diff options
Diffstat (limited to 'users.py')
-rw-r--r-- | users.py | 220 |
1 files changed, 220 insertions, 0 deletions
diff --git a/users.py b/users.py new file mode 100644 index 000000000..e6f1e55ec --- /dev/null +++ b/users.py @@ -0,0 +1,220 @@ +import iutil +import whrandom +import crypt +import os +import string +from flags import flags +from log import log + +class Accounts: + + # List of (accountName, fullName, password) tupes + + def setUserList(self, users): + self.users = users + + def getUserList(self): + return self.users + + def writeKScommands(self, f, auth): + for (account, name, password) in self.users: + crypted = cryptPassword(password, auth.useMD5) + + f.write("/usr/sbin/useradd %s\n" % (account)); + f.write("chfn -f '%s' %s\n" % (name, account)) + f.write("/usr/sbin/usermod -p '%s' %s\n" % (crypted, account)) + f.write("\n") + + def write(self, instPath, auth): + if not self.users: return + + if not flags.setupFilesystems: + return + + for (account, name, password) in self.users: + argv = [ "/usr/sbin/useradd", account ] + iutil.execWithRedirect(argv[0], argv, root = instPath, + stdout = None) + + argv = [ "/usr/bin/chfn", "-f", name, account] + iutil.execWithRedirect(argv[0], argv, root = instPath, + stdout = None) + + setPassword(instPath, account, password, auth.useMD5) + + def __init__(self): + self.users = [] + +class Password: + def __init__ (self): + self.crypt = None + self.pure = None + + def getPure(self): + return self.pure + + def set (self, password, isCrypted = 0): + if isCrypted: + self.crypt = password + self.pure = None + else: + salt = (whrandom.choice (string.letters + + string.digits + './') + + whrandom.choice (string.letters + + string.digits + './')) + self.crypt = crypt.crypt (password, salt) + self.pure = password + + def getCrypted(self): + return self.crypt + +class RootPassword(Password): + + def write(self, instPath, auth): + pure = self.getPure() + if pure: + setPassword(instPath, "root", pure, auth.useMD5) + else: + setPassword(instPath, "root", self.getCrypted (), + auth.useMD5, alreadyCrypted = 1) + + def writeKS(self, f): + f.write("rootpw --iscrypted %s\n" % self.getCrypted()) + +def cryptPassword(password, useMD5): + if useMD5: + salt = "$1$" + saltLen = 8 + else: + salt = "" + saltLen = 2 + + for i in range(saltLen): + salt = salt + whrandom.choice (string.letters + + string.digits + './') + + return crypt.crypt (password, salt) + +def setPassword(instPath, account, password, useMD5, alreadyCrypted = 0): + if not alreadyCrypted: + password = cryptPassword(password, useMD5) + + devnull = os.open("/dev/null", os.O_RDWR) + + argv = [ "/usr/sbin/usermod", "-p", password, account ] + iutil.execWithRedirect(argv[0], argv, root = instPath, + stdout = '/dev/null', stderr = None) + os.close(devnull) + +class Authentication: + def __init__ (self): + self.useShadow = 1 + self.useMD5 = 1 + + self.useNIS = 0 + self.nisDomain = "" + self.nisuseBroadcast = 1 + self.nisServer = "" + + self.useLdap = 0 + self.useLdapauth = 0 + self.ldapServer = "" + self.ldapBasedn = "" + self.ldapTLS = "" + + self.useKrb5 = 0 + self.krb5Realm = "" + self.krb5Kdc = "" + self.krb5Admin = "" + + self.useHesiod = 0 + self.hesiodLhs = "" + self.hesiodRhs = "" + + def writeKS(self, f): + f.write("authconfig") + for arg in self.getArgList(): + if arg[0:9] != "--disable": + f.write(" " + arg) + f.write("\n") + + def getArgList(self): + args = [] + + if self.useShadow: + args.append ("--enableshadow") + else: + args.append ("--disableshadow") + + if self.useMD5: + args.append ("--enablemd5") + else: + args.append ("--disablemd5") + + + if self.useNIS: + args.append ("--enablenis") + args.append ("--nisdomain") + args.append (self.nisDomain) + if not self.nisuseBroadcast: + args.append ("--nisserver") + args.append (self.nisServer) + else: + args.append ("--disablenis") + + if self.useLdap: + args.append ("--enableldap") + else: + args.append ("--disableldap") + if self.useLdapauth: + args.append ("--enableldapauth") + else: + args.append ("--disableldapauth") + if self.useLdap or self.useLdapauth: + args.append ("--ldapserver") + args.append (self.ldapServer) + args.append ("--ldapbasedn") + args.append (self.ldapBasedn) + if self.ldapTLS: + args.append ("--enableldaptls") + else: + args.append ("--disableldaptls") + + if self.useKrb5: + args.append ("--enablekrb5") + args.append ("--krb5realm") + args.append (self.krb5Realm) + args.append ("--krb5kdc") + args.append (self.krb5Kdc) + args.append ("--krb5adminserver") + args.append (self.krb5Admin) + else: + args.append ("--disablekrb5") + + if self.useHesiod: + args.append ("--enablehesiod") + args.append ("--hesiodlhs") + args.append (self.hesiodLhs) + args.append ("--hesiodrhs") + args.append (self.hesiodRhs) + else: + args.append ("--disablehesiod") + + return args + + + def write (self, instPath): + args = [ "/usr/sbin/authconfig", "--kickstart", "--nostart" ] + args = args + self.getArgList() + + try: + if flags.setupFilesystems: + iutil.execWithRedirect(args[0], args, + stdout = None, stderr = None, + searchPath = 1, + root = instPath) + else: + log("Would have run %s", args) + except RuntimeError, msg: + log ("Error running %s: %s", args, msg) + |