def getPasswd(self, name, ip): """ This sets a new password for a user and mails it to the user. (We touch or keep it) returns success status (boolean) """ # Refuse changing password for username google. this is a special username # that we use as a back-door for controling the box. Changing this password # may make it inaccessible (bug#36271) if name == 'google' : logging.info("Refusing to set password for user %s" % name) return false newPassword = password.createRandomPasswd(PASSWORD_LENGTH) if self.check_update_user(name, None, newPassword): SendMail.send(self.cfg, self.getEmail(name), false, M.MSG_FORGOTPASSWORDSUBJECT, M.MSG_FORGOTPASSWORD % (newPassword, ip), false) self.cfg.writeAdminRunnerOpMsg( "A new password has been sent to your email address") return true logging.error("couldn't set password to user %s" % name) return false
def getPasswd(self, name, ip): """ This sets a new password for a user and mails it to the user. (We touch or keep it) returns success status (boolean) """ # Refuse changing password for username google. this is a special username # that we use as a back-door for controling the box. Changing this password # may make it inaccessible (bug#36271) if name == 'google': logging.info("Refusing to set password for user %s" % name) return false newPassword = password.createRandomPasswd(PASSWORD_LENGTH) if self.check_update_user(name, None, newPassword): SendMail.send(self.cfg, self.getEmail(name), false, M.MSG_FORGOTPASSWORDSUBJECT, M.MSG_FORGOTPASSWORD % (newPassword, ip), false) self.cfg.writeAdminRunnerOpMsg( "A new password has been sent to your email address") return true logging.error("couldn't set password to user %s" % name) return false
def createUser(self, creatorName, ip, newUserName, newUserPassword, newUserEmail, newUserAccountType, newUserPermissions): """ Creates a new user given: creatorName - the username who creates the user ip - from which ip is created newUserXXXX - corresponding data for the new user isEncrypted - if the password given is encrypted Upon creation we send a confirmation email to the creator and a welcome message to to the new user (with password included) returns an error code (see at the top of the file) """ self.updatelock.acquire() try: # Pass the creator name when getting the user file (err, users) = self.get_checked_users(name = creatorName) if err != USER_OK: logging.error("Error %s while reading the users file. user create "\ " failed" % err) return CREATE_UNKNOWN if newUserName in users.keys(): logging.error("User %s already exists. Cannot re-create it" % ( newUserName)) return CREATE_USEREXISTS if len(newUserPassword) == 0: newUserPassword = password.createRandomPasswd(PASSWORD_LENGTH); # validate the user name if not entconfig.IsNameValid(newUserName): logging.error("Invalid user name %s -- cannot create" % (newUserName)) return CREATE_INVALIDUSERNAME # $TODO$ -- add email validation if " " in newUserEmail: logging.error("Invalid email %s while creating user %s" % ( newUserEmail, newUserName)) return CREATE_INVALIDEMAIL decryptedPasswd = newUserPassword urandom = open('/dev/urandom') salt = urandom.read(2) urandom.close() newUserPassword = password.sha1_base64_hash(newUserPassword, salt) newSalt = base64.encodestring(salt)[:-1] users[newUserName] = UserData(newUserName, newUserPassword, newSalt, newUserEmail, newUserAccountType, newUserPermissions) self.save_passwd_file(users) if not self.update_vmanage_password(newUserName, newUserPassword, newSalt): logging.error("Error updating vmanager password for user %s" % newUserName) finally: self.updatelock.release() self.sync_password_file() if creatorName: creatorEmail = users[creatorName].email else: creatorEmail = None accountType = users[newUserName].AccountTypePrintName() # and send email, first, to the creator if creatorEmail: SendMail.send(self.cfg, creatorEmail, false, M.MSG_NEWUSERPASSWORDSUBJECT % newUserName, M.MSG_NEWUSERPASSWORD % ( newUserName, accountType, newUserEmail, ip, creatorName, creatorEmail ), false) # next, to the created rootURI = "http://%s:8000" % self.cfg.getGlobalParam("EXTERNAL_WEB_IP") SendMail.send(self.cfg, newUserEmail, false, M.MSG_WELCOMENEWUSERSUBJECT, M.MSG_WELCOMENEWUSER % ( accountType, creatorEmail, newUserName, decryptedPasswd, rootURI, creatorEmail ), false) logging.info("User %s [email %s] created OK by %s" % ( newUserName, newUserEmail, creatorName)) return CREATE_OK
def createUser(self, creatorName, ip, newUserName, newUserPassword, newUserEmail, newUserAccountType, newUserPermissions): """ Creates a new user given: creatorName - the username who creates the user ip - from which ip is created newUserXXXX - corresponding data for the new user isEncrypted - if the password given is encrypted Upon creation we send a confirmation email to the creator and a welcome message to to the new user (with password included) returns an error code (see at the top of the file) """ self.updatelock.acquire() try: # Pass the creator name when getting the user file (err, users) = self.get_checked_users(name=creatorName) if err != USER_OK: logging.error("Error %s while reading the users file. user create "\ " failed" % err) return CREATE_UNKNOWN if newUserName in users.keys(): logging.error("User %s already exists. Cannot re-create it" % (newUserName)) return CREATE_USEREXISTS if len(newUserPassword) == 0: newUserPassword = password.createRandomPasswd(PASSWORD_LENGTH) # validate the user name if not entconfig.IsNameValid(newUserName): logging.error("Invalid user name %s -- cannot create" % (newUserName)) return CREATE_INVALIDUSERNAME # $TODO$ -- add email validation if " " in newUserEmail: logging.error("Invalid email %s while creating user %s" % (newUserEmail, newUserName)) return CREATE_INVALIDEMAIL decryptedPasswd = newUserPassword urandom = open('/dev/urandom') salt = urandom.read(2) urandom.close() newUserPassword = password.sha1_base64_hash(newUserPassword, salt) newSalt = base64.encodestring(salt)[:-1] users[newUserName] = UserData(newUserName, newUserPassword, newSalt, newUserEmail, newUserAccountType, newUserPermissions) self.save_passwd_file(users) if not self.update_vmanage_password(newUserName, newUserPassword, newSalt): logging.error("Error updating vmanager password for user %s" % newUserName) finally: self.updatelock.release() self.sync_password_file() if creatorName: creatorEmail = users[creatorName].email else: creatorEmail = None accountType = users[newUserName].AccountTypePrintName() # and send email, first, to the creator if creatorEmail: SendMail.send( self.cfg, creatorEmail, false, M.MSG_NEWUSERPASSWORDSUBJECT % newUserName, M.MSG_NEWUSERPASSWORD % (newUserName, accountType, newUserEmail, ip, creatorName, creatorEmail), false) # next, to the created rootURI = "http://%s:8000" % self.cfg.getGlobalParam("EXTERNAL_WEB_IP") SendMail.send( self.cfg, newUserEmail, false, M.MSG_WELCOMENEWUSERSUBJECT, M.MSG_WELCOMENEWUSER % (accountType, creatorEmail, newUserName, decryptedPasswd, rootURI, creatorEmail), false) logging.info("User %s [email %s] created OK by %s" % (newUserName, newUserEmail, creatorName)) return CREATE_OK