ccs/admin/admin.py

# CCS Computer Science
#   Admin
#
# Douglas Thrift
#
# $Id$

from __future__ import with_statement
import common
import ldap
import subprocess
import sys

MASTER = 'zweihander.ccs.ucsb.edu'
BASE = 'dc=ccs,dc=ucsb,dc=edu'
SHELLS = map(lambda system: 'ucsbCcs' + system.capitalize(), common.SYSTEMS)

ldap.set_option(ldap.OPT_PROTOCOL_VERSION, 3)
ldap.set_option(ldap.OPT_X_TLS_CACERTFILE, '/ccs/ssl/ccscert.pem')
ldap.set_option(ldap.OPT_X_TLS_REQUIRE_CERT, ldap.OPT_X_TLS_DEMAND)

def _user(user):
        return 'uid=%s,ou=People,%s' % (user, BASE)

def ldap_connection():
        connection = ldap.initialize('ldaps://' + MASTER)

        with open('/ccs/etc/secret', 'rb') as secret:
                connection.simple_bind_s(_user('root'), secret.read())
        
        return connection

def master():
        return common.HOST == MASTER

def run(errors):
        if errors:
                for host, error in errors.iteritems():
                        sys.stderr.write('%s: %s\n' % (host, error))

                sys.exit(1)

def error(error):
        sys.exit('%s: %s' % (sys.argv[0], error))

def eof():
        print

        sys.exit(130)

def chfn(user, name):
        connection = ldap_connection()

        connection.modify_s(_user(user), [(ldap.MOD_REPLACE, 'cn', name)])
        connection.unbind_s()

def chsh(user, shell, shells):
        if shell != 'custom':
                shells = dict(common.SHELLS)[shell]
        else:
                for _shell, _shells in common.SHELLS[:-1]:
                        if shells == _shells:
                                shell = _shell

        connection = ldap_connection()

        connection.modify_s(_user(user), map(lambda (key, value): (ldap.MOD_REPLACE, key, value), [('loginShell', shell)] + zip(SHELLS, shells)))
        connection.unbind_s()

def passwd(user, old_password, new_password):
        import warnings

        with warnings.catch_warnings():
                warnings.filterwarnings('ignore', 'the sets module is deprecated', DeprecationWarning)

                import MySQLdb

        connection = ldap_connection()

        connection.passwd_s(_user(user), old_password, new_password)
        connection.unbind_s()

        with open('/ccs/etc/secret', 'rb') as secret:
                db = MySQLdb.connect(passwd = secret.read(), db = 'mysql')

        cursor = db.cursor()

        cursor.execute('select count(User) from user where User = %s', (user,))

        if cursor.fetchone()[0]:
                cursor.execute('update user set Password = PASSWORD(%s) where User = %s', (new_password, user))
                cursor.execute('flush privileges');
        else:
                cursor.executemany('grant all on `' + db.escape_string(user) + r'\_%%`.* to %s@%s identified by %s', map(lambda host: (user, host, new_password), ('localhost', '%')))
Revision:	593
Committed:	2009-10-14T01:23:17-07:00 (15 years, 8 months ago) by douglas
Content type:	text/x-python
File size:	2422 byte(s)
Log Message:	passwd!
#	User	Rev	Content
1	douglas	585	# CCS Computer Science
2	douglas	590	# Admin
3	douglas	585	#
4			# Douglas Thrift
5			#
6			# $Id$
7
8	douglas	591	from __future__ import with_statement
9			import common
10	douglas	585	import ldap
11			import subprocess
12	douglas	592	import sys
13	douglas	585
14			MASTER = 'zweihander.ccs.ucsb.edu'
15			BASE = 'dc=ccs,dc=ucsb,dc=edu'
16	douglas	592	SHELLS = map(lambda system: 'ucsbCcs' + system.capitalize(), common.SYSTEMS)
17	douglas	585
18			ldap.set_option(ldap.OPT_PROTOCOL_VERSION, 3)
19			ldap.set_option(ldap.OPT_X_TLS_CACERTFILE, '/ccs/ssl/ccscert.pem')
20			ldap.set_option(ldap.OPT_X_TLS_REQUIRE_CERT, ldap.OPT_X_TLS_DEMAND)
21
22			def _user(user):
23			return 'uid=%s,ou=People,%s' % (user, BASE)
24
25			def ldap_connection():
26			connection = ldap.initialize('ldaps://' + MASTER)
27
28			with open('/ccs/etc/secret', 'rb') as secret:
29			connection.simple_bind_s(_user('root'), secret.read())
30
31			return connection
32
33	douglas	591	def master():
34	douglas	592	return common.HOST == MASTER
35	douglas	591
36	douglas	593	def run(errors):
37			if errors:
38			for host, error in errors.iteritems():
39			sys.stderr.write('%s: %s\n' % (host, error))
40	douglas	592
41			sys.exit(1)
42
43	douglas	593	def error(error):
44			sys.exit('%s: %s' % (sys.argv[0], error))
45
46	douglas	592	def eof():
47			print
48
49			sys.exit(130)
50
51			def chfn(user, name):
52			connection = ldap_connection()
53
54			connection.modify_s(_user(user), [(ldap.MOD_REPLACE, 'cn', name)])
55			connection.unbind_s()
56
57	douglas	591	def chsh(user, shell, shells):
58			if shell != 'custom':
59			shells = dict(common.SHELLS)[shell]
60			else:
61			for _shell, _shells in common.SHELLS[:-1]:
62			if shells == _shells:
63			shell = _shell
64
65			connection = ldap_connection()
66
67			connection.modify_s(_user(user), map(lambda (key, value): (ldap.MOD_REPLACE, key, value), [('loginShell', shell)] + zip(SHELLS, shells)))
68			connection.unbind_s()
69
70	douglas	585	def passwd(user, old_password, new_password):
71			import warnings
72
73			with warnings.catch_warnings():
74			warnings.filterwarnings('ignore', 'the sets module is deprecated', DeprecationWarning)
75
76			import MySQLdb
77
78			connection = ldap_connection()
79
80			connection.passwd_s(_user(user), old_password, new_password)
81			connection.unbind_s()
82
83			with open('/ccs/etc/secret', 'rb') as secret:
84			db = MySQLdb.connect(passwd = secret.read(), db = 'mysql')
85
86			cursor = db.cursor()
87
88			cursor.execute('select count(User) from user where User = %s', (user,))
89
90			if cursor.fetchone()[0]:
91			cursor.execute('update user set Password = PASSWORD(%s) where User = %s', (new_password, user))
92			cursor.execute('flush privileges');
93			else:
94			cursor.executemany('grant all on `' + db.escape_string(user) + r'\_%%`.* to %s@%s identified by %s', map(lambda host: (user, host, new_password), ('localhost', '%')))