%s

#!/usr/bin/python import base64 import cgi import ldap import ldap.modlist import crypt import os import random from usermgmt_conf import * def executeCommand(command): try: f=os.popen(command, 'r') try: command_result=f.readlines() finally: f.close() except IOError: command_result="" return command_result def getNextUidGid(my_ldap) : # get system defaults defs = executeCommand('cat /etc/login.defs') for line in defs: if 'UID_MIN' in line : uid_min = int(line.split()[1]) if 'UID_MAX' in line : uid_max = int(line.split()[1]) if 'GID_MIN' in line : gid_min = int(line.split()[1]) if 'GID_MAX' in line : gid_max = int(line.split()[1]) # get used ids lists users = my_ldap.search_s(ldap_base, ldap.SCOPE_SUBTREE, '(objectClass=posixAccount)', ['uidNumber']) uid_list = [int(user[1]['uidNumber'][0]) for user in users] uid_list.sort() new_uid = uid_min groups = my_ldap.search_s('ou=Group, %s' % ldap_base, ldap.SCOPE_SUBTREE, '(objectClass=posixGroup)', ['gidNumber']) gid_list = [int(group[1]['gidNumber'][0]) for group in groups] gid_list.sort() new_gid = gid_min # guess next unused ids def findNextId(id_list, id_min, id_max): new_id = id_min for id in id_list: if (id >= new_id) and (id < id_max) : new_id = id + 1; elif (new_id >= id_max): print 'Maximum ID reached' raise 'Maximum ID reached' else: break return new_id return (findNextId(uid_list, uid_min, uid_max), findNextId(gid_list, gid_min, gid_max)) def generatePassword(clear) : salt_list = 'abcdefghijklmnopqrstuvwxyzABCDEFGHIJKLMNOPQRSTUVWXYZ0123456789./' salt = '$1$' random.seed() for i in range(8) : salt += random.choice(salt_list) salt += '$' return "{CRYPT}%s" % crypt.crypt(clear, salt) def setSambaPassword(user, clear): sudo_list = executeCommand('sudo -l') if not 'smbpasswd' in ' '.join(sudo_list): print 'Error : No rights on "smbpasswd" command, modify your sudo config.' else : executeCommand('sudo -u root /usr/bin/smbpasswd -a %s %s' % (user, clear)) #header print "Content-Type: text/html" print print ''' %s

''' % 'Nexedi-DLS web interface' form = cgi.FieldStorage() action = len(form.getlist('action')) and form.getlist('action')[0] or 'menu' my_ldap = ldap.initialize('ldap://%s/' % ldap_server) my_ldap.bind_s(ldap_dn, ldap_pw, ldap.AUTH_SIMPLE) # debug informations #for key in form.keys(): # print key, form.getlist(key) # Create 'ou=Group' if not present try: search_group_dn = my_ldap.search_s('ou=Group, %s' % ldap_base, ldap.SCOPE_BASE) except ldap.NO_SUCH_OBJECT: group_entry = ldap.modlist.addModlist({'objectClass' : ['organizationalUnit'], 'ou' : ['Group']}) my_ldap.add_s('ou=Group, ' + ldap_base, group_entry) if action == 'user_c' : user_c_ok = len(form.getlist('user_c_ok')) and form.getlist('user_c_ok')[0] or 'no' first_name = len(form.getlist('first_name')) and form.getlist('first_name')[0] or '' last_name = len(form.getlist('last_name')) and form.getlist('last_name')[0] or '' user_name = len(form.getlist('user_name')) and form.getlist('user_name')[0] or '' password1 = len(form.getlist('password1')) and form.getlist('password1')[0] or '' password2 = len(form.getlist('password2')) and form.getlist('password2')[0] or '' server_name = len(form.getlist('server_name')) and form.getlist('server_name')[0] or '' # user creation if (user_c_ok == 'yes') and (not len(first_name) == 0) and (not len(last_name) == 0) and (not len(user_name) == 0) : common_name = "%s %s" % (first_name, last_name) (uid, gid) = getNextUidGid(my_ldap) # look for duplicates or password errors user_cn_ok = 'no'; user_id_ok = 'no'; group_cn_ok = 'no'; passwd_ok = 'no' try : search_user = my_ldap.search_s('cn=%s, %s' % (common_name, ldap_base), ldap.SCOPE_BASE) except ldap.NO_SUCH_OBJECT: user_cn_ok = 'yes' else : print 'Error : A user named "%s" already exists.' % common_name search_user = my_ldap.search_s(ldap_base, ldap.SCOPE_SUBTREE, '(&(objectClass=posixAccount)(uid=%s))' % user_name) if len(search_user) == 0: user_id_ok = 'yes' else: print 'Error : An account named "%s" already exists.' % user_name try : search_group = my_ldap.search_s('cn=%s, ou=Group, %s' % (user_name, ldap_base), ldap.SCOPE_BASE) except ldap.NO_SUCH_OBJECT: group_cn_ok = 'yes' else : print 'Error : A group named "%s" already exists.' % user_name if password1 == password2: passwd_ok = 'yes' else : print 'Error : Passwords mismatch.' if (user_cn_ok == 'yes') and (user_id_ok == 'yes') and (group_cn_ok == 'yes') and (passwd_ok == 'yes'): user_dict = {'objectClass' : ['inetOrgPerson', 'posixAccount', 'shadowAccount'], 'cn' : [common_name], 'sn' : [last_name], 'uid' : [user_name], 'mail' : [user_name + mail_domain], 'userPassword' : [generatePassword(password1)], 'shadowLastChange' : ['12527'], 'shadowMax' : ['99999'], 'shadowWarning' : ['7'], 'loginShell' : ['/bin/bash'], 'uidNumber' : [str(uid)], 'gidNumber' : [str(gid)], 'homeDirectory' : ['/home/%s/%s' % (server_name, user_name)], 'gecos' : [common_name]} user_entry = ldap.modlist.addModlist(user_dict) my_ldap.add_s('cn=%s, %s' % (common_name, ldap_base), user_entry) group_dict = {'objectClass' : ['posixGroup'], 'cn' : [user_name], 'gidNumber' : [str(gid)], 'userPassword' : ['{crypt}x'], 'description' : ['Main group of %s' % common_name]} group_entry = ldap.modlist.addModlist(group_dict) my_ldap.add_s('cn=%s, ou=Group, %s' % (user_name, ldap_base), group_entry) setSambaPassword(user_name, password1) first_name = ''; last_name = ''; user_name = '' elif user_c_ok == 'yes' : print 'Error : Missing Informations' # display user creation form print '''

User creation
First Name
Last Name
Account Name
Password
Retype Password
Home Server
	Back

''' elif action == 'user_d' : print '''

Please select the users you want to delete

''' elif action == 'user_m' : print '''

Please select the user you want to modify

''' elif action == 'user_m_sel' : user_name = len(form.getlist('user_name')) and form.getlist('user_name')[0] or '' user_c_ok = len(form.getlist('user_c_ok')) and form.getlist('user_c_ok')[0] or '' password1 = len(form.getlist('password1')) and form.getlist('password1')[0] or '' password2 = len(form.getlist('password2')) and form.getlist('password2')[0] or '' user_e = my_ldap.search_s(user_name, ldap.SCOPE_BASE) old_dict = user_e[0][1] new_dict = old_dict.copy() if not password1 == password2 : print 'Error : Passwords mismatch.' elif not len(password1) == 0 : new_dict['userPassword'] = generatePassword(password1) ldap_modification = ldap.modlist.modifyModlist(old_dict, new_dict) my_ldap.modify_s(user_e[0][0], ldap_modification) setSambaPassword(user_e[0][1]['uid'][0], password1) print '''

User modification : %s
Full Name	%s
Account Name	%s
Password
Retype Password
	Back

''' % (user_name, user_e[0][1]['cn'][0], user_e[0][1]['cn'][0], user_e[0][1]['uid'][0]) elif action == 'group_c' : group_c_ok = len(form.getlist('group_c_ok')) and form.getlist('group_c_ok')[0] or 'no' group_name = len(form.getlist('group_name')) and form.getlist('group_name')[0] or '' group_desc = len(form.getlist('group_desc')) and form.getlist('group_desc')[0] or '' # create group if (group_c_ok == 'yes') and (not len(group_name) == 0) : try : search_group = my_ldap.search_s('cn=%s, ou=Group, %s' % (group_name, ldap_base), ldap.SCOPE_BASE) except ldap.NO_SUCH_OBJECT: group_dict = {'objectClass' : ['posixGroup'], 'cn' : [group_name], 'gidNumber' : [str(getNextUidGid(my_ldap)[1])], 'userPassword' : ['{crypt}x']} if not len(group_desc) == 0 : group_dict['description'] = group_desc group_entry = ldap.modlist.addModlist(group_dict) my_ldap.add_s('cn=%s, ou=Group, %s' % (group_name, ldap_base), group_entry) group_name = '' ; group_desc = '' else : print 'Error : A group named "%s" already exists.' % group_name # display group creation form print '''

Group creation
Group Name
Description
	Back

''' % (group_name, group_desc) elif action == 'group_d' : print '''

Please select the groups you want to delete

''' elif action == 'group_m' : print '''

Please select the group you want to modify

''' elif action == 'group_m_sel' : group_name = len(form.getlist('group_name')) and form.getlist('group_name')[0] or '' group_desc = len(form.getlist('group_desc')) and form.getlist('group_desc')[0] or '' users_add = len(form.getlist('users_add')) and form.getlist('users_add') or [] users_del = len(form.getlist('users_del')) and form.getlist('users_del') or [] modification = len(form.getlist('modification')) and form.getlist('modification')[0] or 'nothing' group_e = my_ldap.search_s('cn=%s, ou=Group, %s' % (group_name, ldap_base), ldap.SCOPE_BASE) old_dict = group_e[0][1] new_dict = old_dict.copy() # if member list is empty, create one if not new_dict.has_key('memberUid') : new_dict['memberUid'] = [] else: # else, make a raw copy new_dict['memberUid'] = old_dict['memberUid'][:] # modify description if modification == 'group_m_desc' : new_dict['description'] = group_desc ldap_modification = ldap.modlist.modifyModlist(old_dict, new_dict) my_ldap.modify_s(group_e[0][0], ldap_modification) # add users ldap_modification = ldap.modlist.modifyModlist(old_dict, new_dict) my_ldap.modify_s(group_e[0][0], ldap_modification) # add users elif modification == 'group_m_add' : for user in users_add : if not user in new_dict['memberUid']: new_dict['memberUid'].append(user) ldap_modification = ldap.modlist.modifyModlist(old_dict, new_dict) my_ldap.modify_s(group_e[0][0], ldap_modification) # remove users elif modification == 'group_m_del' : for user in users_del : if user in new_dict['memberUid']: new_dict['memberUid'].remove(user) ldap_modification = ldap.modlist.modifyModlist(old_dict, new_dict) my_ldap.modify_s(group_e[0][0], ldap_modification) users = my_ldap.search_s(ldap_base, ldap.SCOPE_SUBTREE, '(objectClass=posixAccount)') group_e = my_ldap.search_s('cn=%s, ou=Group, %s' % (group_name, ldap_base), ldap.SCOPE_BASE) #generate users lists users_in = [] users_out = [] owner = '' for user in users : if user[1]['gidNumber'][0] == group_e[0][1]['gidNumber'][0] : owner = user[1]['cn'][0] elif group_e[0][1].has_key('memberUid') and user[1]['uid'][0] in group_e[0][1]['memberUid'] : users_in.append(user) else: users_out.append(user) # set description value if group_e[0][1].has_key('description') : group_desc = group_e[0][1]['description'][0] else: group_desc = '' # group modification form group_id = group_name if not len(owner) == 0 : group_id += ' (owner is %s)' % owner print '''

Group modification : %s
Description
Users currently in group
Users not in group

''' elif action == 'delete_confirm' : elements = len(form.getlist('del_elmts')) and form.getlist('del_elmts') or [] print '''''' print '''

Please confirm deletion of elements
''' if len(elements) == 0: print 'Nothing to delete, please go back to menu.' else: print ' ' for e in elements: # if element is the main group for some users, it won't be deleted e_entry = my_ldap.search_s(e, ldap.SCOPE_BASE) if 'posixGroup' in e_entry[0][1]['objectClass'] : users_of_group = my_ldap.search_s(ldap_base, ldap.SCOPE_SUBTREE, '(&(objectClass=posixAccount)(gidNumber=%s))' % e_entry[0][1]['gidNumber'][0]) list_user = ', '.join([user[1]['cn'][0] for user in users_of_group]) if not len(users_of_group) == 0 : print ''' %s is the main group of "%s" and it can't be deleted. ''' % (ldap.dn2ufn(e), list_user) else : print ' %s will be deleted. ' % (ldap.dn2ufn(e), e) else: print ' %s will be deleted. ' % (ldap.dn2ufn(e), e) print ' ' print '''
	Don't delete

Please confirm deletion of elements

''' if len(elements) == 0: print 'Nothing to delete, please go back to menu.' else: print '

%s is the main group of "%s" and it can't be deleted.
%s will be deleted.

%s will be deleted.

' print '''

Don't delete

''' elif action == 'delete_ok' : elements = len(form.getlist('del_elmts')) and form.getlist('del_elmts') or [] for e in elements: # if element is an user, delete it from groups first e_entry = my_ldap.search_s(e, ldap.SCOPE_BASE) if 'posixAccount' in e_entry[0][1]['objectClass'] : e_in_groups = my_ldap.search_s('ou=Group, %s' % ldap_base, ldap.SCOPE_ONELEVEL, '(memberUid=%s)' % e) for group in e_in_groups : old_dict = group[1] new_dict = old_dict.copy() # make a raw copy instead of a reference, to allow diff between old and new member_list = new_dict['memberUid'][:] member_list.remove(e) new_dict['memberUid'] = member_list group_modification = ldap.modlist.modifyModlist(old_dict, new_dict) my_ldap.modify_s(group[0], group_modification) my_ldap.delete_s(e) print '''

Deletion Status
Elements deleted, please go back to menu.

''' else : # action == 'menu' print '''

Please select your task
Create a new user	Modify an user	Delete users
Create a new group	Modify a group	Delete groups
Modify network settings

''' my_ldap.unbind_s() #footer print '''

'''