUSER0012E', {'group': groupname, 'err': 'see log for details'}) adm = libuser.admin() group_id = int(get_group_gid(groupname)) if group_id <= 1000: wok_log.error('Ignoring deletion of system group "%s" with gid %s' % (groupname, group_id)) return group_obj = adm.lookupGroupById(group_id) if not group_obj: wok_log.error('Could not locate group "%s" with gid %s' % (groupname, group_id)) return if not adm.enumerateUsersByGroup(groupname): # groups prepend with '%' if '%' + groupname in get_sudoers(admin_check=False): raise OperationFailed('GINUSER0017E', {'group': groupname}) try: adm.deleteGroup(group_obj) except Exception as e: raise OperationFailed('GINUSER0012E', {'group': groupname, 'err': e.__str__()}) wok_log.info('end of delete_group(). group name: %s' % groupname)
def delete(self, user): adm = libuser.admin() user_obj = adm.lookupUserByName(user) # Check if user exist if user_obj is None: kimchi_log.error('User "%s" does not exist', user) raise OperationFailed('GINUSER0011E', {'user': user}) group_obj = adm.lookupGroupById(int(user_obj.get('pw_gid')[0])) # Delete user with its home and mails too try: adm.deleteUser(user_obj, True, True) except Exception as e: kimchi_log.error('Could not delete user %s: %s', user, e) raise OperationFailed('GINUSER0010E', {'user': user}) # Handle user according to its profile self._delete_profile_settings(user) # Delete group if no users are assigned to it # It is not possible to delete user/group at same time if group_obj is None: msg = 'Group for user "%s" does not exist for removal' % user kimchi_log.warn(msg) raise OperationFailed('GINUSER0013E', {'user': user}) group = group_obj.get('gr_name')[0] if not adm.enumerateUsersByGroup(group): try: adm.deleteGroup(group_obj) except Exception as e: kimchi_log.error('Could not delete group "%s": %s', group, e) raise OperationFailed('GINUSER0012E', {'group': group})
def delete_user(username): """ method to delete user :param username: user name """ if not isinstance(username, str) or not username.strip(): raise InvalidParameter('GINUSER0010E', {'user': username}) if username in get_sudoers(admin_check=False): raise OperationFailed('GINUSER0016E', {'user': username}) adm = libuser.admin() user_obj = adm.lookupUserByName(username) if not user_obj: raise OperationFailed('GINUSER0011E', {'user': username}) groups = adm.enumerateGroupsByUser(username) for group in groups: # remove user from all groups remove_user_from_group(username, group) f = SUDOERS_FILE % username if os.path.isfile(f): try: os.unlink(f) except Exception as e: raise OperationFailed('GINUSER0013E', {'user': username}) try: adm.deleteUser(user_obj, True, True) except Exception as e: raise OperationFailed('GINUSER0031E', { 'user': username, 'err': e.__str__() })
def checkUserExists(self, username, root=None): childpid = os.fork() if root is not None: rootval = root else: rootval = iutil.getSysroot() if not childpid: if not rootval in ["", "/"]: os.chroot(rootval) os.chdir("/") del (os.environ["LIBUSER_CONF"]) self.admin = libuser.admin() try: if self.admin.lookupUserByName(username): os._exit(0) except Exception as e: log.critical("Error when searching for user: %s" % str(e)) os._exit(1) try: (pid, status) = os.waitpid(childpid, 0) except OSError as e: log.critical( "exception from waitpid while creating a user: %s %s" % (e.errno, e.strerror)) return False if os.WIFEXITED(status) and (os.WEXITSTATUS(status) == 0): return True else: return False
def remove_user_from_group(user, group): """ method to remove user from group :param user: user name :param group: group name """ if not isinstance(user, str) or not user.strip(): raise InvalidParameter('GINUSER0032E', {'user': user}) if not isinstance(group, str) or not group.strip(): raise InvalidParameter('GINUSER0027E', {'user': user, 'group': group}) try: adm = libuser.admin() grpobj = adm.lookupGroupByName(group) # Remove all ocurrences members = set(grpobj.get('gr_mem')) if user in members: members = set(grpobj.get('gr_mem')) - set([user]) grpobj.set('gr_mem', list(members)) adm.modifyGroup(grpobj) except Exception as e: raise OperationFailed('GINUSER0021E', { 'user': user, 'group': group, 'err': e.__str__() })
def remove_user_from_group(user, group): """ method to remove user from group :param user: user name :param group: group name """ wok_log.info('in remove_user_from_group() method') if not isinstance(user, str) or not user.strip(): wok_log.error('user name is not non-empty string. name: %s' % user) raise InvalidParameter('GINUSER0010E', {'user': user, 'err': 'see log for details'}) if not isinstance(group, str) or not group.strip(): wok_log.error('group name is not non-empty string. ' 'group name %s' % group) raise InvalidParameter('GINUSER0010E', {'user': user, 'err': 'see log for details'}) try: adm = libuser.admin() grpobj = adm.lookupGroupByName(group) # Remove all ocurrences members = set(grpobj.get('gr_mem')) if user in members: members = set(grpobj.get('gr_mem')) - set([user]) grpobj.set('gr_mem', list(members)) adm.modifyGroup(grpobj) except Exception as e: raise OperationFailed('GINUSER0021E', {'user': user, 'group': group, 'err': e.__str__()}) wok_log.info('end of remove_user_from_group() method')
def create(self, params): params = self._validate_create_params(params) username = params['name'] passwd = params['password'] profile = params['profile'] groupname = params['group'] no_login = params['no_login'] with RollbackContext() as rollback: adm = libuser.admin() if groupname: group_obj = adm.lookupGroupByName(groupname) if group_obj: group_id = group_obj.get('pw_gid')[0] else: group_id = create_group(groupname) rollback.prependDefer(delete_group, groupname) else: group_id = create_group(username) rollback.prependDefer(delete_group, username) create_user(username, passwd, group_id, no_login=no_login) rollback.prependDefer(delete_user, username) if profile == 'virtuser': self._add_user_to_kvm_group(username) if profile == 'admin': self._add_user_to_sudoers(username) rollback.commitAll() return username
def delete_user(username): """ method to delete user :param username: user name """ if not isinstance(username, str) or not username.strip(): raise InvalidParameter('GINUSER0010E', {'user': username}) if username in get_sudoers(admin_check=False): raise OperationFailed('GINUSER0016E', {'user': username}) adm = libuser.admin() user_obj = adm.lookupUserByName(username) if not user_obj: raise OperationFailed('GINUSER0011E', {'user': username}) groups = adm.enumerateGroupsByUser(username) for group in groups: # remove user from all groups remove_user_from_group(username, group) f = SUDOERS_FILE % username if os.path.isfile(f): try: os.unlink(f) except Exception as e: raise OperationFailed('GINUSER0013E', {'user': username}) try: adm.deleteUser(user_obj, True, True) except Exception as e: raise OperationFailed('GINUSER0010E', {'user': username, 'err': e.__str__()})
def create_group(groupname): """ method to create user group :param groupname: non-empty string :return: group id(gid) """ wok_log.info('in create_group() method. group name: %s' % groupname) if not isinstance(groupname, str) or not groupname.strip(): wok_log.error('group name is not non-empty string. ' 'group name %s' % groupname) raise InvalidParameter('GINUSER0014E', {'group': groupname, 'err': 'see log for details'}) adm = libuser.admin() if adm.lookupGroupByName(groupname): raise OperationFailed('GINUSER0018E', {'group': groupname}) try: new_group = adm.initGroup(groupname) if new_group[libuser.GIDNUMBER][0] < 1000: new_group.set(libuser.GIDNUMBER, adm.getFirstUnusedGid(1000)) adm.addGroup(new_group) wok_log.info('successfully created group. group name: %s.' % groupname) return new_group[libuser.GIDNUMBER][0] except Exception as e: raise OperationFailed('GINUSER0014E', {'group': groupname, 'err': e})
def create_user(name, plain_passwd, gid, no_login=False): """ method to create user :param name: user name :param plain_passwd: password for user :param gid: primary group id for user :param no_login: True/False for log in shell """ if not isinstance(name, str) or not name.strip(): raise InvalidParameter('GINUSER0009E', {'user': name}) if not type(gid) in [int, int]: raise InvalidParameter('GINUSER0025E', {'user': name, 'gid': gid}) if not isinstance(no_login, bool): raise InvalidParameter('GINUSER0026E', { 'user': name, 'no_login': no_login }) adm = libuser.admin() if adm.lookupUserByName(name): raise OperationFailed('GINUSER0008E', {'user': name}) if not adm.lookupGroupById(gid): raise OperationFailed('GINUSER0030E', { 'user': name, 'err': "group with id %s doesn't exist" % gid }) try: new_user = adm.initUser(name) # Ensure user is normal and not system user if new_user[libuser.UIDNUMBER][0] < 1000: new_user.set(libuser.UIDNUMBER, adm.getFirstUnusedUid(1000)) new_user.set(libuser.GIDNUMBER, gid) if no_login: new_user[libuser.LOGINSHELL] = '/sbin/nologin' adm.addUser(new_user) # Setting user password. Crypt in Python 3.3 and some 2.7 backports # bring mksalt function, so, use it or use our self salt generator # Creates strongest encryption (SHA512 + 16 bytes SALT) if hasattr(crypt, "mksalt"): salt = crypt.mksalt(crypt.METHOD_SHA512) else: salt = gen_salt() enc_pwd = crypt.crypt(plain_passwd, salt) adm.setpassUser(new_user, enc_pwd, True) except UnicodeEncodeError as ue: err_msg = ue.message if ue.message else 'Username / password \ has NON - ASCII charater' raise OperationFailed('GINUSER0030E', {'user': name, 'err': err_msg}) except Exception as e: err_msg = e.message if e.message else e raise OperationFailed('GINUSER0030E', {'user': name, 'err': err_msg})
def __init__(self): ConfigScreen.__init__(self, "Create A User Account") self.__username = None self.__password = None self.__confirm = None self.__adminuser = None self.__useradmin = libuser.admin() self.__user_worker = UserWorker()
def get_group_gid(groupname): adm = libuser.admin() if isinstance(groupname, unicode): groupname = groupname.encode('utf-8') group = adm.lookupGroupByName(groupname) if group is None: return None return group.get('pw_gid')[0]
def get_users_from_group(groupname): adm = libuser.admin() if isinstance(groupname, str): groupname = groupname.encode('utf-8') group_obj = adm.lookupGroupById(int(get_group_gid(groupname))) if group_obj is not None: return adm.enumerateUsersByGroup(groupname) return None
def __init__(self): Module.__init__(self) self.priority = 10000 self.sidebarTitle = N_("Create Service VMs") self.title = N_("Create Service VMs") self.icon = "qubes.png" self.admin = libuser.admin() self.default_template = 'fedora-21'
def get_users_from_group(groupname): adm = libuser.admin() group_obj = adm.lookupGroupById( int(get_group_gid(groupname)) ) if group_obj is not None: return adm.enumerateUsersByGroup(groupname) return None
def __init__(self): Module.__init__(self) self.priority = 102 self.sidebarTitle = _("Root User") self.title = _("Root User Settings") self.icon = "smolt.png" self.admin = libuser.admin()
def set_password(password, user): admin = libuser.admin() root = admin.lookupUserByName(user) passwd = cryptPassword(password) unmount_config("/etc/shadow") admin.setpassUser(root, passwd, "is_crypted") ovirt_store_config("/etc/shadow") return True
def get_group_gid(groupname): adm = libuser.admin() if isinstance(groupname, str): groupname = groupname.encode('utf-8') group = adm.lookupGroupByName(groupname) if group is None: return None return group.get('pw_gid')[0]
def set_password(password, user): admin = libuser.admin() root = admin.lookupUserByName(user) passwd = cryptPassword(password) _functions.unmount_config("/etc/shadow") admin.setpassUser(root, passwd, "is_crypted") _functions.ovirt_store_config("/etc/shadow") return True
def create_group(groupname): adm = libuser.admin() group = adm.lookupGroupByName(groupname) if not group: new_group = adm.initGroup(groupname) gid = new_group[libuser.GIDNUMBER] adm.addGroup(new_group) return gid[0] return group.get('pw_gid')[0]
def __init__(self): Module.__init__(self) self.priority = 10000 self.sidebarTitle = N_("Create VMs") self.title = N_("Create VMs") self.icon = "qubes.png" self.admin = libuser.admin() self.default_template = 'fedora-23' self.choices = []
def add_user(self, username, uid, gid, name, surname, homedir, project): newuser = libuser.admin().initUser(username) newuser[libuser.UIDNUMBER] = long(uid) newuser[libuser.GIDNUMBER] = long(gid) newuser[libuser.HOMEDIRECTORY] = [homedir] self.set_user_comment(newuser, name, surname, project) try: ret = libuser.admin().addUser(newuser, False, True) except RuntimeError as excp: if 'entry already present' in excp.message: # silent about it return None else: self.logger.warning(excp) return False return ret
def create_group(groupname, gid): adm = libuser.admin() group = adm.lookupGroupByName(groupname) if not group: new_group = adm.initGroup(groupname) new_group.set(libuser.GIDNUMBER, gid) adm.addGroup(new_group) return gid else: return group.get('pw_gid')[0]
def get_users_from_group(groupname): adm = libuser.admin() if isinstance(groupname, unicode): groupname = groupname.encode('utf-8') group_obj = adm.lookupGroupById( int(get_group_gid(groupname)) ) if group_obj is not None: return adm.enumerateUsersByGroup(groupname) return None
def __init__ (self, anaconda): self.anaconda = anaconda self.admin = libuser.admin() self.rootPassword = { "isCrypted": False, "password": "", "lock": False } # dict composed by username as key # 'fullname' => full name # 'password' => password # 'groups' => list of groups # 'group' => main group self.otherUsers = {}
def create_user(name, plain_passwd, gid, no_login=False): """ method to create user :param name: user name :param plain_passwd: password for user :param gid: primary group id for user :param no_login: True/False for log in shell """ if not isinstance(name, str) or not name.strip(): raise InvalidParameter('GINUSER0009E', {'user': name}) if not type(gid) in [int, long]: raise InvalidParameter('GINUSER0025E', {'user': name, 'gid': gid}) if not isinstance(no_login, bool): raise InvalidParameter('GINUSER0026E', {'user': name, 'no_login': no_login}) adm = libuser.admin() if adm.lookupUserByName(name): raise OperationFailed('GINUSER0008E', {'user': name}) if not adm.lookupGroupById(gid): raise OperationFailed( 'GINUSER0009E', {'user': name, 'err': "group with id %s doesn't exist" % gid}) try: new_user = adm.initUser(name) # Ensure user is normal and not system user if new_user[libuser.UIDNUMBER][0] < 1000: new_user.set(libuser.UIDNUMBER, adm.getFirstUnusedUid(1000)) new_user.set(libuser.GIDNUMBER, gid) if no_login: new_user[libuser.LOGINSHELL] = '/sbin/nologin' adm.addUser(new_user) # Setting user password. Crypt in Python 3.3 and some 2.7 backports # bring mksalt function, so, use it or use our self salt generator # Creates strongest encryption (SHA512 + 16 bytes SALT) if hasattr(crypt, "mksalt"): salt = crypt.mksalt(crypt.METHOD_SHA512) else: salt = gen_salt() enc_pwd = crypt.crypt(plain_passwd, salt) adm.setpassUser(new_user, enc_pwd, True) except UnicodeEncodeError as ue: err_msg = ue.message if ue.message else 'Username / password \ has NON - ASCII charater' raise OperationFailed('GINUSER0009E', {'user': name, 'err': err_msg}) except Exception as e: err_msg = e.message if e.message else e raise OperationFailed('GINUSER0009E', {'user': name, 'err': err_msg})
def _get_user_profile(self, user): # ADMIN: Check /etc/sudoers.d if os.path.isfile(SUDOERS_FILE % user): return 'admin' # VIRTUSER: Check kvm group adm = libuser.admin() kvmgrp = adm.lookupGroupByName('kvm') if user in kvmgrp.get('gr_mem'): return 'virtuser' # KIMCHIUSER: If not any before return 'kimchiuser'
def _add_user_to_kvm_group(self, user): # Add new user to KVM group if not isinstance(user, str) or not user.strip(): raise InvalidParameter('GINUSER0009E', {'user': user}) adm = libuser.admin() kvmgrp = get_group_obj('kvm') if isinstance(user, str): user = user.encode('utf-8') kvmgrp.add('gr_mem', user) ret = adm.modifyGroup(kvmgrp) if ret != 1: raise OperationFailed('GINUSER0006E', {'user': user})
def _add_user_to_kvm_group(self, user): # Add new user to KVM group adm = libuser.admin() kvmgrp = get_group_obj('kvm') kvmgrp.add('gr_mem', user) ret = adm.modifyGroup(kvmgrp) if ret != 1: UserModel().delete(user) msg = ('Could not add user %s to kvm group. Operation failed.' % user) wok_log.error(msg) raise OperationFailed('GINUSER0006E', {'user': user})
def delete_user(username): adm = libuser.admin() user_obj = adm.lookupUserByName(username) if user_obj is None: kimchi_log.error('User "%s" does not exist', username) raise OperationFailed('GINUSER0011E', {'user': username}) try: adm.deleteUser(user_obj, True, True) except Exception as e: kimchi_log.error('Could not delete user %s: %s', username, e) raise OperationFailed('GINUSER0010E', {'user': username})
def _add_user_to_kvm_group(self, user): # Add new user to KVM group adm = libuser.admin() kvmgrp = get_group_obj('kvm') kvmgrp.add('gr_mem', user) ret = adm.modifyGroup(kvmgrp) if ret != 1: UserModel().delete(user) msg = ('Could not add user %s to kvm group. Operation failed.' % user) kimchi_log.error(msg) raise OperationFailed('GINUSER0006E', {'user': user})
def delete_user(username): adm = libuser.admin() user_obj = adm.lookupUserByName(username) if user_obj is None: wok_log.error('User "%s" does not exist', username) raise OperationFailed('GINUSER0011E', {'user': username}) try: adm.deleteUser(user_obj, True, True) except Exception as e: wok_log.error('Could not delete user %s: %s', username, e) raise OperationFailed('GINUSER0010E', {'user': username})
def _add_user_to_kvm_group(self, user): # Add new user to KVM group if not isinstance(user, str) or not user.strip(): raise InvalidParameter('GINUSER0009E', {'user': user}) adm = libuser.admin() kvmgrp = get_group_obj('kvm') if isinstance(user, unicode): user = user.encode('utf-8') kvmgrp.add('gr_mem', user) ret = adm.modifyGroup(kvmgrp) if ret != 1: raise OperationFailed('GINUSER0006E', {'user': user})
def __init__(self): Module.__init__(self) self.priority = 90 self.sidebarTitle = N_("Create User") self.title = N_("Create User") self.icon = "create-user.png" self.admin = libuser.admin() self.nisFlag = None self._problemFiles = [] self._count = 0
def setUserPassword(self, username, password, isCrypted, lock, algo=None, root=None): childpid = os.fork() if root is not None: rootval = root else: rootval = iutil.getSysroot() if not childpid: if not rootval in ["", "/"]: os.chroot(rootval) os.chdir("/") del (os.environ["LIBUSER_CONF"]) self.admin = libuser.admin() try: user = self.admin.lookupUserByName(username) if isCrypted: self.admin.setpassUser(user, password, True) else: self.admin.setpassUser(user, cryptPassword(password, algo=algo), True) if lock: self.admin.lockUser(user) self.admin.modifyUser(user) os._exit(0) except Exception as e: log.critical("Error when setting user password: %s" % str(e)) os._exit(1) try: (pid, status) = os.waitpid(childpid, 0) except OSError as e: log.critical( "exception from waitpid while creating a user: %s %s" % (e.errno, e.strerror)) return False if os.WIFEXITED(status) and (os.WEXITSTATUS(status) == 0): return True else: return False
def delete_group(groupname): adm = libuser.admin() group_obj = adm.lookupGroupById(int(get_group_gid(groupname))) if group_obj is None: wok_log.error('Could not delete group "%s"', groupname) raise OperationFailed('GINUSER0012E', {'group': groupname}) if not adm.enumerateUsersByGroup(groupname): try: adm.deleteGroup(group_obj) except Exception as e: wok_log.error('Could not delete group "%s": %s', groupname, e) raise OperationFailed('GINUSER0012E', {'group': groupname})
def set_password(password, user): admin = libuser.admin() root = admin.lookupUserByName(user) passwd = cryptPassword(password) try: _functions.unmount_config("/etc/shadow") _functions.unmount_config("/etc/passwd") admin.setpassUser(root, passwd, "is_crypted") except: raise finally: _functions.ovirt_store_config("/etc/shadow") _functions.ovirt_store_config("/etc/passwd") return True
def createGroup(self, group_name, **kwargs): """Create a new user on the system with the given name. Optional kwargs: gid -- The GID for the new user. If none is given, the next available one is used. root -- The directory of the system to create the new user in. homedir will be interpreted relative to this. Defaults to /mnt/sysimage. """ childpid = os.fork() root = kwargs.get("root", ROOT_PATH) if not childpid: if not root in ["", "/"]: os.chroot(root) os.chdir("/") del (os.environ["LIBUSER_CONF"]) self.admin = libuser.admin() if self.admin.lookupGroupByName(group_name): log.error("Group %s already exists, not creating.", group_name) os._exit(1) groupEnt = self.admin.initGroup(group_name) if kwargs.get("gid", -1) >= 0: groupEnt.set(libuser.GIDNUMBER, kwargs["gid"]) try: self.admin.addGroup(groupEnt) except RuntimeError as e: log.critical("Error when creating new group: %s", e) os._exit(1) os._exit(0) try: status = os.waitpid(childpid, 0)[1] except OSError as e: log.critical( "exception from waitpid while creating a group: %s %s", e.errno, e.strerror) return False if os.WIFEXITED(status) and (os.WEXITSTATUS(status) == 0): return True else: return False
def _add_user_to_kvm_group(self, user): # Add new user to KVM group if not isinstance(user, str) or not user.strip(): wok_log.error('username is not non-empty string. name: %s' % user) raise InvalidParameter('GINUSER0009E', {'user': user, 'err': 'see log for details'}) adm = libuser.admin() kvmgrp = get_group_obj('kvm') if isinstance(user, unicode): user = user.encode('utf-8') kvmgrp.add('gr_mem', user) ret = adm.modifyGroup(kvmgrp) if ret != 1: raise OperationFailed('GINUSER0006E', {'user': user})
def createGroup (self, group_name, **kwargs): """Create a new user on the system with the given name. Optional kwargs: gid -- The GID for the new user. If none is given, the next available one is used. root -- The directory of the system to create the new user in. homedir will be interpreted relative to this. Defaults to /mnt/sysimage. """ childpid = os.fork() root = kwargs.get("root", "/mnt/sysimage") if not childpid: if not root in ["","/"]: os.chroot(root) os.chdir("/") del(os.environ["LIBUSER_CONF"]) self.admin = libuser.admin() if self.admin.lookupGroupByName(group_name): log.error("Group %s already exists, not creating.", group_name) os._exit(1) groupEnt = self.admin.initGroup(group_name) if kwargs.get("gid", -1) >= 0: groupEnt.set(libuser.GIDNUMBER, kwargs["gid"]) try: self.admin.addGroup(groupEnt) except RuntimeError as e: log.critical("Error when creating new group: %s", e) os._exit(1) os._exit(0) try: status = os.waitpid(childpid, 0)[1] except OSError as e: log.critical("exception from waitpid while creating a group: %s %s", e.errno, e.strerror) return False if os.WIFEXITED(status) and (os.WEXITSTATUS(status) == 0): return True else: return False
def _prepareChroot(self, root): # Unfortunately libuser doesn't have an API to operate on a # chroot, so we hack it here by forking a child and calling # chroot() in that child's context. childpid = os.fork() if not childpid: if not root in ["", "/"]: os.chroot(root) os.chdir("/") # This is ok because it's after a fork del (os.environ["LIBUSER_CONF"]) # pylint: disable=environment-modify self.admin = libuser.admin() return childpid
def _prepareChroot(self, root): # Unfortunately libuser doesn't have an API to operate on a # chroot, so we hack it here by forking a child and calling # chroot() in that child's context. childpid = os.fork() if not childpid: if not root in ["", "/"]: os.chroot(root) os.chdir("/") # This is ok because it's after a fork del(os.environ["LIBUSER_CONF"]) # pylint: disable=environment-modify self.admin = libuser.admin() return childpid
def checkUserExists(self, username, root="/mnt/sysimage"): childpid = os.fork() if not childpid: if not root in ["","/"]: os.chroot(root) del(os.environ["LIBUSER_CONF"]) self.admin = libuser.admin() try: if self.admin.lookupUserByName(username): os._exit(0) except Exception, e: log.critical("Error when searching for user: %s" % str(e)) os._exit(1)
def _get_user_profile(self, user): # ADMIN: Check /etc/sudoers.d adm = libuser.admin() if os.path.isfile(SUDOERS_FILE % user): return 'admin' else: wheelgrp = adm.lookupGroupByName('wheel') if wheelgrp is not None and user in wheelgrp.get('gr_mem'): return 'admin' sudogrp = adm.lookupGroupByName('sudo') if sudogrp is not None and user in sudogrp.get('gr_mem'): return 'admin' # VIRTUSER: Check kvm group kvmgrp = adm.lookupGroupByName('kvm') if user in kvmgrp.get('gr_mem'): return 'virtuser' # KIMCHIUSER: If not any before return 'kimchiuser'