/usr/share/pyshared/landscape/manager/usermanager.py is in landscape-common 12.04.3-0ubuntu1.
This file is owned by root:root, with mode 0o644.
The actual contents of the file can be viewed below.
1 2 3 4 5 6 7 8 9 10 11 12 13 14 15 16 17 18 19 20 21 22 23 24 25 26 27 28 29 30 31 32 33 34 35 36 37 38 39 40 41 42 43 44 45 46 47 48 49 50 51 52 53 54 55 56 57 58 59 60 61 62 63 64 65 66 67 68 69 70 71 72 73 74 75 76 77 78 79 80 81 82 83 84 85 86 87 88 89 90 91 92 93 94 95 96 97 98 99 100 101 102 103 104 105 106 107 108 109 110 111 112 113 114 115 116 117 118 119 120 121 122 123 124 125 126 127 128 129 130 131 132 133 134 135 136 137 138 139 140 141 142 143 144 145 146 147 148 149 150 151 152 153 154 155 156 157 158 159 160 161 162 163 164 165 166 167 168 169 170 171 172 173 174 | import os
import logging
from landscape.lib.amp import RemoteObject
from landscape.amp import (
ComponentProtocol, ComponentProtocolFactory, RemoteComponentConnector)
from landscape.user.management import UserManagement
from landscape.manager.plugin import ManagerPlugin
from landscape.monitor.usermonitor import RemoteUserMonitorConnector
class UserManager(ManagerPlugin):
name = "usermanager"
def __init__(self, management=None, shadow_file="/etc/shadow"):
self._management = management or UserManagement()
self._shadow_file = shadow_file
self._message_types = {"add-user": self._add_user,
"edit-user": self._edit_user,
"lock-user": self._lock_user,
"unlock-user": self._unlock_user,
"remove-user": self._remove_user,
"add-group": self._add_group,
"edit-group": self._edit_group,
"remove-group": self._remove_group,
"add-group-member": self._add_group_member,
"remove-group-member":
self._remove_group_member}
self._port = None
def register(self, registry):
"""
Schedule reactor events for generic L{Plugin} callbacks, user
and group management operations, and resynchronization.
"""
super(UserManager, self).register(registry)
self._registry = registry
factory = UserManagerProtocolFactory(object=self)
socket = os.path.join(self.registry.config.sockets_path,
self.name + ".sock")
self._port = self.registry.reactor.listen_unix(socket, factory)
for message_type in self._message_types:
self._registry.register_message(message_type,
self._message_dispatch)
def stop(self):
"""Stop listening for incoming AMP connections."""
if self._port:
self._port.stopListening()
self._port = None
def get_locked_usernames(self):
"""Return a list of usernames with locked system accounts."""
locked_users = []
if self._shadow_file:
try:
shadow_file = open(self._shadow_file, "r")
for line in shadow_file:
parts = line.split(":")
if len(parts) > 1:
if parts[1].startswith("!"):
locked_users.append(parts[0].strip())
except IOError, e:
logging.error("Error reading shadow file. %s" % e)
return locked_users
def _message_dispatch(self, message):
"""Dispatch the given user-change request to the correct handler.
@param message: The request we got from the server.
"""
user_monitor_connector = RemoteUserMonitorConnector(
self.registry.reactor, self.registry.config)
def detect_changes(user_monitor):
self._user_monitor = user_monitor
return user_monitor.detect_changes()
result = user_monitor_connector.connect()
result.addCallback(detect_changes)
result.addCallback(self._perform_operation, message)
result.addCallback(self._send_changes, message)
result.addCallback(lambda x: user_monitor_connector.disconnect())
return result
def _perform_operation(self, result, message):
message_type = message["type"]
message_method = self._message_types[message_type]
return self.call_with_operation_result(message, message_method,
message)
def _send_changes(self, result, message):
return self._user_monitor.detect_changes(message["operation-id"])
def _add_user(self, message):
"""Run an C{add-user} operation."""
return self._management.add_user(message["username"], message["name"],
message["password"],
message["require-password-reset"],
message["primary-group-name"],
message["location"],
message["work-number"],
message["home-number"])
def _edit_user(self, message):
"""Run an C{edit-user} operation."""
return self._management.set_user_details(
message["username"], password=message["password"],
name=message["name"], location=message["location"],
work_number=message["work-number"],
home_number=message["home-number"],
primary_group_name=message["primary-group-name"])
def _lock_user(self, message):
"""Run a C{lock-user} operation."""
return self._management.lock_user(message["username"])
def _unlock_user(self, message):
"""Run an C{unlock-user} operation."""
return self._management.unlock_user(message["username"])
def _remove_user(self, message):
"""Run a C{remove-user} operation."""
return self._management.remove_user(message["username"],
message["delete-home"])
def _add_group(self, message):
"""Run an C{add-group} operation."""
return self._management.add_group(message["groupname"])
def _edit_group(self, message):
"""Run an C{edit-group} operation."""
return self._management.set_group_details(message["groupname"],
message["new-name"])
def _add_group_member(self, message):
"""Run an C{add-group-member} operation."""
return self._management.add_group_member(message["username"],
message["groupname"])
def _remove_group_member(self, message):
"""Run a C{remove-group-member} operation."""
return self._management.remove_group_member(message["username"],
message["groupname"])
def _remove_group(self, message):
"""Run an C{remove-group} operation."""
return self._management.remove_group(message["groupname"])
class UserManagerProtocol(ComponentProtocol):
"""L{AMP}-based protocol for calling L{UserManager}'s methods remotely."""
methods = ["get_locked_usernames"]
class UserManagerProtocolFactory(ComponentProtocolFactory):
protocol = UserManagerProtocol
class RemoteUserManager(RemoteObject):
"""A connected remote L{UserManager}."""
class RemoteUserManagerConnector(RemoteComponentConnector):
factory = ComponentProtocolFactory
remote = RemoteUserManager
component = UserManager
|