X-Git-Url: https://git.decadent.org.uk/gitweb/?p=dak.git;a=blobdiff_plain;f=dak%2Fadd_user.py;h=3528b632f6e0d252c79bdf1efac21299c97eb2b0;hp=f658272acdb72f279c7b96038045e2695e030dab;hb=519c1dbf89c13557afc15a429164616ac563d379;hpb=2414a602d5fa94e952f716448ed963de1d129cb0 diff --git a/dak/add_user.py b/dak/add_user.py index f658272a..3528b632 100755 --- a/dak/add_user.py +++ b/dak/add_user.py @@ -22,8 +22,8 @@ import sys import apt_pkg from daklib import utils -from daklib.dbconn import DBConn, get_or_set_uid -from daklib.regexes import re_gpg_fingerprint, re_user_address, re_user_mails, re_user_name +from daklib.dbconn import DBConn, get_or_set_uid, get_active_keyring_paths +from daklib.regexes import re_gpg_fingerprint_colon, re_user_address, re_user_mails, re_user_name ################################################################################ @@ -38,65 +38,9 @@ Adds a new user to the dak databases and keyrings -k, --key keyid of the User -u, --user userid of the User - -c, --create create a system account for the user -h, --help show this help and exit.""" sys.exit(exit_code) -################################################################################ -# Stolen from userdir-ldap -# Compute a random password using /dev/urandom. -def GenPass(): - # Generate a 10 character random string - SaltVals = "abcdefghijklmnopqrstuvwxyzABCDEFGHIJKLMNOPQRSTUVWXYZ/." - Rand = open("/dev/urandom") - Password = "" - for i in range(0,15): - Password = Password + SaltVals[ord(Rand.read(1)[0]) % len(SaltVals)] - return Password - -# Compute the MD5 crypted version of the given password -def HashPass(Password): - import crypt - # Hash it telling glibc to use the MD5 algorithm - if you dont have - # glibc then just change Salt = "$1$" to Salt = "" - SaltVals = "abcdefghijklmnopqrstuvwxyzABCDEFGHIJKLMNOPQRSTUVWXYZ0123456789/." - Salt = "$1$" - Rand = open("/dev/urandom") - for x in range(0,10): - Salt = Salt + SaltVals[ord(Rand.read(1)[0]) % len(SaltVals)] - Pass = crypt.crypt(Password,Salt) - if len(Pass) < 14: - raise "Password Error", "MD5 password hashing failed, not changing the password!" - return Pass - -################################################################################ - -def createMail(login, passwd, keyid, keyring): - import GnuPGInterface - - message= """ - -Additionally there is now an account created for you. - -""" - message+= "\nYour password for the login %s is: %s\n" % (login, passwd) - - gnupg = GnuPGInterface.GnuPG() - gnupg.options.armor = 1 - gnupg.options.meta_interactive = 0 - gnupg.options.extra_args.append("--no-default-keyring") - gnupg.options.extra_args.append("--always-trust") - gnupg.options.extra_args.append("--no-secmem-warning") - gnupg.options.extra_args.append("--keyring=%s" % keyring) - gnupg.options.recipients = [keyid] - proc = gnupg.run(['--encrypt'], create_fhs=['stdin', 'stdout']) - proc.handles['stdin'].write(message) - proc.handles['stdin'].close() - output = proc.handles['stdout'].read() - proc.handles['stdout'].close() - proc.wait() - return output - ################################################################################ def main(): @@ -106,37 +50,30 @@ def main(): Cnf = utils.get_conf() Arguments = [('h',"help","Add-User::Options::Help"), - ('c',"create","Add-User::Options::Create"), ('k',"key","Add-User::Options::Key", "HasArg"), ('u',"user","Add-User::Options::User", "HasArg"), ] - for i in [ "help", "create" ]: + for i in [ "help" ]: if not Cnf.has_key("Add-User::Options::%s" % (i)): Cnf["Add-User::Options::%s" % (i)] = "" - apt_pkg.ParseCommandLine(Cnf, Arguments, sys.argv) + apt_pkg.parse_commandline(Cnf, Arguments, sys.argv) - Options = Cnf.SubTree("Add-User::Options") + Options = Cnf.subtree("Add-User::Options") if Options["help"]: usage() session = DBConn().session() if not keyrings: - keyrings = Cnf.ValueList("Dinstall::GPGKeyring") - -# Ignore the PGP keyring for download of new keys. Ignore errors, if key is missing it will -# barf with the next commands. - cmd = "gpg --no-secmem-warning --no-default-keyring %s --recv-keys %s" \ - % (utils.gpg_keyring_args(keyrings), Cnf["Add-User::Options::Key"]) - (result, output) = commands.getstatusoutput(cmd) + keyrings = get_active_keyring_paths() cmd = "gpg --with-colons --no-secmem-warning --no-auto-check-trustdb --no-default-keyring %s --with-fingerprint --list-key %s" \ % (utils.gpg_keyring_args(keyrings), Cnf["Add-User::Options::Key"]) (result, output) = commands.getstatusoutput(cmd) - m = re_gpg_fingerprint.search(output) + m = re_gpg_fingerprint_colon.search(output) if not m: print output utils.fubar("0x%s: (1) No fingerprint found in gpg output but it returned 0?\n%s" \ @@ -167,7 +104,6 @@ def main(): continue emails.append(e.group(2)) - print "0x%s -> %s <%s> -> %s -> %s" % (Cnf["Add-User::Options::Key"], name, emails[0], uid, primary_key) prompt = "Add user %s with above data (y/N) ? " % (uid) @@ -176,23 +112,6 @@ def main(): if yn == "y": # Create an account for the user? summary = "" - if Cnf.FindB("Add-User::CreateAccount") or Cnf["Add-User::Options::Create"]: - password = GenPass() - pwcrypt = HashPass(password) - if Cnf.has_key("Add-User::GID"): - cmd = "sudo /usr/sbin/useradd -g users -m -p '%s' -c '%s' -G %s %s" \ - % (pwcrypt, name, Cnf["Add-User::GID"], uid) - else: - cmd = "sudo /usr/sbin/useradd -g users -m -p '%s' -c '%s' %s" \ - % (pwcrypt, name, uid) - (result, output) = commands.getstatusoutput(cmd) - if (result != 0): - utils.fubar("Invocation of '%s' failed:\n%s\n" % (cmd, output), result) - try: - summary+=createMail(uid, password, Cnf["Add-User::Options::Key"], Cnf["Dinstall::GPGKeyring"]) - except: - summary="" - utils.warn("Could not prepare password information for mail, not sending password.") # Now add user to the database. # Note that we provide a session, so we're responsible for committing @@ -200,14 +119,6 @@ def main(): uid_id = uidobj.uid_id session.commit() - # The following two are kicked out in rhona, so we don't set them. kelly adds - # them as soon as she installs a package with unknown ones, so no problems to expect here. - # Just leave the comment in, to not think about "Why the hell aren't they added" in - # a year, if we ever touch uma again. - # maint_id = database.get_or_set_maintainer_id(name) - # session.execute("INSERT INTO fingerprint (fingerprint, uid) VALUES (:fingerprint, uid)", - # {'fingerprint': primary_key, 'uid': uid_id}) - # Lets add user to the email-whitelist file if its configured. if Cnf.has_key("Dinstall::MailWhiteList") and Cnf["Dinstall::MailWhiteList"] != "": f = utils.open_file(Cnf["Dinstall::MailWhiteList"], "a") @@ -219,7 +130,7 @@ def main(): name, primary_key) # Should we send mail to the newly added user? - if Cnf.FindB("Add-User::SendEmail"): + if Cnf.find_b("Add-User::SendEmail"): mail = name + "<" + emails[0] +">" Subst = {} Subst["__NEW_MAINTAINER__"] = mail @@ -227,7 +138,9 @@ def main(): Subst["__KEYID__"] = Cnf["Add-User::Options::Key"] Subst["__PRIMARY_KEY__"] = primary_key Subst["__FROM_ADDRESS__"] = Cnf["Dinstall::MyEmailAddress"] + Subst["__ADMIN_ADDRESS__"] = Cnf["Dinstall::MyAdminAddress"] Subst["__HOSTNAME__"] = Cnf["Dinstall::MyHost"] + Subst["__DISTRO__"] = Cnf["Dinstall::MyDistribution"] Subst["__SUMMARY__"] = summary new_add_message = utils.TemplateSubst(Subst,Cnf["Dir::Templates"]+"/add-user.added") utils.send_mail(new_add_message)