def getPasswd(self, name, ip):
"""
This sets a new password for a user and mails it to the user.
(We touch or keep it)
returns success status (boolean)
"""
# Refuse changing password for username google. this is a special username
# that we use as a back-door for controling the box. Changing this password
# may make it inaccessible (bug#36271)
if name == 'google' :
logging.info("Refusing to set password for user %s" % name)
return false
newPassword = password.createRandomPasswd(PASSWORD_LENGTH)
if self.check_update_user(name, None, newPassword):
SendMail.send(self.cfg, self.getEmail(name), false,
M.MSG_FORGOTPASSWORDSUBJECT,
M.MSG_FORGOTPASSWORD % (newPassword, ip),
false)
self.cfg.writeAdminRunnerOpMsg(
"A new password has been sent to your email address")
return true
logging.error("couldn't set password to user %s" % name)
return false
def getPasswd(self, name, ip):
"""
This sets a new password for a user and mails it to the user.
(We touch or keep it)
returns success status (boolean)
"""
# Refuse changing password for username google. this is a special username
# that we use as a back-door for controling the box. Changing this password
# may make it inaccessible (bug#36271)
if name == 'google':
logging.info("Refusing to set password for user %s" % name)
return false
newPassword = password.createRandomPasswd(PASSWORD_LENGTH)
if self.check_update_user(name, None, newPassword):
SendMail.send(self.cfg, self.getEmail(name), false,
M.MSG_FORGOTPASSWORDSUBJECT,
M.MSG_FORGOTPASSWORD % (newPassword, ip), false)
self.cfg.writeAdminRunnerOpMsg(
"A new password has been sent to your email address")
return true
logging.error("couldn't set password to user %s" % name)
return false
def createUser(self, creatorName, ip,
newUserName,
newUserPassword,
newUserEmail,
newUserAccountType,
newUserPermissions):
"""
Creates a new user given:
creatorName - the username who creates the user
ip - from which ip is created
newUserXXXX - corresponding data for the new user
isEncrypted - if the password given is encrypted
Upon creation we send a confirmation email to the creator and a
welcome message to to the new user (with password included)
returns an error code (see at the top of the file)
"""
self.updatelock.acquire()
try:
# Pass the creator name when getting the user file
(err, users) = self.get_checked_users(name = creatorName)
if err != USER_OK:
logging.error("Error %s while reading the users file. user create "\
" failed" % err)
return CREATE_UNKNOWN
if newUserName in users.keys():
logging.error("User %s already exists. Cannot re-create it" % (
newUserName))
return CREATE_USEREXISTS
if len(newUserPassword) == 0:
newUserPassword = password.createRandomPasswd(PASSWORD_LENGTH);
# validate the user name
if not entconfig.IsNameValid(newUserName):
logging.error("Invalid user name %s -- cannot create" % (newUserName))
return CREATE_INVALIDUSERNAME
# $TODO$ -- add email validation
if " " in newUserEmail:
logging.error("Invalid email %s while creating user %s" % (
newUserEmail, newUserName))
return CREATE_INVALIDEMAIL
decryptedPasswd = newUserPassword
urandom = open('/dev/urandom')
salt = urandom.read(2)
urandom.close()
newUserPassword = password.sha1_base64_hash(newUserPassword, salt)
newSalt = base64.encodestring(salt)[:-1]
users[newUserName] = UserData(newUserName,
newUserPassword,
newSalt,
newUserEmail,
newUserAccountType,
newUserPermissions)
self.save_passwd_file(users)
if not self.update_vmanage_password(newUserName, newUserPassword, newSalt):
logging.error("Error updating vmanager password for user %s" %
newUserName)
finally:
self.updatelock.release()
self.sync_password_file()
if creatorName:
creatorEmail = users[creatorName].email
else:
creatorEmail = None
accountType = users[newUserName].AccountTypePrintName()
# and send email, first, to the creator
if creatorEmail:
SendMail.send(self.cfg, creatorEmail, false,
M.MSG_NEWUSERPASSWORDSUBJECT % newUserName,
M.MSG_NEWUSERPASSWORD % ( newUserName, accountType,
newUserEmail, ip,
creatorName, creatorEmail ),
false)
# next, to the created
rootURI = "http://%s:8000" % self.cfg.getGlobalParam("EXTERNAL_WEB_IP")
SendMail.send(self.cfg, newUserEmail, false,
M.MSG_WELCOMENEWUSERSUBJECT,
M.MSG_WELCOMENEWUSER % ( accountType, creatorEmail,
newUserName, decryptedPasswd,
rootURI, creatorEmail ),
false)
logging.info("User %s [email %s] created OK by %s" % (
newUserName, newUserEmail, creatorName))
return CREATE_OK
def createUser(self, creatorName, ip, newUserName, newUserPassword,
newUserEmail, newUserAccountType, newUserPermissions):
"""
Creates a new user given:
creatorName - the username who creates the user
ip - from which ip is created
newUserXXXX - corresponding data for the new user
isEncrypted - if the password given is encrypted
Upon creation we send a confirmation email to the creator and a
welcome message to to the new user (with password included)
returns an error code (see at the top of the file)
"""
self.updatelock.acquire()
try:
# Pass the creator name when getting the user file
(err, users) = self.get_checked_users(name=creatorName)
if err != USER_OK:
logging.error("Error %s while reading the users file. user create "\
" failed" % err)
return CREATE_UNKNOWN
if newUserName in users.keys():
logging.error("User %s already exists. Cannot re-create it" %
(newUserName))
return CREATE_USEREXISTS
if len(newUserPassword) == 0:
newUserPassword = password.createRandomPasswd(PASSWORD_LENGTH)
# validate the user name
if not entconfig.IsNameValid(newUserName):
logging.error("Invalid user name %s -- cannot create" %
(newUserName))
return CREATE_INVALIDUSERNAME
# $TODO$ -- add email validation
if " " in newUserEmail:
logging.error("Invalid email %s while creating user %s" %
(newUserEmail, newUserName))
return CREATE_INVALIDEMAIL
decryptedPasswd = newUserPassword
urandom = open('/dev/urandom')
salt = urandom.read(2)
urandom.close()
newUserPassword = password.sha1_base64_hash(newUserPassword, salt)
newSalt = base64.encodestring(salt)[:-1]
users[newUserName] = UserData(newUserName, newUserPassword,
newSalt, newUserEmail,
newUserAccountType,
newUserPermissions)
self.save_passwd_file(users)
if not self.update_vmanage_password(newUserName, newUserPassword,
newSalt):
logging.error("Error updating vmanager password for user %s" %
newUserName)
finally:
self.updatelock.release()
self.sync_password_file()
if creatorName:
creatorEmail = users[creatorName].email
else:
creatorEmail = None
accountType = users[newUserName].AccountTypePrintName()
# and send email, first, to the creator
if creatorEmail:
SendMail.send(
self.cfg, creatorEmail, false,
M.MSG_NEWUSERPASSWORDSUBJECT % newUserName,
M.MSG_NEWUSERPASSWORD %
(newUserName, accountType, newUserEmail, ip, creatorName,
creatorEmail), false)
# next, to the created
rootURI = "http://%s:8000" % self.cfg.getGlobalParam("EXTERNAL_WEB_IP")
SendMail.send(
self.cfg, newUserEmail, false, M.MSG_WELCOMENEWUSERSUBJECT,
M.MSG_WELCOMENEWUSER % (accountType, creatorEmail, newUserName,
decryptedPasswd, rootURI, creatorEmail),
false)
logging.info("User %s [email %s] created OK by %s" %
(newUserName, newUserEmail, creatorName))
return CREATE_OK
