Home Explore Help
Sign In
erkanisik
/
core
mirror of https://github.com/pisilinux/core.git
Watch 1
Star 0
Fork 0
Files Issues 0 Wiki
Tree: ef83a191dd
Branches Tags
core
/
system
/
base
/
baselayout
/
comar
/
usermgr.py

usermgr.py 19 KB
History Raw

123456789101112131415161718192021222324252627282930313233343536373839404142434445464748495051525354555657585960616263646566676869707172737475767778798081828384858687888990919293949596979899100101102103104105106107108109110111112113114115116117118119120121122123124125126127128129130131132133134135136137138139140141142143144145146147148149150151152153154155156157158159160161162163164165166167168169170171172173174175176177178179180181182183184185186187188189190191192193194195196197198199200201202203204205206207208209210211212213214215216217218219220221222223224225226227228229230231232233234235236237238239240241242243244245246247248249250251252253254255256257258259260261262263264265266267268269270271272273274275276277278279280281282283284285286287288289290291292293294295296297298299300301302303304305306307308309310311312313314315316317318319320321322323324325326327328329330331332333334335336337338339340341342343344345346347348349350351352353354355356357358359360361362363364365366367368369370371372373374375376377378379380381382383384385386387388389390391392393394395396397398399400401402403404405406407408409410411412413414415416417418419420421422423424425426427428429430431432433434435436437438439440441442443444445446447448449450451452453454455456457458459460461462463464465466467468469470471472473474475476477478479480481482483484485486487488489490491492493494495496497498499500501502503504505506507508509510511512513514515516517518519520521522523524525526527528529530531532533534535536537538539540541542543544545546547548549550551552553554555556557558559560561562563564565566567568569570571572573574575576577578579580581582583584585586587588589590591592593594595596597598599600601602603604605606607608609610611612613614615616617618619620621622623624625626627628629630631632633634635636637638639640641642643644645646647648649650651652653654655656657658659660661662663664665666667668669670671672673674675676677678679680681682683684685686687688689690691 
  1. # -*- coding: utf-8 -*-
    2. 

  2. #
    3. 

  3. # Copyright (C) 2006-2010 TUBITAK/UEKAE
    4. 

  4. #
    5. 

  5. # This program is free software; you can redistribute it and/or modify it under
    6. 

  6. # the terms of the GNU General Public License as published by the Free
    7. 

  7. # Software Foundation; either version 2 of the License, or (at your option)
    8. 

  8. # any later version.
    9. 

  9. #
    10. 

  10. 

  11. import os
    12. 

  12. import glob
    13. 

  13. import fcntl
    14. 

  14. import random
    15. 

  15. import shutil
    16. 

  16. import hashlib
    17. 

  17. 

  18. from string import ascii_letters, digits
    19. 

  19. from pardus.fileutils import FileLock
    20. 

  20. 

  21. try:
    22. 

  22.     import polkit
    23. 

  23. except ImportError:
    24. 

  24.     pass
    25. 

  25. 

  26. 

  27. # faces
    28. 

  28. 

  29. FACES = [
    30. 

  30.     "/usr/share/kde4/apps/kdm/pics/users",
    31. 

  31. ]
    32. 

  32. 

  33. # messages
    34. 

  34. 

  35. invalid_username_msg = {
    36. 

  36.     "en": "User name is invalid.",
    37. 

  37.     "tr": "Kullanıcı adı geçersiz.",
    38. 

  38.     "fr": "Nom d'utilisateur invalide.",
    39. 

  39.     "es": "Nombre de usuario no es válido.",
    40. 

  40.     "de": "Benutzername nicht erlaubt.",
    41. 

  41.     "nl": "Gebruikernaam is ongeldig.",
    42. 

  42. }
    43. 

  43. 

  44. invalid_realname_msg = {
    45. 

  45.     "en": "Real name is invalid.",
    46. 

  46.     "tr": "Gerçek isim geçersiz.",
    47. 

  47.     "fr": "Nom réel invalide.",
    48. 

  48.     "es": "Nombre real no es válido.",
    49. 

  49.     "de": "Dieser vollständige Name ist nicht erlaubt.",
    50. 

  50.     "nl": "Echte naam is ongeldig.",
    51. 

  51. }
    52. 

  52. 

  53. short_password_msg = {
    54. 

  54.     "en": "Password is too short.",
    55. 

  55.     "tr": "Parola çok kısa.",
    56. 

  56.     "fr": "Mot de passe trop court.",
    57. 

  57.     "es": "Contraseña es demadiado corta.",
    58. 

  58.     "de": "Passwort ist zu kurz.",
    59. 

  59.     "nl": "Wachtwoord is te kort.",
    60. 

  60. }
    61. 

  61. 

  62. name_password_msg = {
    63. 

  63.     "en": "Dont use your name as a password.",
    64. 

  64.     "tr": "Adınızı parola olarak kullanmayın.",
    65. 

  65.     "fr": "N'utilisez pas votre nom comme mot de passe.",
    66. 

  66.     "es": "No use su nombre como contraseña.",
    67. 

  67.     "de": "Benutzen Sie nicht Ihren Namen als Passwort.",
    68. 

  68.     "nl": "Uw naam niet als wachtwoord gebruiken.",
    69. 

  69. }
    70. 

  70. 

  71. invalid_group_msg = {
    72. 

  72.     "en": "Invalid group name:",
    73. 

  73.     "tr": "Geçersiz grup adı:",
    74. 

  74.     "fr": "Nom de groupe invalide:",
    75. 

  75.     "es": "Nombre de grupo inválido:",
    76. 

  76.     "de": "Gruppenname nicht erlaubt:",
    77. 

  77.     "nl": "Ongeldige groepnaam:",
    78. 

  78. }
    79. 

  79. 

  80. invalid_userid_msg = {
    81. 

  81.     "en": "Invalid user ID.",
    82. 

  82.     "tr": "Geçersiz kullanıcı numarası.",
    83. 

  83.     "fr": "Identifiant utilisateur invalide.",
    84. 

  84.     "es": "ID de usuario no válido.",
    85. 

  85.     "de": "User-ID nicht erlaubt.",
    86. 

  86.     "nl": "Gebruiker-id is ongeldig.",
    87. 

  87. }
    88. 

  88. 

  89. used_userid_msg = {
    90. 

  90.     "en": "This user ID is already used.",
    91. 

  91.     "tr": "Bu kullanıcı numarası zaten kullanılmakta.",
    92. 

  92.     "fr": "Cet identifiant utilisateur est déjà utilisé.",
    93. 

  93.     "es": "Este ID de usuario ya está en uso.",
    94. 

  94.     "de": "Dieser user-ID is schon vergeben.",
    95. 

  95.     "nl": "Deze gebruiker-id is reeds in gebruik.",
    96. 

  96. }
    97. 

  97. 

  98. used_username_msg = {
    99. 

  99.     "en": "This user name is already used.",
    100. 

  100.     "tr": "Bu kullanıcı adı zaten kullanılmakta.",
    101. 

  101.     "fr": "Ce nom d'utilisateur est déjà utilisé.",
    102. 

  102.     "es": "Este nombre de usuario ya está en uso.",
    103. 

  103.     "de": "Dieser Benutzername is schon vergeben.",
    104. 

  104.     "nl": "Deze gebruikernaam is reeds in gebruik.",
    105. 

  105. }
    106. 

  106. 

  107. no_group_msg = {
    108. 

  108.     "en": "No such group exists.",
    109. 

  109.     "tr": "Böyle bir grup yok.",
    110. 

  110.     "fr": "Il n'existe aucun groupe de ce nom-là.",
    111. 

  111.     "es": "No existe el grupo.",
    112. 

  112.     "de": "Diese Gruppe gibt es nicht.",
    113. 

  113.     "nl": "Deze groep bestaat niet.",
    114. 

  114. }
    115. 

  115. 

  116. no_user_msg = {
    117. 

  117.     "en": "No user with given ID.",
    118. 

  118.     "tr": "Verilen numaralı bir kullanıcı yok.",
    119. 

  119.     "fr": "Il n'existe aucun utilisateur avec et identifiant.",
    120. 

  120.     "es": "No existe usuario con éste ID.",
    121. 

  121.     "de": "Es gibt keien Benutzer mit dem angegebenen ID.",
    122. 

  122.     "nl": "Gebruiker met opgegeven ID bestaat niet.",
    123. 

  123. }
    124. 

  124. 

  125. delete_root_msg = {
    126. 

  126.     "en": "You cant delete root user.",
    127. 

  127.     "tr": "Kök kullanıcıyı silemezsiniz.",
    128. 

  128.     "fr": "Vous ne pouvez pas supprimer l'administrateur.",
    129. 

  129.     "es": "No se puede eliminar al usuario root.",
    130. 

  130.     "de": "Benutzer ROOT darf nicht gelöscht werden.",
    131. 

  131.     "nl": "Systeembeheerder (root) kan niet verwijderd worden.",
    132. 

  132. }
    133. 

  133. 

  134. invalid_groupid_msg = {
    135. 

  135.     "en": "Invalid group ID.",
    136. 

  136.     "tr": "Geçersiz grup numarası.",
    137. 

  137.     "fr": "Identifiant de groupe invalide.",
    138. 

  138.     "es": "ID del grupo inválido.",
    139. 

  139.     "de": "Gruppen-ID nicht zulässig.",
    140. 

  140.     "nl": "Groep-ID is ongeldig.",
    141. 

  141. }
    142. 

  142. 

  143. used_groupid_msg = {
    144. 

  144.     "en": "This group ID is already used.",
    145. 

  145.     "tr": "Bu grup numarası zaten kullanılmakta.",
    146. 

  146.     "fr": "Cet identifiant de groupe est déjà utilisé.",
    147. 

  147.     "es": "Este ID de grupo ya está en uso.",
    148. 

  148.     "de": "Dieser Gruppen-ID is schon vergeben.",
    149. 

  149.     "nl": "Deze groep-ID is reeds in gebruik.",
    150. 

  150. }
    151. 

  151. 

  152. used_groupname_msg = {
    153. 

  153.     "en": "This group name is already used.",
    154. 

  154.     "tr": "Bu grup adı zaten kullanılmakta.",
    155. 

  155.     "fr": "Ce nom de groupe est déjà utilisé.",
    156. 

  156.     "es": "Este nombre de grupo ya está en uso.",
    157. 

  157.     "de": "Dieser Gruppennam is schon vergeben.",
    158. 

  158.     "nl": "Deze groepnaam is reeds in gebruik.",
    159. 

  159. }
    160. 

  160. 

  161. # parameters
    162. 

  162. uid_minimum = 1000
    163. 

  163. uid_maximum = 65000
    164. 

  164. 

  165. #
    166. 

  166. 

  167. def setFace(uid, homedir):
    168. 

  168.     files = []
    169. 

  169.     for directory in FACES:
    170. 

  170.         if os.path.exists(directory):
    171. 

  171.             for filename in os.listdir(directory):
    172. 

  172.                 if filename.endswith(".png"):
    173. 

  173.                     files.append(os.path.join(directory, filename))
    174. 

  174.     if len(files):
    175. 

  175.         icon = os.path.join(homedir, ".face.icon")
    176. 

  176.         shutil.copy(random.choice(files), icon)
    177. 

  177.         os.chmod(icon, 0644)
    178. 

  178.         os.chown(icon, uid, 100)
    179. 

  179. 

  180. def checkName(name):
    181. 

  181.     first_valid = ascii_letters
    182. 

  182.     valid = ascii_letters + "_-" + digits
    183. 

  183.     if len(name) == 0 or len(filter(lambda x: not x in valid, name)) != 0 or not name[0] in first_valid:
    184. 

  184.         fail(_(invalid_username_msg))
    185. 

  185. 

  186. def checkRealName(realname):
    187. 

  187.     if len(filter(lambda x: x == "\n" or x == ":", realname)) != 0:
    188. 

  188.         fail(_(invalid_realname_msg))
    189. 

  189. 

  190. def checkPassword(password, badlist):
    191. 

  191.     if len(password) < 1:
    192. 

  192.         fail(_(short_password_msg))
    193. 

  193.     if password in badlist:
    194. 

  194.         fail(_(name_password_msg))
    195. 

  195. 

  196. def checkGroupName(name):
    197. 

  197.     valid = ascii_letters + "_-"
    198. 

  198.     if name == "" or len(filter(lambda x: not x in valid, name)) != 0:
    199. 

  199.         fail(_(invalid_group_msg) + " " + name)
    200. 

  200. 

  201. #
    202. 

  202. 

  203. class User:
    204. 

  204.     def __init__(self):
    205. 

  205.         self.password = None
    206. 

  206. 

  207.     def __str__(self):
    208. 

  208.         return "%s (%d, %d)\n  %s\n  %s\n  %s\n  %s" % (
    209. 

  209.             self.name, self.uid, self.gid,
    210. 

  210.             self.realname, self.homedir, self.shell,
    211. 

  211.             self.password
    212. 

  212.         )
    213. 

  213. 

  214. 

  215. class Group:
    216. 

  216.     def __str__(self):
    217. 

  217.         s = "%s (%d)" % (self.name, self.gid)
    218. 

  218.         for name in self.members:
    219. 

  219.             s += "\n %s" % name
    220. 

  220.         return s
    221. 

  221. 

  222. 

  223. class Database:
    224. 

  224.     passwd_path = "/etc/passwd"
    225. 

  225.     shadow_path = "/etc/shadow"
    226. 

  226.     group_path = "/etc/group"
    227. 

  227.     lock_path = "/etc/.pwd.lock"
    228. 

  228. 

  229.     def __init__(self, for_read=False):
    230. 

  230.         self.lock = FileLock(self.lock_path)
    231. 

  231.         self.lock.lock(shared=for_read)
    232. 

  232. 

  233.         self.users = {}
    234. 

  234.         self.users_by_name = {}
    235. 

  235.         self.groups = {}
    236. 

  236.         self.groups_by_name = {}
    237. 

  237. 

  238.         for line in file(self.passwd_path):
    239. 

  239.             if line != "" and line != "\n":
    240. 

  240.                 parts = line.rstrip("\n").split(":")
    241. 

  241.                 user = User()
    242. 

  242.                 user.name = parts[0]
    243. 

  243.                 user.uid = int(parts[2])
    244. 

  244.                 user.gid = int(parts[3])
    245. 

  245.                 user.realname = parts[4]
    246. 

  246.                 user.homedir = parts[5]
    247. 

  247.                 user.shell = parts[6]
    248. 

  248.                 self.users[user.uid] = user
    249. 

  249.                 self.users_by_name[user.name] = user
    250. 

  250. 

  251.         for line in file(self.shadow_path):
    252. 

  252.             if line != "" and line != "\n":
    253. 

  253.                 parts = line.rstrip("\n").split(":")
    254. 

  254.                 if self.users_by_name.has_key(parts[0]):
    255. 

  255.                     user = self.users_by_name[parts[0]]
    256. 

  256.                     user.password = parts[1]
    257. 

  257.                     user.pwrest = parts[2:]
    258. 

  258. 

  259.         for line in file(self.group_path):
    260. 

  260.             if line != "" and line != "\n":
    261. 

  261.                 parts = line.rstrip("\n").split(":")
    262. 

  262.                 group = Group()
    263. 

  263.                 group.name = parts[0]
    264. 

  264.                 group.gid = int(parts[2])
    265. 

  265.                 group.members = parts[3].split(",")
    266. 

  266.                 if "" in group.members:
    267. 

  267.                     group.members.remove("")
    268. 

  268.                 self.groups[group.gid] = group
    269. 

  269.                 self.groups_by_name[group.name] = group
    270. 

  270. 

  271.     def sync(self):
    272. 

  272.         lines = []
    273. 

  273.         keys = self.users.keys()
    274. 

  274.         keys.sort()
    275. 

  275.         for uid in keys:
    276. 

  276.             user = self.users[uid]
    277. 

  277.             lines.append("%s:x:%d:%d:%s:%s:%s\n" % (
    278. 

  278.                 user.name, uid, user.gid,
    279. 

  279.                 user.realname, user.homedir, user.shell
    280. 

  280.             ))
    281. 

  281.         f = file(self.passwd_path, "w")
    282. 

  282.         f.writelines(lines)
    283. 

  283.         f.close()
    284. 

  284. 

  285.         lines = []
    286. 

  286.         keys = self.users.keys()
    287. 

  287.         keys.sort()
    288. 

  288.         for uid in keys:
    289. 

  289.             user = self.users[uid]
    290. 

  290.             if user.password:
    291. 

  291.                 lines.append("%s:%s:%s\n" % (
    292. 

  292.                     user.name,
    293. 

  293.                     user.password,
    294. 

  294.                     ":".join(user.pwrest)
    295. 

  295.                 ))
    296. 

  296.             else:
    297. 

  297.                 lines.append("%s::13094:0:99999:7:::\n" % user.name)
    298. 

  298.         f = file(self.shadow_path, "w")
    299. 

  299.         f.writelines(lines)
    300. 

  300.         f.close()
    301. 

  301. 

  302.         lines = []
    303. 

  303.         keys = self.groups.keys()
    304. 

  304.         keys.sort()
    305. 

  305.         for gid in keys:
    306. 

  306.             group = self.groups[gid]
    307. 

  307.             lines.append("%s:x:%s:%s\n" % (group.name, gid, ",".join(group.members)))
    308. 

  308.         f = file(self.group_path, "w")
    309. 

  309.         f.writelines(lines)
    310. 

  310.         f.close()
    311. 

  311. 

  312.     def set_groups(self, name, grouplist):
    313. 

  313.         for gid in self.groups.keys():
    314. 

  314.             g = self.groups[gid]
    315. 

  315.             if name in g.members:
    316. 

  316.                 if not g.name in grouplist:
    317. 

  317.                     g.members.remove(name)
    318. 

  318.             else:
    319. 

  319.                 if g.name in grouplist:
    320. 

  320.                     g.members.append(name)
    321. 

  321. 

  322.     def next_uid(self):
    323. 

  323.         for i in range(uid_minimum, uid_maximum):
    324. 

  324.             if not self.users.has_key(i):
    325. 

  325.                 return i
    326. 

  326. 

  327.     def next_gid(self):
    328. 

  328.         for i in range(uid_minimum, uid_maximum):
    329. 

  329.             if not self.groups.has_key(i):
    330. 

  330.                 return i
    331. 

  331. 

  332. 

  333. def setup_home(uid, gid, path):
    334. 

  334.     if not os.path.exists(path):
    335. 

  335.         # Copy skeleton home dir
    336. 

  336.         os.system('/bin/cp -r %s "%s"' % ('/etc/skel', path))
    337. 

  337.         # Set a random face icon
    338. 

  338.         faces = glob.glob("/usr/share/*/apps/kdm/pics/users/*.png")
    339. 

  339.         if len(faces) > 0:
    340. 

  340.             facepath = os.path.join(path, '.face.icon')
    341. 

  341.             os.system('/bin/cp --remove-destination "%s" "%s"' % (random.choice(faces), facepath))
    342. 

  342.             os.chmod(facepath, 0644)
    343. 

  343.         # Set ownerships
    344. 

  344.         os.system('/bin/chown -R %d:%d "%s"' % (uid, gid, path))
    345. 

  345. 

  346.     # Make sure at least top of the home dir's permissions are correct
    347. 

  347.     os.system('/bin/chown %d:%d "%s"' % (uid, gid, path))
    348. 

  348.     os.chmod(path, 0711)
    349. 

  349. 

  350. 

  351. # methods
    352. 

  352. 

  353. def userList():
    354. 

  354.     def format(dict, uid):
    355. 

  355.         item = dict[uid]
    356. 

  356.         return (item.uid, item.name, item.realname)
    357. 

  357.     db = Database(for_read=True)
    358. 

  358.     return map(lambda x: format(db.users, x), db.users)
    359. 

  359. 

  360. def userInfo(uid):
    361. 

  361.     uid = int(uid)
    362. 

  362.     db = Database(for_read=True)
    363. 

  363.     if db.users.has_key(uid):
    364. 

  364.         u = db.users[uid]
    365. 

  365.         groups = []
    366. 

  366.         for item in db.groups.keys():
    367. 

  367.             if u.name in db.groups[item].members:
    368. 

  368.                 groups.append(db.groups[item].name)
    369. 

  369.         grp = db.groups.get(u.gid, None)
    370. 

  370.         if grp:
    371. 

  371.             if grp.name in groups:
    372. 

  372.                 groups.remove(grp.name)
    373. 

  373.             groups.insert(0, grp.name)
    374. 

  374.         ret = (
    375. 

  375.             u.name,
    376. 

  376.             u.realname,
    377. 

  377.             u.gid,
    378. 

  378.             u.homedir,
    379. 

  379.             u.shell,
    380. 

  380.             groups,
    381. 

  381.         )
    382. 

  382.         return ret
    383. 

  383.     else:
    384. 

  384.         fail(_(no_user_msg))
    385. 

  385. 

  386. def addUser(uid, name, realname, homedir, shell, password, groups, grants, blocks):
    387. 

  387.     if not realname:
    388. 

  388.         realname = ""
    389. 

  389.     if not homedir:
    390. 

  390.         homedir = "/home/" + name
    391. 

  391.     if not shell:
    392. 

  392.         shell = "/bin/bash"
    393. 

  393.     if not groups:
    394. 

  394.         groups = ["nogroup"]
    395. 

  395.     for item in groups:
    396. 

  396.         checkGroupName(item)
    397. 

  397.     checkName(name)
    398. 

  398.     checkRealName(realname)
    399. 

  399.     if password:
    400. 

  400.         checkPassword(password, (name, realname))
    401. 

  401. 

  402.     db = Database()
    403. 

  403. 

  404.     if uid == -1:
    405. 

  405.         uid = db.next_uid()
    406. 

  406.     else:
    407. 

  407.         try:
    408. 

  408.             uid = int(uid)
    409. 

  409.             if uid < 0 or uid > 65536:
    410. 

  410.                 raise
    411. 

  411.         except:
    412. 

  412.             fail(_(invalid_userid_msg))
    413. 

  413.         if db.users.has_key(uid):
    414. 

  414.             fail(_(used_userid_msg))
    415. 

  415. 

  416.     if db.users_by_name.has_key(name):
    417. 

  417.         fail(_(used_username_msg))
    418. 

  418. 

  419.     # First group in the list is the user's main group
    420. 

  420.     g = db.groups_by_name.get(groups[0], None)
    421. 

  421.     if not g:
    422. 

  422.         fail(_(no_group_msg))
    423. 

  423.     gid = g.gid
    424. 

  424. 

  425.     u = User()
    426. 

  426.     u.uid = uid
    427. 

  427.     u.gid = gid
    428. 

  428.     u.name = name
    429. 

  429.     u.realname = realname
    430. 

  430.     u.homedir = homedir
    431. 

  431.     u.shell = shell
    432. 

  432.     if password:
    433. 

  433.         u.password = shadowCrypt(password)
    434. 

  434.     else:
    435. 

  435.         u.password = "*"
    436. 

  436.     u.pwrest = [ "13094", "0", "99999", "7", "", "", "" ]
    437. 

  437.     db.users[uid] = u
    438. 

  438.     db.set_groups(name, groups)
    439. 

  439.     # No need to setup a real home dir for daemons
    440. 

  440.     if uid >= 1000 or homedir.startswith("/home/"):
    441. 

  441.         setup_home(uid, gid, homedir)
    442. 

  442.         setFace(uid, homedir)
    443. 

  443.     db.sync()
    444. 

  444. 

  445.     for grant in grants:
    446. 

  446.         if grant != "":
    447. 

  447.             grantAuthorization(uid, grant)
    448. 

  448.     for block in blocks:
    449. 

  449.         if block != "":
    450. 

  450.             blockAuthorization(uid, block)
    451. 

  451. 

  452.     return uid
    453. 

  453. 

  454. def setUser(uid, realname, homedir, shell, password, groups):
    455. 

  455.     uid = int(uid)
    456. 

  456. 

  457.     db = Database()
    458. 

  458.     u = db.users.get(uid, None)
    459. 

  459.     if u:
    460. 

  460.         if realname:
    461. 

  461.             checkRealName(realname)
    462. 

  462.             u.realname = realname
    463. 

  463.         if homedir:
    464. 

  464.             u.homedir = homedir
    465. 

  465.         if shell:
    466. 

  466.             u.shell = shell
    467. 

  467.         if password:
    468. 

  468.             checkPassword(password, (u.name, u.realname, realname))
    469. 

  469.             u.password = shadowCrypt(password)
    470. 

  470.         if groups:
    471. 

  471.             # FIXME: check main group
    472. 

  472.             for item in groups:
    473. 

  473.                 checkGroupName(item)
    474. 

  474.             db.set_groups(u.name, groups)
    475. 

  475.         db.sync()
    476. 

  476.     else:
    477. 

  477.         fail(_(no_user_msg))
    478. 

  478. 

  479. def deleteUser(uid, deletefiles):
    480. 

  480.     uid = int(uid)
    481. 

  481. 

  482.     if uid == 0:
    483. 

  483.         fail(_(delete_root_msg))
    484. 

  484. 

  485.     db = Database()
    486. 

  486.     u = db.users.get(uid, None)
    487. 

  487.     if u:
    488. 

  488.         #delete authorizations of user
    489. 

  489.         try:
    490. 

  490.             polkit.auth_revoke_all(uid)
    491. 

  491.         except:
    492. 

  492.             pass
    493. 

  493. 

  494.         home = u.homedir[:]
    495. 

  495.         db.set_groups(u.name, [])
    496. 

  496.         del db.users[uid]
    497. 

  497.         db.sync()
    498. 

  498.         if deletefiles:
    499. 

  499.             os.system('/bin/rm -rf "%s"' % home)
    500. 

  500. 

  501. 

  502. def groupList():
    503. 

  503.     def format(dict, gid):
    504. 

  504.         item = dict[gid]
    505. 

  505.         return (item.gid, item.name)
    506. 

  506.     db = Database(for_read=True)
    507. 

  507.     return map(lambda x: format(db.groups, x), db.groups)
    508. 

  508. 

  509. def addGroup(gid, name):
    510. 

  510.     checkGroupName(name)
    511. 

  511. 

  512.     db = Database()
    513. 

  513.     if gid == -1:
    514. 

  514.         gid = db.next_gid()
    515. 

  515.     else:
    516. 

  516.         try:
    517. 

  517.             gid = int(gid)
    518. 

  518.             if gid < 0 or gid > 65536:
    519. 

  519.                 raise
    520. 

  520.         except:
    521. 

  521.             fail(_(invalid_groupid_msg))
    522. 

  522.         if db.groups.has_key(gid):
    523. 

  523.             fail(_(used_groupid_msg))
    524. 

  524. 

  525.     if db.groups_by_name.has_key(name):
    526. 

  526.         fail(_(used_groupname_msg))
    527. 

  527. 

  528.     g = Group()
    529. 

  529.     g.gid = gid
    530. 

  530.     g.name = name
    531. 

  531.     g.members = []
    532. 

  532.     db.groups[gid] = g
    533. 

  533.     db.sync()
    534. 

  534. 

  535.     return gid
    536. 

  536. 

  537. def deleteGroup(gid):
    538. 

  538.     gid = int(gid)
    539. 

  539. 

  540.     db = Database()
    541. 

  541.     if db.groups.has_key(gid):
    542. 

  542.         del db.groups[gid]
    543. 

  543.         db.sync()
    544. 

  544. 

  545. 

  546. #
    547. 

  547. # Crypt function for shadow file
    548. 

  548. #
    549. 

  549. 

  550. def shadowCrypt(password):
    551. 

  551.     des_salt = list('./0123456789ABCDEFGHIJKLMNOPQRSTUVWXYZabcdefghijklmnopqrstuvwxyz')
    552. 

  552.     salt, magic = str(random.random())[-8:], '$1$'
    553. 

  553. 

  554.     ctx = hashlib.md5(password)
    555. 

  555.     ctx.update(magic)
    556. 

  556.     ctx.update(salt)
    557. 

  557. 

  558.     ctx1 = hashlib.md5(password)
    559. 

  559.     ctx1.update(salt)
    560. 

  560.     ctx1.update(password)
    561. 

  561. 

  562.     final = ctx1.digest()
    563. 

  563. 

  564.     for i in range(len(password), 0 , -16):
    565. 

  565.         if i > 16:
    566. 

  566.             ctx.update(final)
    567. 

  567.         else:
    568. 

  568.             ctx.update(final[:i])
    569. 

  569. 

  570.     i = len(password)
    571. 

  571. 

  572.     while i:
    573. 

  573.         if i & 1:
    574. 

  574.             ctx.update('\0')
    575. 

  575.         else:
    576. 

  576.             ctx.update(password[:1])
    577. 

  577.         i = i >> 1
    578. 

  578.     final = ctx.digest()
    579. 

  579. 

  580.     for i in range(1000):
    581. 

  581.         ctx1 = hashlib.md5()
    582. 

  582.         if i & 1:
    583. 

  583.             ctx1.update(password)
    584. 

  584.         else:
    585. 

  585.             ctx1.update(final)
    586. 

  586.         if i % 3: ctx1.update(salt)
    587. 

  587.         if i % 7: ctx1.update(password)
    588. 

  588.         if i & 1:
    589. 

  589.             ctx1.update(final)
    590. 

  590.         else:
    591. 

  591.             ctx1.update(password)
    592. 

  592.         final = ctx1.digest()
    593. 

  593. 

  594.     def _to64(v, n):
    595. 

  595.         r = ''
    596. 

  596.         while (n-1 >= 0):
    597. 

  597.             r = r + des_salt[v & 0x3F]
    598. 

  598.             v = v >> 6
    599. 

  599.             n = n - 1
    600. 

  600.         return r
    601. 

  601. 

  602.     rv = magic + salt + '$'
    603. 

  603.     final = map(ord, final)
    604. 

  604.     l = (final[0] << 16) + (final[6] << 8) + final[12]
    605. 

  605.     rv = rv + _to64(l, 4)
    606. 

  606.     l = (final[1] << 16) + (final[7] << 8) + final[13]
    607. 

  607.     rv = rv + _to64(l, 4)
    608. 

  608.     l = (final[2] << 16) + (final[8] << 8) + final[14]
    609. 

  609.     rv = rv + _to64(l, 4)
    610. 

  610.     l = (final[3] << 16) + (final[9] << 8) + final[15]
    611. 

  611.     rv = rv + _to64(l, 4)
    612. 

  612.     l = (final[4] << 16) + (final[10] << 8) + final[5]
    613. 

  613.     rv = rv + _to64(l, 4)
    614. 

  614.     l = final[11]
    615. 

  615.     rv = rv + _to64(l, 2)
    616. 

  616. 

  617.     return rv
    618. 

  618. 

  619. #
    620. 

  620. # List authorizations by UID
    621. 

  621. #
    622. 

  622. 

  623. def listUserAuthorizations(uid):
    624. 

  624.     actions = polkit.auth_list_uid(int(uid))
    625. 

  625.     auths = []
    626. 

  626.     for action in actions:
    627. 

  627.         action_info = polkit.action_info(action['action_id'])
    628. 

  628.         auths.append((action['action_id'], action['scope'], action_info['description'], action_info['policy_active'], action['negative']))
    629. 

  629.     return auths
    630. 

  630. 

  631. #
    632. 

  632. # Grant authorization to user
    633. 

  633. #
    634. 

  634. 

  635. def grantAuthorization(uid, action):
    636. 

  636.     uid = int(uid)
    637. 

  637.     if action == "*":
    638. 

  638.         for action_id in polkit.action_list():
    639. 

  639.             try:
    640. 

  640.                 polkit.auth_revoke(uid, action_id)
    641. 

  641.                 polkit.auth_add(action_id, polkit.SCOPE_ALWAYS, uid)
    642. 

  642.             except:
    643. 

  643.                 return False
    644. 

  644.     else:
    645. 

  645.         try:
    646. 

  646.             polkit.auth_revoke(uid, action)
    647. 

  647.             polkit.auth_add(action, polkit.SCOPE_ALWAYS, uid)
    648. 

  648.         except:
    649. 

  649.             return False
    650. 

  650.     return True
    651. 

  651. 

  652. #
    653. 

  653. # Revoke authorization of user
    654. 

  654. #
    655. 

  655. 

  656. def revokeAuthorization(uid, action):
    657. 

  657.     uid = int(uid)
    658. 

  658.     if action == "*":
    659. 

  659.         for action_id in polkit.action_list():
    660. 

  660.             try:
    661. 

  661.                 polkit.auth_revoke(uid, action_id)
    662. 

  662.             except:
    663. 

  663.                 return False
    664. 

  664.     else:
    665. 

  665.         try:
    666. 

  666.             polkit.auth_revoke(uid, action)
    667. 

  667.         except:
    668. 

  668.             return False
    669. 

  669.     return True
    670. 

  670. 

  671. #
    672. 

  672. # Block authorization of user
    673. 

  673. #
    674. 

  674. 

  675. def blockAuthorization(uid, action):
    676. 

  676.     uid = int(uid)
    677. 

  677.     if action == "*":
    678. 

  678.         for action_id in polkit.action_list():
    679. 

  679.             try:
    680. 

  680.                 polkit.auth_revoke(uid, action_id)
    681. 

  681.                 polkit.auth_block(uid, action_id)
    682. 

  682.             except:
    683. 

  683.                 return False
    684. 

  684.     else:
    685. 

  685.         try:
    686. 

  686.             polkit.auth_revoke(uid, action)
    687. 

  687.             polkit.auth_block(uid, action)
    688. 

  688.         except:
    689. 

  689.             return False
    690. 

  690.     return True
    691. 

  691.