Logo Search packages:      
Sourcecode: kde-guidance version File versions  Download package

unixauthdb.py

#!/usr/bin/python
###########################################################################
#    Copyright (C) 2004-2006 by Simon Edwards                                      
#    <simon@simonzone.com>                                                             
#
# Copyright: See COPYING file that comes with this distribution
#
###########################################################################
# An API for querying and modifying the authorisation database on Unix systems.
#
# The first function that you need to use is getContext(). It returns a 
# Context object that contains all relevant information concerning 
# the current authorisation database on this machine.

import crypt
import random
import fcntl
import time
import os
import stat
import shutil
import codecs
import locale

ldaperror = ""
try:
    import ldap 
except ImportError:
    ldaperror = "The LDAP Python Module is not installed, but needed to use LDAP. Install it."

def getContext(editmode=False):
    """Get a Context object describing the system's authorisation database.

    Parameters:

    editmode - Set to true if you also wish change the information in this
    context. Root access is required. Defaults to false.

    Returns a Context object.

    If the environmental variable "USERCONFIG_USES_LDAP" is set to "true",
    userconfig will use LDAP as the backend. This feature is in development
    and using it is not recommended, it won't work.
    """

    # Detect what kind of auth system we are running on and create
    # and initialise the corresponding Context object type.

    # Check for Mandrake

    # Check libuser.conf
    try:
        if os.environ["USERCONFIG_USES_LDAP"].lower() == "true":
            use_ldap = True 
    except KeyError,e:
        use_ldap = False
    if not use_ldap:
        return PwdContext(editmode)
    else:
        print "==================================================================="
        print "Warning:"
        print "\tYou are using LDAP as backend. This feature is under development"
        print "\tand it is currently not recommended to use it."
        print "\tIf you do not want to use LDAP as backend, set the environmental"
        print "\tvariabale 'USERCONFIG_USES_LDAP' to 'False'."
        print "==================================================================="
        return LdapContext(editmode)

###########################################################################
# Base classes.
#
00072 class Context(object):
    """Contains all of the information about the current authorisation
    database, plus some useful methods for modify this information.

    """
    def __init__(self):
        self._users = []
        self._groups = []
        self._shells = None
        self._setDefaultValues()

00083     def newUser(self,defaults=False,systemuser=False):
        """Create a new UnixUser object.

        Creates a new blank UnixUser object. The object is not part of the
        current Context. You need to add it yourself using addUser().

        Newly allocated UIDs are unique with respect to the list of UnixUser
        objects in the Context. 

        Keyword arguments:
        defaults -- Set to true if the new object should be filled in with
                    reasonable default values for the UID and username.
                    (default False)
        systemuser -- Should the new user be allocated a UID from the system
                      range of UIDs. (default is False)

        Returns a new UnixUser object.
        """
        newuserobj = self._createUser()
        if defaults:
            if systemuser:
                r = xrange(0,self.last_system_uid)
            else:
                r = xrange(self.first_uid,self.last_uid)
            for candiate in r:
                for u in self._users:
                    if u.getUID()==candiate:
                        break
                else:
                    newuserobj.setUID(candiate)
                    break

            if self.lookupUsername(u'new_user') is None:
                newuserobj.setUsername(u'new_user')
            else:
                i = 1
                while 1:
                    if self.lookupUsername(u'new_user_'+str(i)) is None:
                        newuserobj.setUsername(u'new_user_'+str(i))
                        break
                    i += 1
        return newuserobj

00126     def getUsers(self):
        """Get a list of all existing users.

        Returns an array of UnixUser objects.
        """
        #print "USERS:", self._users
        return self._users[:]  

00134     def getGroups(self):
        """Get a list of all existing groups.

        Returns an array of UnixGroup objects.
        """
        return self._groups[:]

00141     def newGroup(self,defaults=False,systemgroup=False):
        """Create a new UnixGroup object.

        Creates a new blank UnixGroup object. The object is not part of the
        current Context. You need to add it yourself using addGroup().

        Newly allocated GIDs are unique with respect to the list of UnixGroup
        objects in the Context. 

        Keyword arguments:
        defaults -- Set to true if the new object should be filled in with
                    reasonable default values for the GID and groupname.
                    (default False)
        systemgroup  -- Set to True if the newly allocated GID should come
                        from the pool of system group IDs. (default False)

        Returns a new UnixGroup object.
        """
        newgroupobj = self._createGroup()
        if defaults:
            if systemgroup:
                r = xrange(0,self.last_system_gid)
            else:
                r = xrange(self.first_gid,self.last_gid)
            for candiate in r:
                for u in self._groups:
                    if u.getGID()==candiate:
                        break
                else:
                    newgroupobj.setGID(candiate)
                    break
            if self.lookupGroupname(u'new_group') is None:
                newgroupobj.setGroupname(u'new_group')
            else:
                i = 1
                while 1:
                    if self.lookupGroupname(u'new_user_'+str(i)) is None:
                        newgroupobj.setGroupname(u'new_user_'+str(i))
                        break
                    i += 1
        return newgroupobj

    def _createGroup(self):
        raise NotImplementedError, "Context.newGroup()"

00186     def addUser(self,userobj):
        """Adds the given user to the authorisation database.

        This change only takes effect after calling context.save().

        Keyword arguments:
        userobj -- The UnixUser object to add.
        """
        self._users.append(userobj)

00196     def addGroup(self,groupobj):
        """Adds the given group to the authorisation database.

        This change only takes effect after calling context.save().

        Keyword arguments:
        groupobj -- The UnixGroup object to add.
        """
        if groupobj not in self._groups:
            self._groups.append(groupobj)

00207     def removeUser(self,userobj):
        """Removes the given user object from the authorisation database.

        The user is also removed from all groups.

        This change only takes effect after calling context.save().
        """
        for g in userobj.getGroups():
            userobj.removeFromGroup(g)

        self._users.remove(userobj)

00219     def removeGroup(self,groupobj):
        """Removes the given group object from the authorisation database.

        All users are removed from the group.

        This change only takes effect after calling context.save().
        """
        for u in groupobj.getUsers():
            u.removeFromGroup(groupobj)

        self._groups.remove(groupobj)

00231     def lookupUID(self,uid):
        """Lookup a UnixUser object by its numeric user ID.

        Keyword arguments:
        uid -- User ID to lookup, integer.

        Returns the matching UnixUser object or None if it was not found.
        """
        for user in self._users:
            if user.getUID()==uid:
                return user
        return None

00244     def lookupUsername(self,username):
        """Lookup a UnixUser object by username.

        Keyword arguments:
        username -- Username to lookup, string.

        Returns the matching UnixUser object or None if it was not found.
        """
        for user in self._users:
            if user.getUsername()==username:
                return user
        return None

00257     def lookupGID(self,gid):
        """Lookup a UnixGroup object by its numeric group ID.

        Keyword arguments:
        gid -- Group ID to lookup, integer.

        Returns the matching UnixGroup object or None if it was not found.
        """
        for group in self._groups:
            if group.getGID()==gid:
                return group
        return None

00270     def lookupGroupname(self,groupname):
        """Lookup a UnixGroup object by groupname.

        Returns the matching UnixGroup object or None if it was not found.
        """
        for group in self._groups:
            if group.getGroupname()==groupname:
                return group
        return None

00280     def getUserShells(self):
        """Get the list of available login shells.

        Returns an array of strings.
        """
        if self._shells is None:
            self._shells = []
            fhandle = codecs.open('/etc/shells','r',locale.getpreferredencoding())
            for l in fhandle.readlines():
                # TODO: strangely this lets some comented lines slip through
                if len(l.strip()) > 1 and l.strip()[0] is not "#":
                    # Only show existing shells
                    if os.path.isfile(l.strip()): 
                        self._shells.append(l.strip())
            fhandle.close()
        return self._shells[:]

00297     def save(self):
        """Synchronises the Context with the underlying operating system.

        After a successful save, any changes to the Context will be reflected
        system wide.
        """
        raise NotImplementedError, "Context.save()"

    def createHomeDirectory(self,userobj):
        if os.path.exists(userobj.getHomeDirectory()):
            raise IOError, u"Home directory %s already exists." % userobj.getHomeDirectory()

        # Copy the skeleton directory over
        shutil.copytree(self._getSkeletonDirectory(),userobj.getHomeDirectory(),True)

        # Fix the file ownership stuff
        uid = userobj.getUID()
        gid = userobj.getPrimaryGroup().getGID()
        os.chmod(userobj.getHomeDirectory(),self.dir_mode)
        #os.system("chmod "+self.dir_mode+" "+userobj.getHomeDirectory())
        #print "Setting permissions:", userobj.getHomeDirectory(),self.dir_mode
        os.lchown(userobj.getHomeDirectory(),uid,gid)
        for root,dirs,files in os.walk(userobj.getHomeDirectory()):
            for d in dirs:
                os.lchown(os.path.join(root,d),uid,gid)
            for f in files:
                os.lchown(os.path.join(root,f),uid,gid)

    def removeHomeDirectory(self,userobj):
        if os.path.exists(userobj.getHomeDirectory()):
            shutil.rmtree(userobj.getHomeDirectory())

    def _createUser(self):
        raise NotImplementedError, "Context._createUser()"

    def _sanityCheck(self):
        userids = []
        for u in self._users:
            if isinstance(u,UnixUser)==False:
                raise TypeError,"Found an object in the list of users that is not a UnixUser object."
            uid = u.getUID()
            if uid in userids:
                raise ValueError, "User ID %i appears more than once." % uid
            userids.append(uid)
            u._sanityCheck()

        groupids = []
        for g in self._groups:
            if isinstance(g,UnixGroup)==False:
                raise TypeError,"Found an object in the list of groups that is not a UnixGroup object."
            gid = g.getGID()
            if gid in groupids:
                raise ValueError, "Group ID %i appears more than once." % gid
            groupids.append(gid)    
            g._sanityCheck()

    def _getSkeletonDirectory(self):
        return self.skel

00356     def _readAdduserConf(self):
        """ Fill a dictionary with the values from /etc/adduser.conf
            which then can be used as default values, if the file exists
            at least. 
            Attention: We're not validating!"""
        self.defaults = {}
        self.adduserconf = '/etc/adduser.conf'
        if not os.path.isfile(self.adduserconf):
            return
        fhandle = codecs.open(self.adduserconf,'r',locale.getpreferredencoding())
        for line in fhandle.readlines():
            line = line.strip()
            parts = line.split("=")
            if len(parts) == 2:
                self.defaults[parts[0]] = parts[1]

00372     def _setDefaultValues(self):
        """ Set a lot of default values for UIDs and GIDs, try to use the values
            from /etc/adduser.conf."""
        self._readAdduserConf()

        try:
            self.skel = self.defaults["SKEL"]
        except KeyError:
            self.skel = '/etc/skel'

        # IDs for new users and groups.
        try:
            self.first_uid = int(self.defaults["FIRST_UID"])
        except (KeyError,ValueError):
            self.first_uid = 500

        try:
            self.last_uid = int(self.defaults["LAST_UID"])
        except (KeyError,ValueError):
            self.last_uid = 29999

        try:
            self.first_gid = int(self.defaults["FIRST_GID"])
        except (KeyError,ValueError):
            self.first_gid = 500

        try:
            self.last_gid = int(self.defaults["LAST_GID"])
        except (KeyError,ValueError):
            self.last_gid = 65534

        # Which IDs are system user and system groups?
        try:
            self.first_system_uid = int(self.defaults["FIRST_SYSTEM_UID"])
        except (KeyError,ValueError):
            self.first_system_uid = 500

        try:
            self.last_system_uid = int(self.defaults["LAST_SYSTEM_UID"])
        except (KeyError,ValueError):
            self.last_system_uid = 65534

        try:
            self.first_system_gid = int(self.defaults["FIRST_SYSTEM_GID"])
        except (KeyError,ValueError):
            self.first_system_gid = 500

        try:
            self.last_system_gid = int(self.defaults["LAST_SYSTEM_GID"])
        except (KeyError,ValueError):
            self.last_system_gid = 65534

        # More defaults which might make sense.
        try:
            self.dir_mode = int(self.defaults["DIR_MODE"],8)
        except (KeyError,ValueError):
            self.dir_mode = int("0755",8)
            print "Didn't read default DIR_MODE"

        try:
            self.dhome = self.defaults["DHOME"]
        except KeyError:
            self.dhome = "/home"

        try:
            self.dshell = self.defaults["DSHELL"]
        except KeyError:
            # Will be set in showNewUser()
            self.dshell = None

###########################################################################
class UnixUser(object):
    def __init__(self,context):
        self._context = context
        self._uid = None
        self._username = None

        # UnixGroup object.
        self._primarygroup = None

        # List of UnixGroup objects.
        self._groups = []

        self._gecos = None
        self._homedirectory = None
        self._loginshell = None

        self._islocked = False

        self._encpass = ""

        # FIXME : This should actually be days since epoch or something like this
        self._passlastchange = 0 
        self._passminimumagebeforechange = 0
        self._passmaximumage = None
        self._passexpirewarn = 7
        self._passexpiredisabledays = None
        self._disableddays = None

    def polish(self):
        primary_group = self._context.lookupGID(self._gid)
        if primary_group is None:
            # The GID didn't match an existing group. Quickly make a new group.
            new_group = self._context.newGroup()
            new_group.setGID(self._gid)
            
            new_group_name = u"group%i" % self._gid
            i = 0
            while self._context.lookupGroupname(new_group_name) is not None:
                i += 1
                new_group_name = u"group%i_%i" % (self._gid,i)
            new_group.setGroupname(new_group_name)
            
            self._context.addGroup(new_group)
            primary_group = new_group

        self.setPrimaryGroup(primary_group)
        for group in self._context._groups:
            if group.contains(self):
                self._groups.append(group)

    def getUID(self):
        """Get the unix user ID.

        Returns the integer.
        """
        return self._uid

    def setUID(self,uid):
        """Set the unix user ID.

        Keyword arguments:
        uid -- Integer user id.
        """
        uid = int(uid)
        if uid<0:
            raise ValueError, "User ID (%i) is a negative number." % uid
        self._uid = uid

    def isSystemUser(self):
        """See if this user is a system user.

        Returns True or False.
        """
        return not (self._context.first_uid <= self._uid < self._context.last_uid)

    def getUsername(self): return self._username

    def setUsername(self,username): self._username = username

    def getPrimaryGroup(self):
        """Get the primary group for this user.

        Returns a UnixGroup object.
        """
        return self._primarygroup

    def setPrimaryGroup(self,groupobj):
        """Set the primary group for this user.

        If the given group is not part of this user's list of groups, then
        it will be added.

        Keyword arguments:
        groupobj -- The group to set as the primary group.
        """
        self.addToGroup(groupobj)
        self._primarygroup = groupobj

    def getGroups(self):
        """Get the list of groups that this user belongs to.

        The user's primary group is also included in the returned list.

        Returns a list of UnixGroup objects. Modify the list does not affect
        this UnixUser object.
        """
        return self._groups[:]

    def addToGroup(self,groupobj):
        """Add this user to the given group.

        Keyword arguments:
        groupobj -- UnixGroup object.
        """
        groupobj._addUser(self)
        if groupobj not in self._groups:
            self._groups.append(groupobj)

    def removeFromGroup(self,groupobj):
        """Remove this user from the given group.

        If group is current this user's primary group, then

        Keyword arguments:
        groupobj -- UnixGroup object.
        """
        groupobj._removeUser(self)
        try:
            self._groups.remove(groupobj)
        except ValueError:
            pass
        if self._primarygroup is groupobj:
            if len(self._groups)==0:
                self._primarygroup = None
            else:
                self._primarygroup = self._groups[0]

    def setPassword(self,password):
        # Make some salt.
        space = 'abcdefghijklmnopqrstuvwxyzABCDEFGHIJKLMNOPQSRTUVWXYZ0123456789./'
        salt = ""
        for x in range(8):
            salt += space[random.randint(0,len(space)-1)]
        self._encpass = crypt.crypt(password,'$1$'+salt+'$')

    def isLocked(self): return self._islocked
    def setLocked(self,locked): self._islocked = locked

    def getRealName(self): 
        if not self._gecos:
            return ""
        try:
            return self._gecos.split(",")[0]
        except AttributeError:
            return self._gecos

    def setRealName(self,realname): self._gecos = realname
    def getHomeDirectory(self): return self._homedirectory
    def setHomeDirectory(self,homedirectory): self._homedirectory = homedirectory
    def getLoginShell(self): return self._loginshell
    def setLoginShell(self,loginshell): self._loginshell = loginshell

    # 'None' means that there is no maximum password age.
    def getMaximumPasswordAge(self): return self._passmaximumage
    def setMaximumPasswordAge(self,days): self._passmaximumage = days

    def getMinimumPasswordAgeBeforeChange(self): return self._passminimumagebeforechange
    def setMinimumPasswordAgeBeforeChange(self,days): self._passminimumagebeforechange = days
    def getPasswordDisableAfterExpire(self): return self._passexpiredisabledays
    def setPasswordDisableAfterExpire(self,days): self._passexpiredisabledays = days
    def getPasswordExpireWarning(self): return self._passexpirewarn
    def setPasswordExpireWarning(self,days): self._passexpirewarn = days
    def getLastPasswordChange(self): return self._passlastchange
    def getExpirationDate(self): return self._disableddays
    def setExpirationDate(self,unixdate): self._disableddays = unixdate

    def __str__(self):
        return "%s(%i)" % (self._username,self._uid)

    def _sanityCheck(self):
        if self._primarygroup is None:
            raise ValueError,"Userobj has no primary group!"
        if self._uid is None:
            raise ValueError,"Userobj has no UID!"

###########################################################################
class UnixGroup(object):
    def __init__(self,context):
        self._context = context

        # List of UnixUser objects.
        self._members = []

        self._gid = None
        self._groupname = None

    def contains(self,userobj):
        """Check if a the given user is a member of this group.

        Returns True or False.
        """
        return userobj in self._members

    def polish(self): pass
    def isSystemGroup(self):
        """Check if this group is a system group.

        Returns True or False.
        """
        return not (self._context.first_gid <= self._gid < self._context.last_gid)
        #return not (500 <= self._gid < 65534)

    def getGID(self):
        """Get the unix group ID.

        Returns the integer group id.
        """
        return self._gid

    def setGID(self,gid):
        """Set the unix group ID.

        Keyword arguments:
        gid -- new group id, integer.
        """
        self._gid = gid

    def getGroupname(self): return self._groupname
    def setGroupname(self,groupname): self._groupname = groupname
    def getUsers(self): return self._members[:]
    def _addUser(self,userobj):
        if not self.contains(userobj):
            self._members.append(userobj)

    def _removeUser(self,userobj):
        try:
            self._members.remove(userobj)
        except ValueError:
            pass

    def __str__(self):
        # FIXME encoding
        return str(self._groupname) + " (" + str(self._gid) + ") " + str([str(u) for u in self._members])

    def _sanityCheck(self):
        pass

###########################################################################
class PwdContext(Context):
#    def __init__(self,editmode,passwordfile="/home/sbe/etc/passwd",groupfile='/home/sbe/etc/group',shadowfile="/home/sbe/etc/shadow"):
    def __init__(self,editmode,passwordfile="/etc/passwd",groupfile='/etc/group',shadowfile="/etc/shadow"):
        Context.__init__(self)
        self.__editmode = editmode
        self.__passwordfile = passwordfile
        self.__groupfile = groupfile
        self.__shadowfile = shadowfile
        self._setDefaultValues()

        # Read in the password file
        fhandle = codecs.open(passwordfile,'r',locale.getpreferredencoding())
        if LockFDRead(fhandle.fileno())==False:
            raise IOError,"Unable to lock the "+passwordfile+" file."
        try:
            for line in fhandle.readlines():
                if line.strip()!="":
                    newuserobj = self.newUser(False)
                    newuserobj._initString(line)
                    self._users.append(newuserobj)
        finally:
            UnlockFD(fhandle.fileno())
            fhandle.close()

        # Read the group file
        fhandle = codecs.open(groupfile,'r',locale.getpreferredencoding())
        if LockFDRead(fhandle.fileno())==False:
            raise IOError,"Unable to lock the "+groupfile+" file."
        try:
            for line in fhandle.readlines():
                if line.strip()!="":
                    newgroupobj = self.newGroup(False)
                    newgroupobj._initString(line)
                    self._groups.append(newgroupobj)
        finally:
            UnlockFD(fhandle.fileno())
            fhandle.close()

        if self.__editmode:
            # Load up the info from the shadow file too.
            fhandle = codecs.open(shadowfile,'r',locale.getpreferredencoding())
            if LockFDRead(fhandle.fileno())==False:
                raise IOError,"Unable to lock the "+shadowfile+" file."
            try:
                for line in fhandle.readlines():
                    if line.strip()!="":
                        try:
                            (username,encpass,passlastchange,passminimumagebeforechange,passmaximumage, \
                                passexpirewarn,passexpiredisabledays,disableddays,reserve) = \
                                tuple(line.strip().split(":"))
                            userobj = self.lookupUsername(username)
                            if userobj is not None:
                                if encpass=="":
                                    encpass = u"*"
                                userobj._encpass = encpass
                                if userobj._encpass[0]=='!':
                                    userobj._islocked = True
                                    userobj._encpass = userobj._encpass[1:]
                                else:
                                    userobj._islocked = False
                                # FIXME : set time
                                if passlastchange and passlastchange!=u"None":
                                    userobj._passlastchange = int(passlastchange)
                                else:
                                    passlastchange = 0
    
                                if passminimumagebeforechange=="":
                                    passminimumagebeforechange = None
                                else:
                                    passminimumagebeforechange = int(passminimumagebeforechange)
                                    if passminimumagebeforechange>=99999:
                                        passminimumagebeforechange = None
                                userobj._passminimumagebeforechange = passminimumagebeforechange
    
                                if passmaximumage=="":
                                    passmaximumage = None
                                else:
                                    passmaximumage = int(passmaximumage)
                                    if passmaximumage>=99999:
                                        passmaximumage = None
                                userobj._passmaximumage = passmaximumage
    
                                if passexpirewarn=="":
                                    passexpirewarn = None
                                else:
                                    passexpirewarn = int(passexpirewarn)
                                    if passexpirewarn>=99999:
                                        passexpirewarn = None
                                userobj._passexpirewarn = passexpirewarn
    
                                if passexpiredisabledays=="":
                                    userobj._passexpiredisabledays = None
                                else:
                                    userobj._passexpiredisabledays = int(passexpiredisabledays)
    
                                if disableddays=="" or disableddays==u"99999":
                                    userobj._disableddays = None
                                else:
                                    userobj._disableddays = int(disableddays)
    
                                userobj._reserve = reserve
                            else:
                                print "Couldn't find",username
                        except ValueError:
                            pass
            finally:
                UnlockFD(fhandle.fileno())
                fhandle.close()

        for group in self._groups:
            group.polish()
        for user in self._users:
            user.polish()

    def _createUser(self):
        return PwdUser(self)

    def _createGroup(self):
        return PwdGroup(self)

    def save(self):
        if self.__editmode==False:
            raise IOError, "Can't save, the context was created Read only."

        self._sanityCheck()

        # Write out the new password file.        
        origstat = os.stat(self.__passwordfile)
        tmpname = self.__passwordfile+".TMP"
        fd = os.open(tmpname, os.O_CREAT|os.O_WRONLY|os.O_TRUNC, origstat.st_mode)
        for u in self._users:
            os.write(fd, u._getPasswdEntry().encode(locale.getpreferredencoding(),'replace'))
            #print u._getPasswdEntry()
        os.close(fd)
        os.chown(tmpname, origstat.st_uid, origstat.st_gid)
        
        # Update the passwd file
        passwordlock = os.open(self.__passwordfile, os.O_WRONLY) # FIXME encoding
        if LockFDWrite(passwordlock)==False:
            raise IOError,"Couldn't get a write lock on "+self.__passwordfile
        try:
            os.rename(self.__passwordfile+".TMP",self.__passwordfile)
        finally:
            UnlockFD(passwordlock)
            os.close(passwordlock)

        # Write out the new group file
        origstat = os.stat(self.__groupfile)
        tmpname = self.__groupfile+".TMP"
        fd = os.open(tmpname, os.O_CREAT|os.O_WRONLY|os.O_TRUNC, origstat.st_mode)
        for g in self._groups:
            os.write(fd,g._getGroupFileEntry().encode(locale.getpreferredencoding()))
            #print g._getGroupFileEntry()[:-1]
        os.close(fd)
        os.chown(tmpname, origstat.st_uid, origstat.st_gid)

        # Update the group file.
        grouplock = os.open(self.__groupfile, os.O_WRONLY)
        if LockFDWrite(grouplock)==False:
            raise IOError,"Couldn't get write lock on "+self.__groupfile
        try:
            os.rename(self.__groupfile+".TMP",self.__groupfile)
        finally:
            UnlockFD(grouplock)
            os.close(grouplock)

        # Write out the new shadow file
        origstat = os.stat(self.__shadowfile)
        tmpname = self.__shadowfile+".TMP"
        fd = os.open(tmpname, os.O_CREAT|os.O_WRONLY|os.O_TRUNC, origstat.st_mode|stat.S_IWUSR)
        for u in self._users:
            os.write(fd,u._getShadowEntry().encode(locale.getpreferredencoding()))
            #print u._getShadowEntry()[:-1]
        os.close(fd)
        os.chown(tmpname, origstat.st_uid, origstat.st_gid)

        # Update the shadow file.

        # Make sure that it is writable.
        if (origstat.st_mode & stat.S_IWUSR)==0:
            os.chmod(self.__shadowfile,origstat.st_mode|stat.S_IWUSR)

        shadowlock = os.open(self.__shadowfile, os.O_WRONLY)
        if LockFDWrite(shadowlock)==False:
            raise IOError,"Couldn't get write lock on "+self.__shadowfile
        try:
            os.rename(self.__shadowfile+".TMP",self.__shadowfile)
        finally:
            UnlockFD(shadowlock)
            os.close(shadowlock)

        # set the permissions back to thier default.
        if (origstat.st_mode & stat.S_IWUSR)==0:
            os.chmod(self.__shadowfile,origstat.st_mode)

###########################################################################
class LdapContext(Context):
    
    def __init__(self,editmode,server="localhost",admin_dn="",admin_pass=""):
        """ Connect to the LDAP server and invoke further actions. 
        """
        Context.__init__(self)
        # admin_dn is DistinguishedName? (or dn, for short)
        self.server = server
        self.baseDN = "dc=vizZzion,dc=net"

        self.url = "ldap://"+self.server

        self.ldapserver = ldap.initialize(self.url)
        self.ldapserver.protocol_version = ldap.VERSION3

        self.editmode = editmode
        if not self.editmode:
            self.ldapserver.simple_bind("admin",admin_pass)
        print "Connected to ", self.url

        self._users = self._getUsers()

    def _getUsers(self):
        """ Retrieve a list of users from the LDAP server.
        """
        _users = []
        print "LdapContext._getUsers"
        searchScope = ldap.SCOPE_SUBTREE
        retrieveAttributes = None 
        searchFilter = "cn=*"
        try:
            ldap_result_id = self.ldapserver.search(self.baseDN, searchScope, searchFilter, retrieveAttributes)
            result_set = []
            while 1:
                result_type, result_data = self.ldapserver.result(ldap_result_id, 0)
                if (result_data == []):
                    break
                else:
                    if result_type == ldap.RES_SEARCH_ENTRY:
                        #print result_data[0][1]
                        #print " --------------------- "
                        result_set.append(result_data[0][1])
            #print result_set
        except ldap.LDAPError, e:
            print "ERROR: ",e

        if len(result_set) == 0:
            print "No Results."
            return 
        count = 0
        """
        for entry in result_set:
            for d in entry.keys():
                print d, "::", entry[d]
            print "======== Next User =============="
        """
        # Walk through result_set and create users.
        for entry in result_set:
            try:
                name = entry['cn'][0]
                login = entry['uid'][0]
                loginshell = entry['loginShell'][0]
                homedirectory = entry['homeDirectory'][0]
                uid = entry['uidNumber'][0]
                gid = entry['gidNumber'][0]
                count = count + 1
                #print "\n%d. User: %s\n\tName: %s\n\tShell: %s\n\tHomeDir: %s\n\tUID: %s\n\tGID: %s\n" %\
                #       (count, login, name, loginshell, homedirectory, uid, gid)
                # Create a new userobject
                new_user = self._createUser()
                new_user.setHomeDirectory(homedirectory)
                new_user.setUID(uid)
                new_user.setRealName(name)
                new_user.setLoginShell(loginshell)
                new_user.setUsername(login)
                _users.append(new_user)
                print "Number of Users:", len(self._users)
                
            except KeyError, e:
                # Debugging output...
                print "ERR:: ",e
                print 'err:: ',entry
        return _users
        
    def _createUser(self):
        return LdapUser(self)

    def _createGroup(self):
        return LdapGroup(self)

    def save(self):
        print "LdapContext.save() does nothing yet."

###########################################################################
class LdapUser(UnixUser):
    
    def __str__(self):
        return "LdapUser: %s(%i)" % (self._username,self._uid)


###########################################################################
class LdapGroup(UnixGroup):
    
    def __str__(self):
        return "LdapGroup: %s(%i)" % (self._username,self._uid)


###########################################################################
class PwdUser(UnixUser):
    def __init__(self,context):
        UnixUser.__init__(self,context)
        self._reserve = u""

    def _initString(self,line):
        (self._username,x,self._uid,self._gid,self._gecos,self._homedirectory, \
            self._loginshell) =  tuple(line.strip().split(":"))
        self._uid = int(self._uid)
        self._gid = int(self._gid)

    def _getPasswdEntry(self):
        return u":".join( [self._username,
            u"x",
            unicode(self._uid),
            unicode(self._primarygroup.getGID()),
            self._gecos,
            self._homedirectory,
            self._loginshell ] ) + u"\n"

    def _getShadowEntry(self):
        if self._islocked:
            encpass = u'!' + self._encpass
        else:
            encpass = self._encpass

        if self._passminimumagebeforechange==None:
            passminimumagebeforechange = ""
        else:
            passminimumagebeforechange = str(self._passminimumagebeforechange)

        if self._passmaximumage==None:
            passmaximumage = u"99999"
        else:
            passmaximumage = unicode(self._passmaximumage)

        if self._disableddays==None:
            disableddays = u""
        else:
            disableddays = unicode(self._disableddays)

        if self._passexpiredisabledays==None:
            passexpiredisabledays = u""
        else:
            passexpiredisabledays = unicode(self._passexpiredisabledays)

        if self._passexpirewarn==None:
            self._passexpirewarn = u""
        else:
            passexpirewarn = unicode(self._passexpirewarn)

        return u":".join( [self._username,
            encpass,
            unicode(self._passlastchange),
            passminimumagebeforechange,
            passmaximumage,
            passexpirewarn,
            passexpiredisabledays,
            disableddays,
            self._reserve ])+ u"\n"

###########################################################################
class PwdGroup(UnixGroup):
    def __init__(self,context):
        UnixGroup.__init__(self,context)
        self._memberids = u""
        self._encpass = u""

    def _initString(self,line):
        (self._groupname,self._encpass,self._gid,self._memberids) = tuple(line.strip().split(":"))
        self._gid = int(self._gid)

    def polish(self):
        membernames = self._memberids.split(",")
        for username in membernames:
            userobj = self._context.lookupUsername(username)
            if userobj!=None:
                self._members.append(userobj)

    def _getGroupFileEntry(self):
        return u":".join( [ self._groupname,
            self._encpass,
            unicode(self._gid),
            u",".join([u.getUsername() for u in self._members if u.getPrimaryGroup() is not self])]) + u"\n"

###########################################################################
def LockFDRead(fd):
    retries = 6
    while retries!=0:
        try:
            fcntl.lockf(fd,fcntl.LOCK_SH | fcntl.LOCK_NB)
            return True
        except IOError:
            # Wait a moment
            time.sleep(1)
    return False

def LockFDWrite(fd):
    retries = 6
    while retries!=0:
        try:
            fcntl.lockf(fd,fcntl.LOCK_EX | fcntl.LOCK_NB)
            return True
        except IOError:
            # Wait a moment
            time.sleep(1)
    return False

def UnlockFD(fd):
    fcntl.lockf(fd,fcntl.LOCK_UN)

###########################################################################

if __name__=='__main__':
    print "Testing"
    context = getContext(True)

    print "Stopping here..."
    #import sys
    #sys.exit(0) ## Remove.
    #print "Users:"
    #for user in context.getUsers():
    for user in context._users:
        print "--------------------------------------------------"
        print "UID:",user.getUID()
        print "Is system user:",user.isSystemUser()
        print "Username:",user.getUsername()
        print "Primary Group:",str(user.getPrimaryGroup())
        print "Groups:",[str(u) for u in user.getGroups()]
        print "Is locked:",user.isLocked()
        print "Real name:",user.getRealName()
        print "Home Dir:",user.getHomeDirectory()
        print "Maximum password age:",user.getMaximumPasswordAge()
        print "Minimum password age before change:",user.getMinimumPasswordAgeBeforeChange()
        print "Expire warning:",user.getPasswordExpireWarning()
        print "Disable after Expire:",user.getPasswordDisableAfterExpire()
        #print user._getPasswdEntry()

    print "Groups"
    for group in context.getGroups():
        print str(group)
        #print group._getGroupFileEntry()

    print "Saving"    
    context.save()

Generated by  Doxygen 1.6.0   Back to index