def test_errors(self, mock_spawn):
mock_spawn.return_value.before.decode.return_value = (
'kadmin: kadm5_create_principal: Principal already exists')
with pytest.raises(ValueError):
create_kerberos_principal_with_keytab(
'ggroup',
'/some/keytab',
'create/admin',
)
def test_errors(self, mock_spawn):
mock_spawn.return_value.before.decode.return_value = (
'kadmin: kadm5_create_principal: Principal already exists'
)
with pytest.raises(ValueError):
create_kerberos_principal_with_keytab(
'ggroup',
'/some/keytab',
'create/admin',
)
def create_account(request, creds, report_status):
"""Create an account as idempotently as possible.""" # TODO: docstring
# TODO: check if kerberos principal already exists; skip this if so
with report_status('Creating', 'Created', 'Kerberos keytab'):
create_kerberos_principal_with_keytab(
request.user_name,
creds.kerberos_keytab,
creds.kerberos_principal,
password=decrypt_password(
request.encrypted_password,
RSA.importKey(open(creds.encryption_key).read()),
),
)
# TODO: check if LDAP entry already exists; skip this if so
with report_status('Finding', 'Found', 'first available UID'):
new_uid = _get_first_available_uid()
dn = utils.dn_for_username(request.user_name)
attrs = {
'objectClass': ['ocfAccount', 'account', 'posixAccount'],
'cn': [request.real_name],
'uidNumber': [str(new_uid)],
'gidNumber': [str(getgrnam('ocf').gr_gid)],
'homeDirectory': [utils.home_dir(request.user_name)],
'loginShell': ['/bin/bash'],
'mail': [request.email],
'userPassword': ['{SASL}' + request.user_name + '@OCF.BERKELEY.EDU'],
'creationTime': [datetime.now().strftime('%Y%m%d%H%M%SZ')],
}
if request.calnet_uid:
attrs['calnetUid'] = [str(request.calnet_uid)]
else:
attrs['callinkOid'] = [str(request.callink_oid)]
with report_status('Creating', 'Created', 'LDAP entry'):
create_ldap_entry_with_keytab(
dn,
attrs,
creds.kerberos_keytab,
creds.kerberos_principal,
)
# invalidate passwd cache so that we can immediately chown files
# XXX: sometimes this fails, but that's okay because it means
# nscd isn't running anyway
call(('sudo', 'nscd', '-i', 'passwd'))
with report_status('Creating', 'Created', 'home and web directories'):
create_home_dir(request.user_name)
create_web_dir(request.user_name)
send_created_mail(request)
def create_account(request, creds, report_status):
"""Create an account as idempotently as possible.""" # TODO: docstring
# TODO: check if kerberos principal already exists; skip this if so
with report_status('Creating', 'Created', 'Kerberos keytab'):
create_kerberos_principal_with_keytab(
request.user_name,
creds.kerberos_keytab,
creds.kerberos_principal,
password=decrypt_password(
request.encrypted_password,
RSA.importKey(open(creds.encryption_key).read()),
),
)
# TODO: check if LDAP entry already exists; skip this if so
with report_status('Finding', 'Found', 'first available UID'):
new_uid = _get_first_available_uid()
dn = 'uid={user},{base_people}'.format(
user=request.user_name,
base_people=constants.OCF_LDAP_PEOPLE,
)
attrs = {
'objectClass': ['ocfAccount', 'account', 'posixAccount'],
'cn': [request.real_name],
'uidNumber': [str(new_uid)],
'gidNumber': [str(getgrnam('ocf').gr_gid)],
'homeDirectory': [utils.home_dir(request.user_name)],
'loginShell': ['/bin/bash'],
'mail': [request.email],
'userPassword': ['{SASL}' + request.user_name + '@OCF.BERKELEY.EDU'],
'creationTime': [datetime.now().strftime('%Y%m%d%H%M%SZ')],
}
if request.calnet_uid:
attrs['calnetUid'] = [str(request.calnet_uid)]
else:
attrs['callinkOid'] = [str(request.callink_oid)]
with report_status('Creating', 'Created', 'LDAP entry'):
create_ldap_entry_with_keytab(
dn, attrs, creds.kerberos_keytab, creds.kerberos_principal,
)
# invalidate passwd cache so that we can immediately chown files
# XXX: sometimes this fails, but that's okay because it means
# nscd isn't running anyway
call(('sudo', 'nscd', '-i', 'passwd'))
with report_status('Creating', 'Created', 'home and web directories'):
create_home_dir(request.user_name)
create_web_dir(request.user_name)
send_created_mail(request)
def test_random_password(self, mock_spawn):
create_kerberos_principal_with_keytab(
'ggroup',
'/some/keytab',
'create/admin',
)
mock_spawn.assert_called_with(
('/usr/bin/kadmin -K /some/keytab -p create/admin add ' +
'--use-defaults ggroup'),
timeout=10,
)
assert len(mock_spawn.return_value.sendline.call_args[0][0]) == 100
def test_random_password(self, mock_spawn):
create_kerberos_principal_with_keytab(
'ggroup',
'/some/keytab',
'create/admin',
)
mock_spawn.assert_called_with(
('/usr/bin/kadmin -K /some/keytab -p create/admin add ' +
'--use-defaults ggroup'),
timeout=10,
)
assert len(mock_spawn.return_value.sendline.call_args[0][0]) == 100
def create_account(request, creds, report_status):
"""Create an account as idempotently as possible.""" # TODO: docstring
# TODO: check if kerberos principal already exists; skip this if so
with report_status('Creating', 'Created', 'Kerberos keytab'):
create_kerberos_principal_with_keytab(
request.user_name,
creds.kerberos_keytab,
creds.kerberos_principal,
password=decrypt_password(
request.encrypted_password,
creds.encryption_key,
),
)
# TODO: check if LDAP entry already exists; skip this if so
with report_status('Finding', 'Found', 'first available UID'):
new_uid = _get_first_available_uid()
dn = 'uid={user},{base_people}'.format(
user=request.user_name,
base_people=constants.OCF_LDAP_PEOPLE,
)
attrs = {
'objectClass': ['ocfAccount', 'account', 'posixAccount'],
'cn': [request.real_name],
'uidNumber': [str(new_uid)],
'gidNumber': [str(getgrnam('ocf').gr_gid)],
'homeDirectory': [utils.home_dir(request.user_name)],
'loginShell': ['/bin/bash'],
'mail': [request.email],
'userPassword': ['{SASL}' + request.user_name + '@OCF.BERKELEY.EDU'],
}
if request.calnet_uid:
attrs['calnetUid'] = [str(request.calnet_uid)]
else:
attrs['callinkOid'] = [str(request.callink_oid)]
with report_status('Creating', 'Created', 'LDAP entry'):
create_ldap_entry_with_keytab(
dn,
attrs,
creds.kerberos_keytab,
creds.kerberos_principal,
)
with report_status('Creating', 'Created', 'home and web directories'):
create_home_dir(request.user_name)
create_web_dir(request.user_name)
send_created_mail(request)
def test_normal_password(self, mock_spawn):
create_kerberos_principal_with_keytab(
'ggroup',
'/some/keytab',
'create/admin',
password='******',
)
mock_spawn.assert_called_with(
('/usr/bin/kadmin -K /some/keytab -p create/admin add ' +
'--use-defaults ggroup'),
timeout=10,
)
mock_spawn.return_value.sendline.assert_has_calls(
[mock.call('hunter2'), mock.call('hunter2')], )
def create_account(request, creds, report_status):
"""Create an account as idempotently as possible.""" # TODO: docstring
# TODO: check if kerberos principal already exists; skip this if so
with report_status('Creating', 'Created', 'Kerberos keytab'):
create_kerberos_principal_with_keytab(
request.user_name,
creds.kerberos_keytab,
creds.kerberos_principal,
password=decrypt_password(
request.encrypted_password,
creds.encryption_key,
),
)
# TODO: check if LDAP entry already exists; skip this if so
with report_status('Finding', 'Found', 'first available UID'):
new_uid = _get_first_available_uid()
dn = 'uid={user},{base_people}'.format(
user=request.user_name,
base_people=constants.OCF_LDAP_PEOPLE,
)
attrs = {
'objectClass': ['ocfAccount', 'account', 'posixAccount'],
'cn': [request.real_name],
'uidNumber': [str(new_uid)],
'gidNumber': [str(getgrnam('ocf').gr_gid)],
'homeDirectory': [utils.home_dir(request.user_name)],
'loginShell': ['/bin/bash'],
'mail': [request.email],
'userPassword': ['{SASL}' + request.user_name + '@OCF.BERKELEY.EDU'],
}
if request.calnet_uid:
attrs['calnetUid'] = [str(request.calnet_uid)]
else:
attrs['callinkOid'] = [str(request.callink_oid)]
with report_status('Creating', 'Created', 'LDAP entry'):
create_ldap_entry_with_keytab(
dn, attrs, creds.kerberos_keytab, creds.kerberos_principal,
)
with report_status('Creating', 'Created', 'home and web directories'):
create_home_dir(request.user_name)
create_web_dir(request.user_name)
send_created_mail(request)
def test_normal_password(self, mock_spawn):
create_kerberos_principal_with_keytab(
'ggroup',
'/some/keytab',
'create/admin',
password='******',
)
mock_spawn.assert_called_with(
('/usr/bin/kadmin -K /some/keytab -p create/admin add ' +
'--use-defaults ggroup'),
timeout=10,
)
mock_spawn.return_value.sendline.assert_has_calls(
[mock.call('hunter2'), mock.call('hunter2')],
)
def create_account(request, creds, report_status, known_uid=_KNOWN_UID):
"""Create an account as idempotently as possible.
:param known_uid: where to start searching for unused UIDs (see
_get_first_available_uid)
:return: the UID of the newly created account
"""
# TODO: better docstring
if get_kerberos_principal_with_keytab(
request.user_name,
creds.kerberos_keytab,
creds.kerberos_principal,
):
report_status('kerberos principal already exists; skipping creation')
else:
with report_status('Creating', 'Created', 'Kerberos keytab'):
create_kerberos_principal_with_keytab(
request.user_name,
creds.kerberos_keytab,
creds.kerberos_principal,
password=decrypt_password(
request.encrypted_password,
RSA.importKey(open(creds.encryption_key).read()),
),
)
if search.user_attrs(request.user_name):
report_status('LDAP entry already exists; skipping creation')
else:
with report_status('Finding', 'Found', 'first available UID'):
new_uid = _get_first_available_uid(known_uid)
dn = utils.dn_for_username(request.user_name)
attrs = {
'objectClass': ['ocfAccount', 'account', 'posixAccount'],
'cn': [request.real_name],
'uidNumber': new_uid,
'gidNumber': getgrnam('ocf').gr_gid,
'homeDirectory': utils.home_dir(request.user_name),
'loginShell': '/bin/bash',
'mail': [request.email],
'userPassword': '******' + request.user_name + '@OCF.BERKELEY.EDU',
'creationTime': datetime.now(timezone.utc).astimezone(),
}
if request.calnet_uid:
attrs['calnetUid'] = request.calnet_uid
else:
attrs['callinkOid'] = request.callink_oid
with report_status('Creating', 'Created', 'LDAP entry'):
create_ldap_entry_with_keytab(
dn, attrs, creds.kerberos_keytab, creds.kerberos_principal,
)
# invalidate passwd cache so that we can immediately chown files
# XXX: sometimes this fails, but that's okay because it means
# nscd isn't running anyway
call(('sudo', 'nscd', '-i', 'passwd'))
with report_status('Creating', 'Created', 'home and web directories'):
create_home_dir(request.user_name)
ensure_web_dir(request.user_name)
send_created_mail(request)
# TODO: logging to syslog, files
return new_uid
def create_account(request, creds, report_status, known_uid=_KNOWN_UID):
"""Create an account as idempotently as possible.
:param known_uid: where to start searching for unused UIDs (see
_get_first_available_uid)
:return: the UID of the newly created account
"""
# TODO: better docstring
if get_kerberos_principal_with_keytab(
request.user_name,
creds.kerberos_keytab,
creds.kerberos_principal,
):
report_status('kerberos principal already exists; skipping creation')
else:
with report_status('Creating', 'Created', 'Kerberos keytab'):
create_kerberos_principal_with_keytab(
request.user_name,
creds.kerberos_keytab,
creds.kerberos_principal,
password=decrypt_password(
request.encrypted_password,
RSA.importKey(open(creds.encryption_key).read()),
),
)
if search.user_attrs(request.user_name):
report_status('LDAP entry already exists; skipping creation')
else:
with report_status('Finding', 'Found', 'first available UID'):
new_uid = _get_first_available_uid(known_uid)
dn = utils.dn_for_username(request.user_name)
attrs = {
'objectClass': ['ocfAccount', 'account', 'posixAccount'],
'cn': [request.real_name],
'uidNumber': new_uid,
'gidNumber': getgrnam('ocf').gr_gid,
'homeDirectory': utils.home_dir(request.user_name),
'loginShell': '/bin/bash',
'mail': [request.email],
'userPassword': '******' + request.user_name + '@OCF.BERKELEY.EDU',
'creationTime': datetime.now(),
}
if request.calnet_uid:
attrs['calnetUid'] = request.calnet_uid
else:
attrs['callinkOid'] = request.callink_oid
with report_status('Creating', 'Created', 'LDAP entry'):
create_ldap_entry_with_keytab(
dn, attrs, creds.kerberos_keytab, creds.kerberos_principal,
)
# invalidate passwd cache so that we can immediately chown files
# XXX: sometimes this fails, but that's okay because it means
# nscd isn't running anyway
call(('sudo', 'nscd', '-i', 'passwd'))
with report_status('Creating', 'Created', 'home and web directories'):
create_home_dir(request.user_name)
ensure_web_dir(request.user_name)
send_created_mail(request)
# TODO: logging to syslog, files
return new_uid
