ccs/admin/admin.py

# CCS Computer Science
#   Admin
#
# Douglas Thrift
#
# $Id$

from __future__ import with_statement
import common
import ldap
import socket
import subprocess

MASTER = 'zweihander.ccs.ucsb.edu'
BASE = 'dc=ccs,dc=ucsb,dc=edu'
SHELLS = tuple(map(lambda system: 'ucsbCcs' + system.capitalize(), common.SYSTEMS))

ldap.set_option(ldap.OPT_PROTOCOL_VERSION, 3)
ldap.set_option(ldap.OPT_X_TLS_CACERTFILE, '/ccs/ssl/ccscert.pem')
ldap.set_option(ldap.OPT_X_TLS_REQUIRE_CERT, ldap.OPT_X_TLS_DEMAND)

def _user(user):
        return 'uid=%s,ou=People,%s' % (user, BASE)

def ldap_connection():
        connection = ldap.initialize('ldaps://' + MASTER)

        with open('/ccs/etc/secret', 'rb') as secret:
                connection.simple_bind_s(_user('root'), secret.read())
        
        return connection

def master():
        return socket.gethostbyaddr(common._host)[0] == MASTER

def chsh(user, shell, shells):
        if shell != 'custom':
                shells = dict(common.SHELLS)[shell]
        else:
                for _shell, _shells in common.SHELLS[:-1]:
                        if shells == _shells:
                                shell = _shell

        connection = ldap_connection()

        connection.modify_s(_user(user), map(lambda (key, value): (ldap.MOD_REPLACE, key, value), [('loginShell', shell)] + zip(SHELLS, shells)))
        connection.unbind_s()

def passwd(user, old_password, new_password):
        import warnings

        with warnings.catch_warnings():
                warnings.filterwarnings('ignore', 'the sets module is deprecated', DeprecationWarning)

                import MySQLdb

        connection = ldap_connection()

        connection.passwd_s(_user(user), old_password, new_password)
        connection.unbind_s()

        with open('/ccs/etc/secret', 'rb') as secret:
                db = MySQLdb.connect(passwd = secret.read(), db = 'mysql')

        cursor = db.cursor()

        cursor.execute('select count(User) from user where User = %s', (user,))

        if cursor.fetchone()[0]:
                cursor.execute('update user set Password = PASSWORD(%s) where User = %s', (new_password, user))
                cursor.execute('flush privileges');
        else:
                cursor.executemany('grant all on `' + db.escape_string(user) + r'\_%%`.* to %s@%s identified by %s', map(lambda host: (user, host, new_password), ('localhost', '%')))
Revision:	591
Committed:	2009-10-13T06:47:12-07:00 (15 years, 8 months ago) by douglas
Content type:	text/x-python
File size:	2080 byte(s)
Log Message:	chsh!
#	User	Rev	Content
1	douglas	585	# CCS Computer Science
2	douglas	590	# Admin
3	douglas	585	#
4			# Douglas Thrift
5			#
6			# $Id$
7
8	douglas	591	from __future__ import with_statement
9			import common
10	douglas	585	import ldap
11	douglas	591	import socket
12	douglas	585	import subprocess
13
14			MASTER = 'zweihander.ccs.ucsb.edu'
15			BASE = 'dc=ccs,dc=ucsb,dc=edu'
16	douglas	591	SHELLS = tuple(map(lambda system: 'ucsbCcs' + system.capitalize(), common.SYSTEMS))
17	douglas	585
18			ldap.set_option(ldap.OPT_PROTOCOL_VERSION, 3)
19			ldap.set_option(ldap.OPT_X_TLS_CACERTFILE, '/ccs/ssl/ccscert.pem')
20			ldap.set_option(ldap.OPT_X_TLS_REQUIRE_CERT, ldap.OPT_X_TLS_DEMAND)
21
22			def _user(user):
23			return 'uid=%s,ou=People,%s' % (user, BASE)
24
25			def ldap_connection():
26			connection = ldap.initialize('ldaps://' + MASTER)
27
28			with open('/ccs/etc/secret', 'rb') as secret:
29			connection.simple_bind_s(_user('root'), secret.read())
30
31			return connection
32
33	douglas	591	def master():
34			return socket.gethostbyaddr(common._host)[0] == MASTER
35
36			def chsh(user, shell, shells):
37			if shell != 'custom':
38			shells = dict(common.SHELLS)[shell]
39			else:
40			for _shell, _shells in common.SHELLS[:-1]:
41			if shells == _shells:
42			shell = _shell
43
44			connection = ldap_connection()
45
46			connection.modify_s(_user(user), map(lambda (key, value): (ldap.MOD_REPLACE, key, value), [('loginShell', shell)] + zip(SHELLS, shells)))
47			connection.unbind_s()
48
49	douglas	585	def passwd(user, old_password, new_password):
50			import warnings
51
52			with warnings.catch_warnings():
53			warnings.filterwarnings('ignore', 'the sets module is deprecated', DeprecationWarning)
54
55			import MySQLdb
56
57			connection = ldap_connection()
58
59			connection.passwd_s(_user(user), old_password, new_password)
60			connection.unbind_s()
61
62			with open('/ccs/etc/secret', 'rb') as secret:
63			db = MySQLdb.connect(passwd = secret.read(), db = 'mysql')
64
65			cursor = db.cursor()
66
67			cursor.execute('select count(User) from user where User = %s', (user,))
68
69			if cursor.fetchone()[0]:
70			cursor.execute('update user set Password = PASSWORD(%s) where User = %s', (new_password, user))
71			cursor.execute('flush privileges');
72			else:
73			cursor.executemany('grant all on `' + db.escape_string(user) + r'\_%%`.* to %s@%s identified by %s', map(lambda host: (user, host, new_password), ('localhost', '%')))