2012-10-06 17:10:19 +02:00
|
|
|
# -*- coding: utf-8 -*-
|
|
|
|
|
2012-10-08 18:16:43 +02:00
|
|
|
import os
|
2012-10-07 17:57:57 +02:00
|
|
|
import sys
|
2012-10-06 17:57:08 +02:00
|
|
|
import ldap
|
2012-10-07 23:51:40 +02:00
|
|
|
import crypt
|
|
|
|
import random
|
|
|
|
import string
|
2012-10-07 17:57:57 +02:00
|
|
|
import getpass
|
2012-10-26 15:26:50 +02:00
|
|
|
from yunohost import YunoHostError, win_msg, colorize, validate, get_required_args
|
2012-10-07 16:20:20 +02:00
|
|
|
|
2012-10-28 17:27:47 +01:00
|
|
|
def user_list(args, connections):
|
|
|
|
"""
|
|
|
|
List YunoHost users from LDAP
|
|
|
|
|
|
|
|
Keyword argument:
|
|
|
|
args -- Dictionnary of values (can be empty)
|
|
|
|
connections -- LDAP connection
|
|
|
|
|
|
|
|
Returns:
|
|
|
|
Dict
|
|
|
|
"""
|
|
|
|
yldap = connections['ldap']
|
2012-10-29 15:49:09 +01:00
|
|
|
user_attrs = ['uid', 'mail', 'cn', 'mailalias']
|
2012-10-28 17:27:47 +01:00
|
|
|
attrs = []
|
|
|
|
result_dict = {}
|
|
|
|
if args['offset']: offset = int(args['offset'])
|
|
|
|
else: offset = 0
|
|
|
|
if args['limit']: limit = int(args['limit'])
|
|
|
|
else: limit = 1000
|
|
|
|
if args['filter']: filter = args['filter']
|
|
|
|
else: filter = 'uid=*'
|
|
|
|
if args['fields']:
|
|
|
|
for attr in args['fields']:
|
|
|
|
if attr in user_attrs:
|
|
|
|
attrs.append(attr)
|
|
|
|
continue
|
|
|
|
else:
|
|
|
|
raise YunoHostError(22, _("Invalid field : ") + attr)
|
|
|
|
else:
|
|
|
|
attrs = user_attrs
|
|
|
|
|
|
|
|
result = yldap.search('ou=users,dc=yunohost,dc=org', filter, attrs)
|
|
|
|
|
2012-10-29 13:02:55 +01:00
|
|
|
if result and len(result) > (0 + offset) and limit > 0:
|
2012-10-28 17:27:47 +01:00
|
|
|
i = 0 + offset
|
2012-10-29 15:49:09 +01:00
|
|
|
for user in result[i:]:
|
|
|
|
if i < limit:
|
|
|
|
entry = {
|
|
|
|
'Username': user['uid'],
|
|
|
|
'Fullname': user['cn'],
|
|
|
|
'Mail': user['mail'][0]
|
|
|
|
}
|
|
|
|
if len(user['mail']) > 1:
|
|
|
|
entry['Mail Forward'] = user['mail'][1:]
|
|
|
|
if 'mailalias' in user:
|
|
|
|
entry['Mail Aliases'] = user['mailalias']
|
|
|
|
|
|
|
|
result_dict[str(i)] = entry
|
|
|
|
i += 1
|
2012-10-28 17:27:47 +01:00
|
|
|
else:
|
2012-10-29 13:02:55 +01:00
|
|
|
raise YunoHostError(167, _("No user found"))
|
2012-10-28 17:27:47 +01:00
|
|
|
|
|
|
|
return result_dict
|
2012-10-07 17:57:57 +02:00
|
|
|
|
|
|
|
|
2012-10-12 19:00:41 +02:00
|
|
|
def user_create(args, connections):
|
2012-10-07 23:51:40 +02:00
|
|
|
"""
|
|
|
|
Add user to LDAP
|
|
|
|
|
|
|
|
Keyword argument:
|
|
|
|
args -- Dictionnary of values (can be empty)
|
2012-10-29 12:35:29 +01:00
|
|
|
connections -- LDAP connections
|
2012-10-07 23:51:40 +02:00
|
|
|
|
|
|
|
Returns:
|
2012-10-28 17:27:47 +01:00
|
|
|
Dict
|
2012-10-07 23:51:40 +02:00
|
|
|
"""
|
2012-10-12 19:00:41 +02:00
|
|
|
yldap = connections['ldap']
|
2012-10-26 15:26:50 +02:00
|
|
|
args = get_required_args(args, {
|
|
|
|
'username': _('Username'),
|
|
|
|
'mail': _('Mail address'),
|
|
|
|
'firstname': _('Firstname'),
|
|
|
|
'lastname': _('Lastname'),
|
|
|
|
'password': _('Password')
|
|
|
|
}, True)
|
2012-10-07 23:51:40 +02:00
|
|
|
|
2012-10-25 19:48:14 +02:00
|
|
|
# Validate password length
|
|
|
|
if len(args['password']) < 4:
|
|
|
|
raise YunoHostError(22, _("Password is too short"))
|
|
|
|
|
|
|
|
# Validate other values TODO: validate all values
|
|
|
|
validate({
|
|
|
|
args['username'] : r'^[a-z0-9_]+$',
|
|
|
|
args['mail'] : r'^[\w.-]+@[\w.-]+\.[a-zA-Z]{2,6}$',
|
|
|
|
})
|
|
|
|
|
|
|
|
yldap.validate_uniqueness({
|
|
|
|
'uid' : args['username'],
|
|
|
|
'mail' : args['mail'],
|
|
|
|
'mailalias' : args['mail']
|
|
|
|
})
|
|
|
|
|
|
|
|
# Check if unix user already exists (doesn't work)
|
|
|
|
#if not os.system("getent passwd " + args['username']):
|
|
|
|
# raise YunoHostError(17, _("Username not available"))
|
|
|
|
|
|
|
|
#TODO: check if mail belongs to a domain
|
|
|
|
|
2012-10-24 17:30:28 +02:00
|
|
|
# Get random UID/GID
|
|
|
|
uid_check = gid_check = 0
|
|
|
|
while uid_check == 0 and gid_check == 0:
|
|
|
|
uid = str(random.randint(200, 99999))
|
|
|
|
uid_check = os.system("getent passwd " + uid)
|
|
|
|
gid_check = os.system("getent group " + uid)
|
|
|
|
|
2012-10-25 19:48:14 +02:00
|
|
|
# Adapt values for LDAP
|
2012-10-07 23:51:40 +02:00
|
|
|
fullname = args['firstname'] + ' ' + args['lastname']
|
2012-10-24 18:36:23 +02:00
|
|
|
rdn = 'uid=' + args['username'] + ',ou=users'
|
2012-10-07 23:51:40 +02:00
|
|
|
char_set = string.ascii_uppercase + string.digits
|
|
|
|
salt = ''.join(random.sample(char_set,8))
|
|
|
|
salt = '$1$' + salt + '$'
|
2012-10-08 18:16:43 +02:00
|
|
|
pwd = '{CRYPT}' + crypt.crypt(str(args['password']), salt)
|
2012-10-07 23:51:40 +02:00
|
|
|
attr_dict = {
|
2012-10-24 17:30:28 +02:00
|
|
|
'objectClass' : ['mailAccount', 'inetOrgPerson', 'posixAccount'],
|
2012-10-07 23:51:40 +02:00
|
|
|
'givenName' : args['firstname'],
|
|
|
|
'sn' : args['lastname'],
|
|
|
|
'displayName' : fullname,
|
|
|
|
'cn' : fullname,
|
|
|
|
'uid' : args['username'],
|
|
|
|
'mail' : args['mail'],
|
2012-10-24 17:30:28 +02:00
|
|
|
'userPassword' : pwd,
|
|
|
|
'gidNumber' : uid,
|
|
|
|
'uidNumber' : uid,
|
|
|
|
'homeDirectory' : '/home/' + args['username'],
|
2012-10-28 15:24:10 +01:00
|
|
|
'loginShell' : '/bin/false'
|
2012-10-07 23:51:40 +02:00
|
|
|
}
|
2012-10-07 17:57:57 +02:00
|
|
|
|
2012-10-07 23:51:40 +02:00
|
|
|
if yldap.add(rdn, attr_dict):
|
2012-10-24 17:30:28 +02:00
|
|
|
# Create user /home directory by switching user
|
2012-10-24 18:36:23 +02:00
|
|
|
os.system("su - " + args['username'] + " -c ''")
|
2012-10-14 21:48:16 +02:00
|
|
|
#TODO: Send a welcome mail to user
|
2012-10-24 17:30:28 +02:00
|
|
|
win_msg(_("User successfully created"))
|
2012-10-10 20:53:42 +02:00
|
|
|
return { _("Fullname") : fullname, _("Username") : args['username'], _("Mail") : args['mail'] }
|
2012-10-07 23:51:40 +02:00
|
|
|
else:
|
2012-10-24 18:36:23 +02:00
|
|
|
raise YunoHostError(169, _("An error occured during user creation"))
|
2012-10-29 12:35:29 +01:00
|
|
|
|
|
|
|
|
|
|
|
def user_delete(args, connections):
|
|
|
|
"""
|
|
|
|
Remove user from LDAP
|
|
|
|
|
|
|
|
Keyword argument:
|
|
|
|
args -- Dictionnary of values (can be empty)
|
|
|
|
connections -- LDAP connection
|
|
|
|
|
|
|
|
Returns:
|
|
|
|
Dict
|
|
|
|
"""
|
|
|
|
yldap = connections['ldap']
|
|
|
|
result = { 'Users' : [] }
|
|
|
|
|
2012-10-29 17:47:37 +01:00
|
|
|
args = get_required_args(args, { 'users' : _('User to delete') })
|
2012-10-29 12:35:29 +01:00
|
|
|
if not isinstance(args['users'], list):
|
|
|
|
args['users'] = [ args['users'] ]
|
|
|
|
|
|
|
|
for user in args['users']:
|
|
|
|
validate({ user : r'^[a-z0-9_]+$' })
|
|
|
|
if yldap.remove('uid=' + user+ ',ou=users'):
|
2012-10-29 13:02:55 +01:00
|
|
|
if args['purge']:
|
|
|
|
os.system('rm -rf /home/' + user)
|
2012-10-29 12:35:29 +01:00
|
|
|
result['Users'].append(user)
|
|
|
|
continue
|
|
|
|
else:
|
|
|
|
raise YunoHostError(169, _("An error occured during user deletion"))
|
|
|
|
|
|
|
|
win_msg(_("User(s) successfully deleted"))
|
|
|
|
return result
|
|
|
|
|
2012-10-29 13:02:55 +01:00
|
|
|
|
2012-10-29 15:43:43 +01:00
|
|
|
def user_update(args, connections):
|
|
|
|
"""
|
|
|
|
Update user informations
|
|
|
|
|
|
|
|
Keyword argument:
|
|
|
|
args -- Dictionnary of values
|
|
|
|
connections -- LDAP connection
|
|
|
|
|
|
|
|
Returns:
|
|
|
|
Dict
|
|
|
|
"""
|
|
|
|
yldap = connections['ldap']
|
|
|
|
validate({ args['user'] : r'^[a-z0-9_]+$' })
|
|
|
|
attrs_to_fetch = ['givenName', 'sn', 'mail', 'mailAlias']
|
|
|
|
new_attr_dict = {}
|
|
|
|
|
|
|
|
# Populate user informations
|
|
|
|
result = yldap.search(base='ou=users,dc=yunohost,dc=org', filter='uid=' + args['user'], attrs=attrs_to_fetch)
|
|
|
|
if not result:
|
|
|
|
raise YunoHostError(167, _("No user found"))
|
|
|
|
user = result[0]
|
|
|
|
|
|
|
|
# Get modifications from arguments
|
|
|
|
if args['firstname']:
|
|
|
|
new_attr_dict['givenName'] = args['firstname'] # TODO: Validate
|
|
|
|
new_attr_dict['cn'] = new_attr_dict['displayName'] = args['firstname'] + ' ' + user['sn'][0]
|
|
|
|
|
|
|
|
if args['lastname']:
|
|
|
|
new_attr_dict['sn'] = args['lastname'] # TODO: Validate
|
|
|
|
new_attr_dict['cn'] = new_attr_dict['displayName'] = user['givenName'][0] + ' ' + args['lastname']
|
|
|
|
|
|
|
|
if args['lastname'] and args['firstname']:
|
|
|
|
new_attr_dict['cn'] = new_attr_dict['displayName'] = args['firstname'] + ' ' + args['lastname']
|
|
|
|
|
|
|
|
if args['change_password']:
|
|
|
|
char_set = string.ascii_uppercase + string.digits
|
|
|
|
salt = ''.join(random.sample(char_set,8))
|
|
|
|
salt = '$1$' + salt + '$'
|
|
|
|
new_attr_dict['userPassword'] = '{CRYPT}' + crypt.crypt(str(args['change_password']), salt)
|
|
|
|
|
|
|
|
if args['mail']:
|
|
|
|
validate({ args['mail'] : r'^[\w.-]+@[\w.-]+\.[a-zA-Z]{2,6}$' })
|
|
|
|
yldap.validate_uniqueness({
|
|
|
|
'mail' : args['mail'],
|
|
|
|
'mailalias' : args['mail']
|
|
|
|
})
|
|
|
|
del user['mail'][0]
|
|
|
|
new_attr_dict['mail'] = [args['mail']] + user['mail']
|
|
|
|
|
|
|
|
if args['add_mailforward']:
|
|
|
|
if not isinstance(args['add_mailforward'], list):
|
|
|
|
args['add_mailforward'] = [ args['add_mailforward'] ]
|
|
|
|
for mail in args['add_mailforward']:
|
|
|
|
validate({ mail : r'^[\w.-]+@[\w.-]+\.[a-zA-Z]{2,6}$' })
|
|
|
|
yldap.validate_uniqueness({
|
|
|
|
'mail' : mail,
|
|
|
|
'mailalias' : mail
|
|
|
|
})
|
|
|
|
user['mail'].append(mail)
|
|
|
|
new_attr_dict['mail'] = user['mail']
|
|
|
|
|
|
|
|
if args['remove_mailforward']:
|
|
|
|
if not isinstance(args['remove_mailforward'], list):
|
|
|
|
args['remove_mailforward'] = [ args['remove_mailforward'] ]
|
|
|
|
for mail in args['remove_mailforward']:
|
|
|
|
if len(user['mail']) > 1 and mail in user['mail'][1:]:
|
|
|
|
user['mail'].remove(mail)
|
|
|
|
else:
|
|
|
|
raise YunoHostError(22, _("Invalid mail forward : ") + mail)
|
|
|
|
new_attr_dict['mail'] = user['mail']
|
|
|
|
|
|
|
|
if args['add_mailalias']:
|
|
|
|
if not isinstance(args['add_mailalias'], list):
|
|
|
|
args['add_mailalias'] = [ args['add_mailalias'] ]
|
|
|
|
for mail in args['add_mailalias']:
|
|
|
|
validate({ mail : r'^[\w.-]+@[\w.-]+\.[a-zA-Z]{2,6}$' })
|
|
|
|
yldap.validate_uniqueness({
|
|
|
|
'mail' : mail,
|
|
|
|
'mailalias' : mail
|
|
|
|
})
|
|
|
|
if 'mailalias' in user:
|
|
|
|
user['mailalias'].append(mail)
|
|
|
|
else:
|
|
|
|
user['mailalias'] = [ mail ]
|
|
|
|
new_attr_dict['mailalias'] = user['mailalias']
|
|
|
|
|
|
|
|
if args['remove_mailalias']:
|
|
|
|
if not isinstance(args['remove_mailalias'], list):
|
|
|
|
args['remove_mailalias'] = [ args['remove_mailalias'] ]
|
|
|
|
for mail in args['remove_mailalias']:
|
|
|
|
if 'mailalias' in user and mail in user['mailalias']:
|
|
|
|
user['mailalias'].remove(mail)
|
|
|
|
else:
|
|
|
|
raise YunoHostError(22, _("Invalid mail alias : ") + mail)
|
|
|
|
new_attr_dict['mailalias'] = user['mailalias']
|
|
|
|
|
|
|
|
if yldap.update('uid=' + args['user'] + ',ou=users', new_attr_dict):
|
|
|
|
win_msg(_("User successfully updated"))
|
|
|
|
return user_info({ 'user' : args['user'], 'mail' : None }, connections)
|
|
|
|
else:
|
|
|
|
raise YunoHostError(169, _("An error occured during user update"))
|
|
|
|
|
|
|
|
|
|
|
|
|
2012-10-29 13:02:55 +01:00
|
|
|
def user_info(args, connections):
|
|
|
|
"""
|
|
|
|
Fetch user informations from LDAP
|
|
|
|
|
|
|
|
Keyword argument:
|
|
|
|
args -- Dictionnary of values (can be empty)
|
|
|
|
connections -- LDAP connection
|
|
|
|
|
|
|
|
Returns:
|
|
|
|
Dict
|
|
|
|
"""
|
|
|
|
yldap = connections['ldap']
|
2012-10-29 15:43:43 +01:00
|
|
|
user_attrs = ['cn', 'mail', 'uid', 'mailAlias']
|
2012-10-29 13:02:55 +01:00
|
|
|
|
|
|
|
if args['mail']:
|
|
|
|
validate({ args['mail'] : r'^[\w.-]+@[\w.-]+\.[a-zA-Z]{2,6}$' })
|
|
|
|
filter = 'mail=' + args['mail']
|
|
|
|
else:
|
|
|
|
args = get_required_args(args, { 'user' : _("Username") })
|
|
|
|
validate({ args['user'] : r'^[a-z0-9_]+$' })
|
|
|
|
filter = 'uid=' + args['user']
|
|
|
|
|
|
|
|
result = yldap.search('ou=users,dc=yunohost,dc=org', filter, user_attrs)
|
2012-10-29 15:43:43 +01:00
|
|
|
user = result[0]
|
|
|
|
result_dict = {
|
|
|
|
'Username': user['uid'],
|
|
|
|
'Fullname': user['cn'],
|
|
|
|
'Mail': user['mail'][0]
|
|
|
|
}
|
|
|
|
|
|
|
|
if len(user['mail']) > 1:
|
|
|
|
result_dict['Mail Forward'] = user['mail'][1:]
|
|
|
|
|
|
|
|
if 'mailalias' in user:
|
|
|
|
result_dict['Mail Aliases'] = user['mailalias']
|
2012-10-29 13:02:55 +01:00
|
|
|
|
|
|
|
if result:
|
2012-10-29 15:43:43 +01:00
|
|
|
return result_dict
|
2012-10-29 13:02:55 +01:00
|
|
|
else:
|
|
|
|
raise YunoHostError(167, _("No user found"))
|
|
|
|
|