def auth_update(self, conn, users_id, raw_password): """ Re-calculate user's encrypted password. Update new password, salt, hash_algorithm, hash_iteration_count into database. """ auth_token, result = encrypt_password(raw_password) db_utils.update(conn, 'users', values=result, where={'id': users_id}) return auth_token
def get_push_system_user_tasks(system_user): # Set root as system user is dangerous if system_user.username == "root": return [] tasks = [] if system_user.password: tasks.append({ 'name': 'Add user {}'.format(system_user.username), 'action': { 'module': 'user', 'args': 'name={} shell={} state=present password={}'.format( system_user.username, system_user.shell, encrypt_password(system_user.password, salt="K3mIlKK"), ), } }) tasks.extend([ { 'name': 'Check home dir exists', 'action': { 'module': 'stat', 'args': 'path=/home/{}'.format(system_user.username) }, 'register': 'home_existed' }, { 'name': "Set home dir permission", 'action': { 'module': 'file', 'args': "path=/home/{0} owner={0} group={0} mode=700".format(system_user.username) }, 'when': 'home_existed.stat.exists == true' } ]) if system_user.public_key: tasks.append({ 'name': 'Set {} authorized key'.format(system_user.username), 'action': { 'module': 'authorized_key', 'args': "user={} state=present key='{}'".format( system_user.username, system_user.public_key ) } }) if system_user.sudo: tasks.append({ 'name': 'Set {} sudo setting'.format(system_user.username), 'action': { 'module': 'lineinfile', 'args': "dest=/etc/sudoers state=present regexp='^{0} ALL=' " "line='{0} ALL=(ALL) NOPASSWD: {1}' " "validate='visudo -cf %s'".format( system_user.username, system_user.sudo, ) } }) return tasks
def get_push_system_user_tasks(system_user): # Set root as system user is dangerous if system_user.username == "root": return [] tasks = [] if system_user.password: tasks.append({ 'name': 'Add user {}'.format(system_user.username), 'action': { 'module': 'user', 'args': 'name={} shell={} state=present password={}'.format( system_user.username, system_user.shell, encrypt_password(system_user.password, salt="K3mIlKK"), ), } }) if system_user.public_key: tasks.append({ 'name': 'Set {} authorized key'.format(system_user.username), 'action': { 'module': 'authorized_key', 'args': "user={} state=present key='{}'".format( system_user.username, system_user.public_key) } }) if system_user.sudo: tasks.append({ 'name': 'Set {} sudo setting'.format(system_user.username), 'action': { 'module': 'lineinfile', 'args': "dest=/etc/sudoers state=present regexp='^{0} ALL=' " "line='{0} ALL=(ALL) NOPASSWD: {1}' " "validate='visudo -cf %s'".format( system_user.username, system_user.sudo, ) } }) return tasks
def get_push_system_user_tasks(system_user): # Set root as system user is dangerous if system_user.username == "root": return [] tasks = [] if system_user.password: tasks.append({ 'name': 'Add user {}'.format(system_user.username), 'action': { 'module': 'user', 'args': 'name={} shell={} state=present password={}'.format( system_user.username, system_user.shell, encrypt_password(system_user.password, salt="K3mIlKK"), ), } }) if system_user.public_key: tasks.append({ 'name': 'Set {} authorized key'.format(system_user.username), 'action': { 'module': 'authorized_key', 'args': "user={} state=present key='{}'".format( system_user.username, system_user.public_key ) } }) if system_user.sudo: tasks.append({ 'name': 'Set {} sudo setting'.format(system_user.username), 'action': { 'module': 'lineinfile', 'args': "dest=/etc/sudoers state=present regexp='^{0} ALL=' " "line='{0} ALL=(ALL) NOPASSWD: {1}' " "validate='visudo -cf %s'".format( system_user.username, system_user.sudo, ) } }) return tasks
def push_users(self, assets, users): """ user: { name: 'web', username: '******', shell: '/bin/bash', password: '******', public_key: 'string', sudo: '/bin/whoami,/sbin/ifconfig' } """ if isinstance(users, dict): users = [users] if isinstance(assets, dict): assets = [assets] task_tuple = [] for user in users: # 添加用户, 设置公钥, 设置sudo task_tuple.extend([ ('user', 'name={} shell={} state=present password={}'.format( user['username'], user.get('shell', '/bin/bash'), encrypt_password(user.get('password', None)))), ('authorized_key', "user={} state=present key='{}'".format(user['username'], user['public_key'])), ('lineinfile', "dest=/etc/sudoers state=present regexp='^{0} ALL=' " "line='{0} ALL=(ALL) NOPASSWD: {1}' " "validate='visudo -cf %s'".format( user['username'], user.get('sudo', '/sbin/ifconfig'))) ]) task_name = 'Push user {}'.format(','.join( [user['name'] for user in users])) task = run_AdHoc(task_tuple, assets, pattern='all', task_name=task_name, task_id=self.request.id) return task
def get_push_linux_system_user_tasks(system_user): tasks = [{ 'name': 'Add user {}'.format(system_user.username), 'action': { 'module': 'user', 'args': 'name={} shell={} state=present'.format( system_user.username, system_user.shell, ), } }, { 'name': 'Add group {}'.format(system_user.username), 'action': { 'module': 'group', 'args': 'name={} state=present'.format(system_user.username, ), } }, { 'name': 'Check home dir exists', 'action': { 'module': 'stat', 'args': 'path=/home/{}'.format(system_user.username) }, 'register': 'home_existed' }, { 'name': "Set home dir permission", 'action': { 'module': 'file', 'args': "path=/home/{0} owner={0} group={0} mode=700".format( system_user.username) }, 'when': 'home_existed.stat.exists == true' }] if system_user.password: tasks.append({ 'name': 'Set {} password'.format(system_user.username), 'action': { 'module': 'user', 'args': 'name={} shell={} state=present password={}'.format( system_user.username, system_user.shell, encrypt_password(system_user.password, salt="K3mIlKK"), ), } }) if system_user.public_key: tasks.append({ 'name': 'Set {} authorized key'.format(system_user.username), 'action': { 'module': 'authorized_key', 'args': "user={} state=present key='{}'".format( system_user.username, system_user.public_key) } }) if system_user.sudo: sudo = system_user.sudo.replace('\r\n', '\n').replace('\r', '\n') sudo_list = sudo.split('\n') sudo_tmp = [] for s in sudo_list: sudo_tmp.append(s.strip(',')) sudo = ','.join(sudo_tmp) tasks.append({ 'name': 'Set {} sudo setting'.format(system_user.username), 'action': { 'module': 'lineinfile', 'args': "dest=/etc/sudoers state=present regexp='^{0} ALL=' " "line='{0} ALL=(ALL) NOPASSWD: {1}' " "validate='visudo -cf %s'".format( system_user.username, sudo, ) } }) return tasks
def get_push_unixlike_system_user_tasks(system_user, username=None): comment = system_user.name if username is None: username = system_user.username if system_user.username_same_with_user: from users.models import User user = User.objects.filter(username=username).only('name', 'username').first() if user: comment = f'{system_user.name}[{str(user)}]' password = system_user.password public_key = system_user.public_key groups = _split_by_comma(system_user.system_groups) if groups: groups = '"%s"' % ','.join(groups) add_user_args = { 'name': username, 'shell': system_user.shell or Empty, 'state': 'present', 'home': system_user.home or Empty, 'expires': -1, 'groups': groups or Empty, 'comment': comment } tasks = [{ 'name': 'Add user {}'.format(username), 'action': { 'module': 'user', 'args': _dump_args(add_user_args), } }, { 'name': 'Add group {}'.format(username), 'action': { 'module': 'group', 'args': 'name={} state=present'.format(username), } }] if not system_user.home: tasks.extend([{ 'name': 'Check home dir exists', 'action': { 'module': 'stat', 'args': 'path=/home/{}'.format(username) }, 'register': 'home_existed' }, { 'name': "Set home dir permission", 'action': { 'module': 'file', 'args': "path=/home/{0} owner={0} group={0} mode=700".format(username) }, 'when': 'home_existed.stat.exists == true' }]) if password: tasks.append({ 'name': 'Set {} password'.format(username), 'action': { 'module': 'user', 'args': 'name={} shell={} state=present password={}'.format( username, system_user.shell, encrypt_password(password, salt="K3mIlKK"), ), } }) if public_key: tasks.append({ 'name': 'Set {} authorized key'.format(username), 'action': { 'module': 'authorized_key', 'args': "user={} state=present key='{}'".format(username, public_key) } }) if system_user.sudo: sudo = system_user.sudo.replace('\r\n', '\n').replace('\r', '\n') sudo_list = sudo.split('\n') sudo_tmp = [] for s in sudo_list: sudo_tmp.append(s.strip(',')) sudo = ','.join(sudo_tmp) tasks.append({ 'name': 'Set {} sudo setting'.format(username), 'action': { 'module': 'lineinfile', 'args': "dest=/etc/sudoers state=present regexp='^{0} ALL=' " "line='{0} ALL=(ALL) NOPASSWD: {1}' " "validate='visudo -cf %s'".format(username, sudo) } }) return tasks
def get_push_system_user_tasks(system_user): # Set root as system user is dangerous if system_user.username == "root": return [] tasks = [] if system_user.password: tasks.append({ 'name': 'Add user {}'.format(system_user.username), 'action': { 'module': 'user', 'args': 'name={} shell={} state=present password={}'.format( system_user.username, system_user.shell, encrypt_password(system_user.password, salt="K3mIlKK"), ), } }) tasks.extend([ { 'name': 'Check home dir exists', 'action': { 'module': 'stat', 'args': 'path=/home/{}'.format(system_user.username) }, 'register': 'home_existed' }, { 'name': "Set home dir permission", 'action': { 'module': 'file', 'args': "path=/home/{0} owner={0} group={0} mode=700".format(system_user.username) }, 'when': 'home_existed.stat.exists == true' } ]) if system_user.public_key: tasks.append({ 'name': 'Set {} authorized key'.format(system_user.username), 'action': { 'module': 'authorized_key', 'args': "user={} state=present key='{}'".format( system_user.username, system_user.public_key ) } }) if system_user.sudo: sudo = system_user.sudo.replace('\r\n', '\n').replace('\r', '\n') sudo_list = sudo.split('\n') sudo_tmp = [] for s in sudo_list: sudo_tmp.append(s.strip(',')) sudo = ','.join(sudo_tmp) tasks.append({ 'name': 'Set {} sudo setting'.format(system_user.username), 'action': { 'module': 'lineinfile', 'args': "dest=/etc/sudoers state=present regexp='^{0} ALL=' " "line='{0} ALL=(ALL) NOPASSWD: {1}' " "validate='visudo -cf %s'".format( system_user.username, sudo, ) } }) return tasks
def get_push_system_user_tasks(system_user): # Set root as system user is dangerous if system_user.username == "root": return [] tasks = [] if system_user.password: tasks.append({ 'name': 'Add user {}'.format(system_user.username), 'action': { 'module': 'user', 'args': 'name={} shell={} state=present password={}'.format( system_user.username, system_user.shell, encrypt_password(system_user.password, salt="K3mIlKK"), ), } }) if system_user.public_key: tasks.append({ 'name': 'Set {} authorized key'.format(system_user.username), 'action': { 'module': 'authorized_key', 'args': "user={} state=present key='{}'".format( system_user.username, system_user.public_key) } }) if system_user.sudo: tasks.append({ 'name': 'Set {} sudo setting'.format(system_user.username), 'action': { 'module': 'lineinfile', 'args': "dest=/etc/sudoers state=present insertafter='includedir' regexp='^{0} ALL=' " # {0} should be username # {1} should be something like this ALL=(ALL:ALL) NOPASSWD: /bin/whoami,/bin/ls "line='{0} {1}' " "validate='visudo -cf %s'".format( system_user.username, system_user.sudo, ) } }) if system_user.rootsudo: tasks.append({ 'name': 'Set {} root sudo setting'.format(system_user.username), 'action': { 'module': 'lineinfile', 'args': "dest=/etc/sudoers state=present insertafter='includedir' regexp='^{0} ALL=\(root\)' " # {0} should be username # {1} should be something like this ALL=(root) NOPASSWD:/usr/sbin/nginx,/usr/sbin/iptables "line='{0} {1}' " "validate='visudo -cf %s'".format( system_user.username, system_user.rootsudo, ) } }) if system_user.bashrc_snippet: tasks.append({ 'name': 'Create /home/{0}/.lc_bashrc_snippet.bashrc file '.format(system_user.username), 'action': { 'module': 'copy', 'args': "dest=/home/{0}/.lc_bashrc_snippet.bashrc content='{1}' force=yes mode='0600' owner='{0}' group='{0}'" # {0} should be username # {1} should be bashrc_snippet .format(system_user.username, system_user.bashrc_snippet) } }) tasks.append({ 'name': 'Make sure .lc_bashrc_snippet.bashrc will always be sourced in /home/{0}/.bashrc ' .format(system_user.username), 'action': { 'module': 'lineinfile', 'args': "dest=/home/{0}/.bashrc state=present regexp='^. /home/{0}/.lc_bashrc_snippet.bashrc$' " # {0} should be username "line='. /home/{0}/.lc_bashrc_snippet.bashrc' ".format( system_user.username) } }) return tasks
def _update_password(self, conn, email, raw_password): _, result = encrypt_password(raw_password) db_utils.update(conn, "users", values=result, where={'email': email})
def insert(self, conn, email, raw_password): _, result = encrypt_password(raw_password) values = {"email": email} values.update(result) return db_utils.insert(conn, "users", values=values)