swauth 1.3.0-1 / usr / bin / swauth-add-user

This file is indexed.

/usr/bin/swauth-add-user is in swauth 1.3.0-1.

This file is owned by root:root, with mode 0o755.

The actual contents of the file can be viewed below. 

  1
  2
  3
  4
  5
  6
  7
  8
  9
 10
 11
 12
 13
 14
 15
 16
 17
 18
 19
 20
 21
 22
 23
 24
 25
 26
 27
 28
 29
 30
 31
 32
 33
 34
 35
 36
 37
 38
 39
 40
 41
 42
 43
 44
 45
 46
 47
 48
 49
 50
 51
 52
 53
 54
 55
 56
 57
 58
 59
 60
 61
 62
 63
 64
 65
 66
 67
 68
 69
 70
 71
 72
 73
 74
 75
 76
 77
 78
 79
 80
 81
 82
 83
 84
 85
 86
 87
 88
 89
 90
 91
 92
 93
 94
 95
 96
 97
 98
 99
100
101
102
103
104
105
106
107
108
109
110
#!/usr/bin/python
# Copyright (c) 2010-2011 OpenStack, LLC.
#
# Licensed under the Apache License, Version 2.0 (the "License");
# you may not use this file except in compliance with the License.
# You may obtain a copy of the License at
#
#    http://www.apache.org/licenses/LICENSE-2.0
#
# Unless required by applicable law or agreed to in writing, software
# distributed under the License is distributed on an "AS IS" BASIS,
# WITHOUT WARRANTIES OR CONDITIONS OF ANY KIND, either express or
# implied.
# See the License for the specific language governing permissions and
# limitations under the License.

from getpass import getpass
import gettext
from optparse import OptionParser
from sys import argv
from sys import exit

from swift.common.bufferedhttp import http_connect_raw as http_connect
from swift.common.utils import urlparse


if __name__ == '__main__':
    gettext.install('swauth', unicode=1)
    parser = OptionParser(
        usage='Usage: %prog [options] <account> <user> <password>')
    parser.add_option('-a', '--admin', dest='admin', action='store_true',
        default=False, help='Give the user administrator access; otherwise '
        'the user will only have access to containers specifically allowed '
        'with ACLs.')
    parser.add_option('-r', '--reseller-admin', dest='reseller_admin',
        action='store_true', default=False, help='Give the user full reseller '
        'administrator access, giving them full access to all accounts within '
        'the reseller, including the ability to create new accounts. Creating '
        'a new reseller admin requires super_admin rights.')
    parser.add_option('-s', '--suffix', dest='suffix',
        default='', help='The suffix to use with the reseller prefix as the '
        'storage account name (default: <randomly-generated-uuid4>) Note: If '
        'the account already exists, this will have no effect on existing '
        'service URLs. Those will need to be updated with '
        'swauth-set-account-service')
    parser.add_option('-e', '--hashed', dest='password_hashed',
        action='store_true', default=False, help='Supplied password is '
        'already hashed and in format <auth_type>:<hashed_password>')
    parser.add_option('-A', '--admin-url', dest='admin_url',
        default='http://127.0.0.1:8080/auth/', help='The URL to the auth '
        'subsystem (default: http://127.0.0.1:8080/auth/')
    parser.add_option('-U', '--admin-user', dest='admin_user',
        default='.super_admin', help='The user with admin rights to add users '
        '(default: .super_admin).')
    parser.add_option('-K', '--admin-key', dest='admin_key',
        help='The key for the user with admin rights to add users.')
    args = argv[1:]
    if not args:
        args.append('-h')
    (options, args) = parser.parse_args(args)
    if len(args) != 3:
        parser.parse_args(['-h'])
    if not options.admin_key:
        options.admin_key = getpass()
    account, user, password = args
    parsed = urlparse(options.admin_url)
    if parsed.scheme not in ('http', 'https'):
        raise ValueError('Cannot handle protocol scheme %s for url %s' %
                         (parsed.scheme, repr(options.admin_url)))
    parsed_path = parsed.path
    if not parsed_path:
        parsed_path = '/'
    elif parsed_path[-1] != '/':
        parsed_path += '/'
    # Ensure the account exists if user is NOT trying to change his password
    if not options.admin_user == (account + ':' + user):
        path = '%sv2/%s' % (parsed_path, account)
        headers = {'X-Auth-Admin-User': options.admin_user,
                   'X-Auth-Admin-Key': options.admin_key}
        if options.suffix:
            headers['X-Account-Suffix'] = options.suffix
        conn = http_connect(parsed.hostname, parsed.port, 'GET', path, headers,
                            ssl=(parsed.scheme == 'https'))
        resp = conn.getresponse()
        if resp.status // 100 != 2:
            headers['Content-Length'] = '0'
            conn = http_connect(parsed.hostname, parsed.port, 'PUT', path,
                                headers, ssl=(parsed.scheme == 'https'))
            resp = conn.getresponse()
            if resp.status // 100 != 2:
                print('Account creation failed: %s %s' %
                      (resp.status, resp.reason))
    # Add the user
    path = '%sv2/%s/%s' % (parsed_path, account, user)
    headers = {'X-Auth-Admin-User': options.admin_user,
               'X-Auth-Admin-Key': options.admin_key,
               'Content-Length': '0'}
    if options.admin:
        headers['X-Auth-User-Admin'] = 'true'
    if options.reseller_admin:
        headers['X-Auth-User-Reseller-Admin'] = 'true'
    if options.password_hashed:
        headers['X-Auth-User-Key-Hash'] = password
    else:
        headers['X-Auth-User-Key'] = password
    conn = http_connect(parsed.hostname, parsed.port, 'PUT', path, headers,
                        ssl=(parsed.scheme == 'https'))
    resp = conn.getresponse()
    if resp.status // 100 != 2:
        exit('User creation failed: %s %s' % (resp.status, resp.reason))

APT Browse - Built by Thomas Orozco.