ccs/admin/admin.py

# CCS Computer Science
#   Common
#
# Douglas Thrift
#
# $Id$

import ldap
import subprocess

MASTER = 'zweihander.ccs.ucsb.edu'
BASE = 'dc=ccs,dc=ucsb,dc=edu'

ldap.set_option(ldap.OPT_PROTOCOL_VERSION, 3)
ldap.set_option(ldap.OPT_X_TLS_CACERTFILE, '/ccs/ssl/ccscert.pem')
ldap.set_option(ldap.OPT_X_TLS_REQUIRE_CERT, ldap.OPT_X_TLS_DEMAND)

def _user(user):
        return 'uid=%s,ou=People,%s' % (user, BASE)

def ldap_connection():
        connection = ldap.initialize('ldaps://' + MASTER)

        with open('/ccs/etc/secret', 'rb') as secret:
                connection.simple_bind_s(_user('root'), secret.read())
        
        return connection

def passwd(user, old_password, new_password):
        import warnings

        with warnings.catch_warnings():
                warnings.filterwarnings('ignore', 'the sets module is deprecated', DeprecationWarning)

                import MySQLdb

        connection = ldap_connection()

        connection.passwd_s(_user(user), old_password, new_password)
        connection.unbind_s()

        with open('/ccs/etc/secret', 'rb') as secret:
                db = MySQLdb.connect(passwd = secret.read(), db = 'mysql')

        cursor = db.cursor()

        cursor.execute('select count(User) from user where User = %s', (user,))

        if cursor.fetchone()[0]:
                cursor.execute('update user set Password = PASSWORD(%s) where User = %s', (new_password, user))
                cursor.execute('flush privileges');
        else:
                cursor.executemany('grant all on `' + db.escape_string(user) + r'\_%%`.* to %s@%s identified by %s', map(lambda host: (user, host, new_password), ('localhost', '%')))
Revision:	585
Committed:	2009-10-11T02:37:13-07:00 (15 years, 8 months ago) by douglas
Content type:	text/x-python
Original Path:	*admin/common.py*
File size:	1475 byte(s)
Log Message:	Checkpoint of Unix password daemon work, etc.
#	User	Rev	Content
1	douglas	585	# CCS Computer Science
2			# Common
3			#
4			# Douglas Thrift
5			#
6			# $Id$
7
8			import ldap
9			import subprocess
10
11			MASTER = 'zweihander.ccs.ucsb.edu'
12			BASE = 'dc=ccs,dc=ucsb,dc=edu'
13
14			ldap.set_option(ldap.OPT_PROTOCOL_VERSION, 3)
15			ldap.set_option(ldap.OPT_X_TLS_CACERTFILE, '/ccs/ssl/ccscert.pem')
16			ldap.set_option(ldap.OPT_X_TLS_REQUIRE_CERT, ldap.OPT_X_TLS_DEMAND)
17
18			def _user(user):
19			return 'uid=%s,ou=People,%s' % (user, BASE)
20
21			def ldap_connection():
22			connection = ldap.initialize('ldaps://' + MASTER)
23
24			with open('/ccs/etc/secret', 'rb') as secret:
25			connection.simple_bind_s(_user('root'), secret.read())
26
27			return connection
28
29			def passwd(user, old_password, new_password):
30			import warnings
31
32			with warnings.catch_warnings():
33			warnings.filterwarnings('ignore', 'the sets module is deprecated', DeprecationWarning)
34
35			import MySQLdb
36
37			connection = ldap_connection()
38
39			connection.passwd_s(_user(user), old_password, new_password)
40			connection.unbind_s()
41
42			with open('/ccs/etc/secret', 'rb') as secret:
43			db = MySQLdb.connect(passwd = secret.read(), db = 'mysql')
44
45			cursor = db.cursor()
46
47			cursor.execute('select count(User) from user where User = %s', (user,))
48
49			if cursor.fetchone()[0]:
50			cursor.execute('update user set Password = PASSWORD(%s) where User = %s', (new_password, user))
51			cursor.execute('flush privileges');
52			else:
53			cursor.executemany('grant all on `' + db.escape_string(user) + r'\_%%`.* to %s@%s identified by %s', map(lambda host: (user, host, new_password), ('localhost', '%')))