summaryrefslogtreecommitdiffstats
path: root/users.py
diff options
context:
space:
mode:
Diffstat (limited to 'users.py')
-rw-r--r--users.py220
1 files changed, 220 insertions, 0 deletions
diff --git a/users.py b/users.py
new file mode 100644
index 000000000..e6f1e55ec
--- /dev/null
+++ b/users.py
@@ -0,0 +1,220 @@
+import iutil
+import whrandom
+import crypt
+import os
+import string
+from flags import flags
+from log import log
+
+class Accounts:
+
+ # List of (accountName, fullName, password) tupes
+
+ def setUserList(self, users):
+ self.users = users
+
+ def getUserList(self):
+ return self.users
+
+ def writeKScommands(self, f, auth):
+ for (account, name, password) in self.users:
+ crypted = cryptPassword(password, auth.useMD5)
+
+ f.write("/usr/sbin/useradd %s\n" % (account));
+ f.write("chfn -f '%s' %s\n" % (name, account))
+ f.write("/usr/sbin/usermod -p '%s' %s\n" % (crypted, account))
+ f.write("\n")
+
+ def write(self, instPath, auth):
+ if not self.users: return
+
+ if not flags.setupFilesystems:
+ return
+
+ for (account, name, password) in self.users:
+ argv = [ "/usr/sbin/useradd", account ]
+ iutil.execWithRedirect(argv[0], argv, root = instPath,
+ stdout = None)
+
+ argv = [ "/usr/bin/chfn", "-f", name, account]
+ iutil.execWithRedirect(argv[0], argv, root = instPath,
+ stdout = None)
+
+ setPassword(instPath, account, password, auth.useMD5)
+
+ def __init__(self):
+ self.users = []
+
+class Password:
+ def __init__ (self):
+ self.crypt = None
+ self.pure = None
+
+ def getPure(self):
+ return self.pure
+
+ def set (self, password, isCrypted = 0):
+ if isCrypted:
+ self.crypt = password
+ self.pure = None
+ else:
+ salt = (whrandom.choice (string.letters +
+ string.digits + './') +
+ whrandom.choice (string.letters +
+ string.digits + './'))
+ self.crypt = crypt.crypt (password, salt)
+ self.pure = password
+
+ def getCrypted(self):
+ return self.crypt
+
+class RootPassword(Password):
+
+ def write(self, instPath, auth):
+ pure = self.getPure()
+ if pure:
+ setPassword(instPath, "root", pure, auth.useMD5)
+ else:
+ setPassword(instPath, "root", self.getCrypted (),
+ auth.useMD5, alreadyCrypted = 1)
+
+ def writeKS(self, f):
+ f.write("rootpw --iscrypted %s\n" % self.getCrypted())
+
+def cryptPassword(password, useMD5):
+ if useMD5:
+ salt = "$1$"
+ saltLen = 8
+ else:
+ salt = ""
+ saltLen = 2
+
+ for i in range(saltLen):
+ salt = salt + whrandom.choice (string.letters +
+ string.digits + './')
+
+ return crypt.crypt (password, salt)
+
+def setPassword(instPath, account, password, useMD5, alreadyCrypted = 0):
+ if not alreadyCrypted:
+ password = cryptPassword(password, useMD5)
+
+ devnull = os.open("/dev/null", os.O_RDWR)
+
+ argv = [ "/usr/sbin/usermod", "-p", password, account ]
+ iutil.execWithRedirect(argv[0], argv, root = instPath,
+ stdout = '/dev/null', stderr = None)
+ os.close(devnull)
+
+class Authentication:
+ def __init__ (self):
+ self.useShadow = 1
+ self.useMD5 = 1
+
+ self.useNIS = 0
+ self.nisDomain = ""
+ self.nisuseBroadcast = 1
+ self.nisServer = ""
+
+ self.useLdap = 0
+ self.useLdapauth = 0
+ self.ldapServer = ""
+ self.ldapBasedn = ""
+ self.ldapTLS = ""
+
+ self.useKrb5 = 0
+ self.krb5Realm = ""
+ self.krb5Kdc = ""
+ self.krb5Admin = ""
+
+ self.useHesiod = 0
+ self.hesiodLhs = ""
+ self.hesiodRhs = ""
+
+ def writeKS(self, f):
+ f.write("authconfig")
+ for arg in self.getArgList():
+ if arg[0:9] != "--disable":
+ f.write(" " + arg)
+ f.write("\n")
+
+ def getArgList(self):
+ args = []
+
+ if self.useShadow:
+ args.append ("--enableshadow")
+ else:
+ args.append ("--disableshadow")
+
+ if self.useMD5:
+ args.append ("--enablemd5")
+ else:
+ args.append ("--disablemd5")
+
+
+ if self.useNIS:
+ args.append ("--enablenis")
+ args.append ("--nisdomain")
+ args.append (self.nisDomain)
+ if not self.nisuseBroadcast:
+ args.append ("--nisserver")
+ args.append (self.nisServer)
+ else:
+ args.append ("--disablenis")
+
+ if self.useLdap:
+ args.append ("--enableldap")
+ else:
+ args.append ("--disableldap")
+ if self.useLdapauth:
+ args.append ("--enableldapauth")
+ else:
+ args.append ("--disableldapauth")
+ if self.useLdap or self.useLdapauth:
+ args.append ("--ldapserver")
+ args.append (self.ldapServer)
+ args.append ("--ldapbasedn")
+ args.append (self.ldapBasedn)
+ if self.ldapTLS:
+ args.append ("--enableldaptls")
+ else:
+ args.append ("--disableldaptls")
+
+ if self.useKrb5:
+ args.append ("--enablekrb5")
+ args.append ("--krb5realm")
+ args.append (self.krb5Realm)
+ args.append ("--krb5kdc")
+ args.append (self.krb5Kdc)
+ args.append ("--krb5adminserver")
+ args.append (self.krb5Admin)
+ else:
+ args.append ("--disablekrb5")
+
+ if self.useHesiod:
+ args.append ("--enablehesiod")
+ args.append ("--hesiodlhs")
+ args.append (self.hesiodLhs)
+ args.append ("--hesiodrhs")
+ args.append (self.hesiodRhs)
+ else:
+ args.append ("--disablehesiod")
+
+ return args
+
+
+ def write (self, instPath):
+ args = [ "/usr/sbin/authconfig", "--kickstart", "--nostart" ]
+ args = args + self.getArgList()
+
+ try:
+ if flags.setupFilesystems:
+ iutil.execWithRedirect(args[0], args,
+ stdout = None, stderr = None,
+ searchPath = 1,
+ root = instPath)
+ else:
+ log("Would have run %s", args)
+ except RuntimeError, msg:
+ log ("Error running %s: %s", args, msg)
+