[enh] add commands to allow user to have access in ssh

2024-09-03 20:06:10 +02:00 · 2018-01-04 22:04:15 +01:00 · 2018-01-04 22:04:15 +01:00 · ab282e88a7
commit ab282e88a7
parent 542528ab05
2 changed files with 80 additions and 0 deletions
--- a/data/actionsmap/yunohost.yml
+++ b/data/actionsmap/yunohost.yml
@ -203,6 +203,30 @@ user:
                    extra:
                        pattern: *pattern_mailbox_quota

+        ### ssh_user_enable_ssh()
+        allow-ssh:
+            action_help: Allow the user to uses ssh
+            api: POST /ssh/user/enable-ssh
+            configuration:
+                authenticate: all
+            arguments:
+                username:
+                    help: Username of the user
+                    extra:
+                        pattern: *pattern_username
+
+        ### ssh_user_disable_ssh()
+        disallow-ssh:
+            action_help: Disallow the user to uses ssh
+            api: POST /ssh/user/disable-ssh
+            configuration:
+                authenticate: all
+            arguments:
+                username:
+                    help: Username of the user
+                    extra:
+                        pattern: *pattern_username
+
        ### user_info()
        info:
            action_help: Get user information
--- a/src/yunohost/user.py
+++ b/src/yunohost/user.py
@ -25,6 +25,7 @@
 """
 import os
 import re
+import pwd
 import json
 import errno
 import crypt
@ -435,6 +436,36 @@ def user_info(auth, username):
        raise MoulinetteError(167, m18n.n('user_info_failed'))


+def user_allow_ssh(auth, username):
+    """
+    Allow YunoHost user connect as ssh.
+
+    Keyword argument:
+        username -- User username
+    """
+    # TODO it would be good to support different kind of shells
+
+    if not _get_user_for_ssh(auth, username):
+        raise MoulinetteError(errno.EINVAL, m18n.n('user_unknown', user=username))
+
+    auth.update('uid=%s,ou=users' % username, {'loginShell': '/bin/bash'})
+
+
+def user_disallow_ssh(auth, username):
+    """
+    Disallow YunoHost user connect as ssh.
+
+    Keyword argument:
+        username -- User username
+    """
+    # TODO it would be good to support different kind of shells
+
+    if not _get_user_for_ssh(auth, username) :
+        raise MoulinetteError(errno.EINVAL, m18n.n('user_unknown', user=username))
+
+    auth.update('uid=%s,ou=users' % username, {'loginShell': '/bin/false'})
+
+
 def _convertSize(num, suffix=''):
    for unit in ['K', 'M', 'G', 'T', 'P', 'E', 'Z']:
        if abs(num) < 1024.0:
@ -470,3 +501,28 @@ def _hash_user_password(password):

    salt = '$6$' + salt + '$'
    return '{CRYPT}' + crypt.crypt(str(password), salt)
+
+
+def _get_user_for_ssh(auth, username, attrs=None):
+    if username == "admin":
+        admin_unix = pwd.getpwnam("admin")
+        return {
+            'username': 'admin',
+            'fullname': '',
+            'mail': '',
+            'ssh_allowed': admin_unix.pw_shell.strip() != "/bin/false",
+            'shell': admin_unix.pw_shell,
+            'home_path': admin_unix.pw_dir,
+        }
+
+    # TODO escape input using https://www.python-ldap.org/doc/html/ldap-filter.html
+    user = auth.search('ou=users,dc=yunohost,dc=org',
+                       '(&(objectclass=person)(uid=%s))' % username,
+                       attrs)
+
+    assert len(user) in (0, 1)
+
+    if not user:
+        return None
+
+    return user[0]