ccs/admin/admin.py

# CCS Computer Science
#   Admin
#
# Douglas Thrift
#
# $Id$

from __future__ import with_statement
import common
import ldap
import subprocess
import sys

MASTER = 'zweihander.ccs.ucsb.edu'
BASE = 'dc=ccs,dc=ucsb,dc=edu'
SHELLS = map(lambda system: 'ucsbCcs' + system.capitalize(), common.SYSTEMS)

ldap.set_option(ldap.OPT_PROTOCOL_VERSION, 3)
ldap.set_option(ldap.OPT_X_TLS_CACERTFILE, '/ccs/ssl/ccscert.pem')
ldap.set_option(ldap.OPT_X_TLS_REQUIRE_CERT, ldap.OPT_X_TLS_DEMAND)

def _user(user):
        return 'uid=%s,ou=People,%s' % (user, BASE)

def ldap_connection():
        connection = ldap.initialize('ldaps://' + MASTER)

        with open('/ccs/etc/secret', 'rb') as secret:
                connection.simple_bind_s(_user('root'), secret.read())
        
        return connection

def master():
        return common.HOST == MASTER

def run(exceptions):
        if exceptions:
                for host, exception in exceptions.iteritems():
                        print '%s: %s' % (host, exception)

                sys.exit(1)

def eof():
        print

        sys.exit(130)

def chfn(user, name):
        connection = ldap_connection()

        connection.modify_s(_user(user), [(ldap.MOD_REPLACE, 'cn', name)])
        connection.unbind_s()

def chsh(user, shell, shells):
        if shell != 'custom':
                shells = dict(common.SHELLS)[shell]
        else:
                for _shell, _shells in common.SHELLS[:-1]:
                        if shells == _shells:
                                shell = _shell

        connection = ldap_connection()

        connection.modify_s(_user(user), map(lambda (key, value): (ldap.MOD_REPLACE, key, value), [('loginShell', shell)] + zip(SHELLS, shells)))
        connection.unbind_s()

def passwd(user, old_password, new_password):
        import warnings

        with warnings.catch_warnings():
                warnings.filterwarnings('ignore', 'the sets module is deprecated', DeprecationWarning)

                import MySQLdb

        connection = ldap_connection()

        connection.passwd_s(_user(user), old_password, new_password)
        connection.unbind_s()

        with open('/ccs/etc/secret', 'rb') as secret:
                db = MySQLdb.connect(passwd = secret.read(), db = 'mysql')

        cursor = db.cursor()

        cursor.execute('select count(User) from user where User = %s', (user,))

        if cursor.fetchone()[0]:
                cursor.execute('update user set Password = PASSWORD(%s) where User = %s', (new_password, user))
                cursor.execute('flush privileges');
        else:
                cursor.executemany('grant all on `' + db.escape_string(user) + r'\_%%`.* to %s@%s identified by %s', map(lambda host: (user, host, new_password), ('localhost', '%')))
Revision:	592
Committed:	2009-10-13T07:26:55-07:00 (15 years, 8 months ago) by douglas
Content type:	text/x-python
File size:	2366 byte(s)
Log Message:	chfn!
#	User	Rev	Content
1	douglas	585	# CCS Computer Science
2	douglas	590	# Admin
3	douglas	585	#
4			# Douglas Thrift
5			#
6			# $Id$
7
8	douglas	591	from __future__ import with_statement
9			import common
10	douglas	585	import ldap
11			import subprocess
12	douglas	592	import sys
13	douglas	585
14			MASTER = 'zweihander.ccs.ucsb.edu'
15			BASE = 'dc=ccs,dc=ucsb,dc=edu'
16	douglas	592	SHELLS = map(lambda system: 'ucsbCcs' + system.capitalize(), common.SYSTEMS)
17	douglas	585
18			ldap.set_option(ldap.OPT_PROTOCOL_VERSION, 3)
19			ldap.set_option(ldap.OPT_X_TLS_CACERTFILE, '/ccs/ssl/ccscert.pem')
20			ldap.set_option(ldap.OPT_X_TLS_REQUIRE_CERT, ldap.OPT_X_TLS_DEMAND)
21
22			def _user(user):
23			return 'uid=%s,ou=People,%s' % (user, BASE)
24
25			def ldap_connection():
26			connection = ldap.initialize('ldaps://' + MASTER)
27
28			with open('/ccs/etc/secret', 'rb') as secret:
29			connection.simple_bind_s(_user('root'), secret.read())
30
31			return connection
32
33	douglas	591	def master():
34	douglas	592	return common.HOST == MASTER
35	douglas	591
36	douglas	592	def run(exceptions):
37			if exceptions:
38			for host, exception in exceptions.iteritems():
39			print '%s: %s' % (host, exception)
40
41			sys.exit(1)
42
43			def eof():
44			print
45
46			sys.exit(130)
47
48			def chfn(user, name):
49			connection = ldap_connection()
50
51			connection.modify_s(_user(user), [(ldap.MOD_REPLACE, 'cn', name)])
52			connection.unbind_s()
53
54	douglas	591	def chsh(user, shell, shells):
55			if shell != 'custom':
56			shells = dict(common.SHELLS)[shell]
57			else:
58			for _shell, _shells in common.SHELLS[:-1]:
59			if shells == _shells:
60			shell = _shell
61
62			connection = ldap_connection()
63
64			connection.modify_s(_user(user), map(lambda (key, value): (ldap.MOD_REPLACE, key, value), [('loginShell', shell)] + zip(SHELLS, shells)))
65			connection.unbind_s()
66
67	douglas	585	def passwd(user, old_password, new_password):
68			import warnings
69
70			with warnings.catch_warnings():
71			warnings.filterwarnings('ignore', 'the sets module is deprecated', DeprecationWarning)
72
73			import MySQLdb
74
75			connection = ldap_connection()
76
77			connection.passwd_s(_user(user), old_password, new_password)
78			connection.unbind_s()
79
80			with open('/ccs/etc/secret', 'rb') as secret:
81			db = MySQLdb.connect(passwd = secret.read(), db = 'mysql')
82
83			cursor = db.cursor()
84
85			cursor.execute('select count(User) from user where User = %s', (user,))
86
87			if cursor.fetchone()[0]:
88			cursor.execute('update user set Password = PASSWORD(%s) where User = %s', (new_password, user))
89			cursor.execute('flush privileges');
90			else:
91			cursor.executemany('grant all on `' + db.escape_string(user) + r'\_%%`.* to %s@%s identified by %s', map(lambda host: (user, host, new_password), ('localhost', '%')))