Redbrick User management tool
You can not select more than 25 topics Topics must start with a letter or number, can include dashes ('-') and can be up to 35 characters long.

190 lines
5.5 KiB

  1. #! /usr/bin/env python
  2. # --------------------------------------------------------------------------- #
  3. # MODULE DESCRIPTION #
  4. # --------------------------------------------------------------------------- #
  5. """Rebuild userdb reserved table.
  6. Dynamic reserved entries are comprised of email aliases, mailing list names
  7. and DNS entries for all zones RedBrick is authorative for.
  8. """
  9. # System modules
  10. import getopt
  11. import os
  12. import re
  13. from rbuserdb import *
  14. # --------------------------------------------------------------------------- #
  15. # DATA #
  16. # --------------------------------------------------------------------------- #
  17. __version__ = "$Revision: 1.5 $"
  18. __author__ = "Cillian Sharkey"
  19. # Dictionary of (name, description) pairs to add.
  20. entries = {}
  21. ldap_users = {}
  22. # --------------------------------------------------------------------------- #
  23. # MAIN #
  24. # --------------------------------------------------------------------------- #
  25. def add_entry(name, desc):
  26. """Aggregate descriptions for multiple entries."""
  27. if name in ldap_users:
  28. return
  29. if name in entries:
  30. entries[name] += ', ' + desc
  31. else:
  32. entries[name] = desc
  33. def main():
  34. """Program entry function."""
  35. udb = RBUserDB()
  36. udb.connect()
  37. opt = RBOpt()
  38. opts, args = getopt.getopt(sys.argv[1:], 'T')
  39. for o, a in opts:
  40. if o == '-T':
  41. opt.test = 1
  42. udb.setopt(opt)
  43. print('userdb/reserved:', end=' ')
  44. # Gather new entries.
  45. #
  46. print('Gather', end=' ')
  47. # Get copy of all LDAP user, group and reserved entries in one go to
  48. # speedup queries later on.
  49. #
  50. global ldap_users
  51. for i in udb.list_users():
  52. ldap_users[i] = 1
  53. ldap_groups = {}
  54. for i in udb.list_groups():
  55. ldap_groups[i] = 1
  56. ldap_reserveds = udb.dict_reserved_desc()
  57. ldap_reserveds_static = udb.dict_reserved_static()
  58. # Email aliases.
  59. #
  60. re_alias = re.compile(r'^\s*([^#]{1,%d}):' % rbconfig.maxlen_uname)
  61. for file, desc in rbconfig.files_alias:
  62. fd = open(file, 'r')
  63. for line in fd.readlines():
  64. res = re_alias.search(line)
  65. if res:
  66. add_entry(res.group(1).lower(), desc)
  67. fd.close()
  68. # DNS entries.
  69. #
  70. dns_entries = {}
  71. for zone in rbconfig.dns_zones:
  72. fd = os.popen('dig @136.206.15.53 %s -t axfr' % zone)
  73. re_dns = re.compile(r'^([^#;]*\.)?([^#;]{1,%d})\.%s.\s+\d+\s+IN' %
  74. (rbconfig.maxlen_uname, zone))
  75. for line in fd.readlines():
  76. res = re_dns.search(line)
  77. if res:
  78. name = res.group(2).lower()
  79. if name in dns_entries:
  80. continue
  81. dns_entries[name] = 1
  82. add_entry(name, 'DNS entry')
  83. fd.close()
  84. # Do host files.
  85. #
  86. re_host = re.compile(r'^[^#\s]+\s+([^#]+)')
  87. re_hostent = re.compile(r'\s+')
  88. for file, host in rbconfig.files_host:
  89. fd = open(file)
  90. for line in fd.readlines():
  91. res = re_host.search(line.lower())
  92. if not res:
  93. continue
  94. for name in res.group(1).split():
  95. if name and '.' not in name and len(
  96. name
  97. ) <= rbconfig.maxlen_uname and name not in dns_entries:
  98. dns_entries[name] = 1
  99. add_entry(name, '%s Host entry' % host)
  100. # Do Unix group files.
  101. #
  102. for file, host in rbconfig.files_group:
  103. fd = open(file)
  104. for line in fd.readlines():
  105. grp = line.split(':')[0].lower()
  106. if len(grp) <= rbconfig.maxlen_uname and grp not in ldap_groups:
  107. add_entry(grp, '%s Unix group' % host)
  108. print('[%d].' % len(list(entries.keys())), end=' ')
  109. # Delete any dynamic entries in LDAP reserved tree that are not in the
  110. # list we built i.e. unused.
  111. #
  112. print('Purge', end=' ')
  113. purge_dn = []
  114. res = udb.list_reserved_dynamic()
  115. for uid in res:
  116. if uid not in entries:
  117. purge_dn.append('uid=%s,%s' % (uid, rbconfig.ldap_reserved_tree))
  118. for i in purge_dn:
  119. if not opt.test:
  120. udb.ldap.delete_s(i)
  121. else:
  122. print('delete', i)
  123. print('[%d]' % len(purge_dn), end=' ')
  124. # Now add/update entries.
  125. #
  126. print('Populate.', end=' ')
  127. total_mods = total_adds = 0
  128. for k, v in list(entries.items()):
  129. if k in ldap_reserveds:
  130. if k not in ldap_reserveds_static and v != ldap_reserveds[k]:
  131. if not opt.test:
  132. udb.ldap.modify_s('uid=%s,%s' %
  133. (k, rbconfig.ldap_reserved_tree),
  134. ((ldap.MOD_REPLACE, 'description', v), ))
  135. else:
  136. print('modify %-8s [%s] [%s]' % (k, v, ldap_reserveds[k]))
  137. total_mods += 1
  138. else:
  139. if not opt.test:
  140. udb.ldap.add_s('uid=%s,%s' % (k, rbconfig.ldap_reserved_tree),
  141. (('uid', k), ('description', v),
  142. ('objectClass', ('reserved', 'top'))))
  143. else:
  144. print('add %-8s [%s]' % (k, v))
  145. total_adds += 1
  146. print('Done [%d adds, %d mods]' % (total_adds, total_mods))
  147. udb.close()
  148. if __name__ == "__main__":
  149. main()