Redbrick User management tool
You can not select more than 25 topics Topics must start with a letter or number, can include dashes ('-') and can be up to 35 characters long.

183 lines
4.6 KiB

  1. #! /usr/bin/env python
  2. #-----------------------------------------------------------------------------#
  3. # MODULE DESCRIPTION #
  4. #-----------------------------------------------------------------------------#
  5. """Rebuild userdb reserved table.
  6. Dynamic reserved entries are comprised of email aliases, mailing list names
  7. and DNS entries for all zones RedBrick is authorative for.
  8. """
  9. # System modules
  10. import getopt
  11. import os
  12. import re
  13. # RedBrick modules
  14. from rbuserdb import *
  15. #-----------------------------------------------------------------------------#
  16. # DATA #
  17. #-----------------------------------------------------------------------------#
  18. __version__ = "$Revision: 1.5 $"
  19. __author__ = "Cillian Sharkey"
  20. # Dictionary of (name, description) pairs to add.
  21. entries = {}
  22. ldap_users = {}
  23. #-----------------------------------------------------------------------------#
  24. # MAIN #
  25. #-----------------------------------------------------------------------------#
  26. def add_entry(name, desc):
  27. """Aggregate descriptions for multiple entries."""
  28. if ldap_users.has_key(name):
  29. return
  30. if entries.has_key(name):
  31. entries[name] += ', ' + desc
  32. else:
  33. entries[name] = desc
  34. def main():
  35. """Program entry function."""
  36. udb = RBUserDB()
  37. udb.connect()
  38. opt = RBOpt()
  39. opts, args = getopt.getopt(sys.argv[1:], 'T')
  40. for o, a in opts:
  41. if o == '-T':
  42. opt.test = 1
  43. udb.setopt(opt)
  44. print 'userdb/reserved:',
  45. # Gather new entries.
  46. #
  47. print 'Gather',
  48. # Get copy of all LDAP user, group and reserved entries in one go to
  49. # speedup queries later on.
  50. #
  51. global ldap_users
  52. for i in udb.list_users():
  53. ldap_users[i] = 1
  54. ldap_groups = {}
  55. for i in udb.list_groups():
  56. ldap_groups[i] = 1
  57. ldap_reserveds = udb.dict_reserved_desc()
  58. ldap_reserveds_static = udb.dict_reserved_static()
  59. # Email aliases.
  60. #
  61. re_alias = re.compile(r'^\s*([^#]{1,%d}):' % rbconfig.maxlen_uname)
  62. for file, desc in rbconfig.files_alias:
  63. fd = open(file, 'r')
  64. for line in fd.readlines():
  65. res = re_alias.search(line)
  66. if res:
  67. add_entry(res.group(1).lower(), desc)
  68. fd.close()
  69. # DNS entries.
  70. #
  71. dns_entries = {}
  72. for zone in rbconfig.dns_zones:
  73. fd = os.popen('dig @136.206.15.53 %s -t axfr' % zone)
  74. re_dns = re.compile(r'^([^#;]*\.)?([^#;]{1,%d})\.%s.\s+\d+\s+IN' % (rbconfig.maxlen_uname, zone))
  75. for line in fd.readlines():
  76. res = re_dns.search(line)
  77. if res:
  78. name = res.group(2).lower()
  79. if dns_entries.has_key(name):
  80. continue
  81. dns_entries[name] = 1
  82. add_entry(name, 'DNS entry')
  83. fd.close()
  84. # Do host files.
  85. #
  86. re_host = re.compile(r'^[^#\s]+\s+([^#]+)')
  87. re_hostent = re.compile(r'\s+')
  88. for file, host in rbconfig.files_host:
  89. fd = open(file)
  90. for line in fd.readlines():
  91. res = re_host.search(line.lower())
  92. if not res:
  93. continue
  94. for name in res.group(1).split():
  95. if name and '.' not in name and len(name) <= rbconfig.maxlen_uname and not dns_entries.has_key(name):
  96. dns_entries[name] = 1
  97. add_entry(name, '%s Host entry' % host)
  98. # Do Unix group files.
  99. #
  100. for file, host in rbconfig.files_group:
  101. fd = open(file)
  102. for line in fd.readlines():
  103. grp = line.split(':')[0].lower()
  104. if len(grp) <= rbconfig.maxlen_uname and not ldap_groups.has_key(grp):
  105. add_entry(grp, '%s Unix group' % host)
  106. print '[%d].' % len(entries.keys()),
  107. # Delete any dynamic entries in LDAP reserved tree that are not in the
  108. # list we built i.e. unused.
  109. #
  110. print 'Purge',
  111. purge_dn = []
  112. res = udb.list_reserved_dynamic()
  113. for uid in res:
  114. if not entries.has_key(uid):
  115. purge_dn.append('uid=%s,%s' % (uid, rbconfig.ldap_reserved_tree))
  116. for i in purge_dn:
  117. if not opt.test:
  118. udb.ldap.delete_s(i)
  119. else:
  120. print 'delete', i
  121. print '[%d]' % len(purge_dn),
  122. # Now add/update entries.
  123. #
  124. print 'Populate.',
  125. total_mods = total_adds = 0
  126. for k, v in entries.items():
  127. if ldap_reserveds.has_key(k):
  128. if not ldap_reserveds_static.has_key(k) and v != ldap_reserveds[k]:
  129. if not opt.test:
  130. udb.ldap.modify_s('uid=%s,%s' % (k, rbconfig.ldap_reserved_tree), ((ldap.MOD_REPLACE, 'description', v),))
  131. else:
  132. print 'modify %-8s [%s] [%s]' % (k, v, ldap_reserveds[k])
  133. total_mods += 1
  134. else:
  135. if not opt.test:
  136. udb.ldap.add_s('uid=%s,%s' % (k, rbconfig.ldap_reserved_tree), (('uid', k), ('description', v), ('objectClass', ('reserved', 'top'))))
  137. else:
  138. print 'add %-8s [%s]' % (k, v)
  139. total_adds += 1
  140. print 'Done [%d adds, %d mods]' % (total_adds, total_mods)
  141. udb.close()
  142. if __name__ == "__main__":
  143. main()