Added module cl_client_cache

pym/cl_client_cache.py

@@ -0,0 +1,559 @@
+#-*- coding: utf-8 -*-
+
+# Copyright 2010 Calculate Ltd. http://www.calculate-linux.org
+#
+#  Licensed under the Apache License, Version 2.0 (the "License");
+#  you may not use this file except in compliance with the License.
+#  You may obtain a copy of the License at
+#
+#      http://www.apache.org/licenses/LICENSE-2.0
+#
+#  Unless required by applicable law or agreed to in writing, software
+#  distributed under the License is distributed on an "AS IS" BASIS,
+#  WITHOUT WARRANTIES OR CONDITIONS OF ANY KIND, either express or implied.
+#  See the License for the specific language governing permissions and
+#  limitations under the License.
+
+import os, sys, re, time
+from cl_utils import pathJoin
+from cl_print import color_print
+from encrypt import encrypt
+from cl_ldap  import ldapUser
+
+from cl_lang import lang
+lang().setLanguage(sys.modules[__name__])
+
+class _shareData(color_print):
+    """Share class"""
+    data = []
+    #_reNumb = re.compile("^\d+$")
+
+    def getDataInFile(self, fileName='', lenData=0):
+        """Get data list from file"""
+        return filter(lambda x: len(x)==lenData,
+                      map(lambda x: x.rstrip().split(":"), open(fileName)))
+
+    def getFileAccess(self, perm="READ"):
+        if perm == "READ":
+            if os.access(self.fileName, os.R_OK):
+                return True
+            else:
+                self.printERROR(_("Can not read to file")+": "+self.fileName)
+            return False
+        elif perm == "WRITE":
+            if os.access(self.fileName, os.W_OK):
+                return True
+            else:
+                self.printERROR(_("Can not write to file")+": "+self.fileName)
+                return False
+
+    def getData(self):
+        if id(_shareData.data) == id(self.data):
+            self.data = self.data[:]
+        if self.data:
+            return self.data
+        elif self.getFileAccess(perm="READ"):
+            self.data = self.getDataInFile(fileName=self.fileName,
+                                           lenData=self.lenData)
+            return self.data
+        else:
+            return False
+
+    def save(self):
+        if self.getFileAccess(perm="WRITE"):
+            buff = "\n".join(map(lambda x: ":".join(x), self.data)) + "\n"
+            FD  = open(self.fileName, "w+")
+            FD.write(buff)
+            FD.close()
+            return True
+        else:
+            return False
+
+    def delete(self, name):
+        if self.getData() is False:
+            return False
+        else:
+            self.data = filter(lambda x: x[0]!=name, self.data) 
+            return True
+
+    def replace(self, name, listData):
+        if self.getData() is False:
+            return False
+        else:
+            flagFound = False
+            for index, listDataOld in enumerate(self.data):
+                if name == listDataOld[0]:
+                    flagFound = True
+                    self.data[index] = listData
+            if flagFound:
+                return True
+            else:
+                return None
+
+    def get(self, name):
+        if self.getData() is False:
+            return False
+        else:
+            listData = filter(lambda x: x[0]==name, self.data)
+            if listData:
+                return listData[0]
+            else:
+                return []
+
+class passwd(_shareData):
+    '''Class for working with the file /etc/passwd'''
+    fileName = "/etc/passwd"
+    template = "%(login)s:x:%(uid)s:%(gid)s:%(gecos)s:%(directory)s:%(shell)s"
+    lenData = 7
+
+    def add(self, name, uid, gid, gecos="", directory="", shell="/bin/bash"):
+        if not directory:
+            directory = "/home/%s" %name
+        userData = self.template%{'login':name, 'uid':uid, 'gid':gid,
+                                  'gecos':gecos, 'directory':directory,
+                                  'shell':shell}
+        userList = userData.split(":")
+        if self.getData() is False:
+            return False
+        else:
+            ret = self.replace(name, userList)
+            if ret is False:
+                return False
+            elif ret is None:
+                self.data.append(userList)
+            return True
+
+class group(_shareData):
+    '''Class for working with the file /etc/group'''
+    fileName = "/etc/group"
+    template = "%(group_name)s:x:%(gid)s:%(user_list)s"
+    lenData = 4
+
+    def add(self, name, gid, userList=[]):
+        groupData = self.template%{'group_name':name, 'gid':gid,
+                                   'user_list':','.join(userList)}
+        groupList = groupData.split(":")
+        if self.getData() is False:
+            return False
+        else:
+            ret = self.replace(name, groupList)
+            if ret is False:
+                return False
+            elif ret is None:
+                self.data.append(groupList)
+            return True
+
+class shadow(_shareData):
+    '''Class for working with the file /etc/shadow'''
+    fileName = "/etc/shadow"
+    template = "%(login)s:%(hash)s:%(shadowLastChange)s:\
+%(shadowMin)s:%(shadowMax)s:%(shadowWarning)s:::"
+    lenData = 9
+
+    def add(self, name, pwdHash,
+                  shadowLastChange=str(int(time.time()/86400)), shadowMin="0",
+                  shadowMax="99999", shadowWarning="7"):
+        shadowData = self.template%{'login':name, 'hash':pwdHash,
+                                    'shadowLastChange':shadowLastChange,
+                                    'shadowMin':shadowMin,
+                                    'shadowMax':shadowMax,
+                                    'shadowWarning':shadowWarning}
+        shadowList = shadowData.split(":")
+        if self.getData() is False:
+            return False
+        else:
+            ret = self.replace(name, shadowList)
+            if ret is False:
+                return False
+            elif ret is None:
+                self.data.append(shadowList)
+            return True
+
+
+class _shareCache():
+
+    def save(self):
+        path = os.path.dirname(self.fileName)
+        if not os.path.exists(path):
+            try:
+                os.makedirs(path)
+            except:
+                self.printERROR(_("Can not create directory %s")%path)
+                return False
+        if not os.path.exists(self.fileName):
+            try:
+                open(self.fileName, "w")
+            except:
+                self.printERROR(_("Can not create file %s")%self.fileName)
+                return False
+        if self.getFileAccess(perm="WRITE"):
+            buff = "\n".join(map(lambda x: ":".join(x), self.data)) + "\n"
+            FD  = open(self.fileName, "w+")
+            FD.write(buff)
+            FD.close()
+            return True
+        else:
+            return False
+
+    def getData(self):
+        if id(_shareData.data) == id(self.data):
+            self.data = self.data[:]
+        if self.data:
+            return self.data
+        elif not os.path.exists(self.fileName):
+            return self.data
+        elif self.getFileAccess(perm="READ"):
+            self.data = self.getDataInFile(fileName=self.fileName,
+                                           lenData=self.lenData)
+            return self.data
+        else:
+            return False
+
+class cachePasswd(_shareCache, passwd):
+    fileName = "/var/lib/calculate/calculate-client/cache/passwd"
+
+class cacheGroup(_shareCache, group):
+    fileName = "/var/lib/calculate/calculate-client/cache/group"
+
+class cacheShadow(_shareCache, shadow):
+    fileName = "/var/lib/calculate/calculate-client/cache/shadow"
+
+class userCache(color_print):
+    ldapObj = ldapUser()
+
+    def addUserToCache(self, userName, pwdHash):
+        '''Add LDAP user to cache'''
+        ldapData = self.ldapObj.getUserLdapInfo(userName, shadowAttr=True)
+        if not ldapData:
+            self.printERROR(_("Can not found user %s in LDAP")%userName)
+            return False
+        passwdObj = passwd()
+        userData = passwdObj.get(userName)
+        if userData is False:
+            return False
+        elif userData:
+            self.printWARNING(_("User %s found in /etc/passwd")%userName)
+            self.printWARNING(\
+                            _("User Account will not be recorded in the cache"))
+            return True
+        groupName = ldapData['group']
+        groupObj = group()
+        # is cached group?
+        flagCacheGroup = True
+        groupData = groupObj.get(groupName)
+        if groupData is False:
+            return False
+        elif groupData:
+            flagCacheGroup = False
+        # Add user
+        cachePasswdObj = cachePasswd()
+        if not cachePasswdObj.add(userName, ldapData['uid'], ldapData['gid'],
+                                  gecos=ldapData['fullName'],
+                                  directory=ldapData['home'],
+                                  shell=ldapData['loginShell']):
+            return False
+        if not cachePasswdObj.save():
+            return False
+        # Add group
+        if flagCacheGroup:
+            cacheGroupObj = cacheGroup()
+            if not cacheGroupObj.add(groupName,ldapData['gid']):
+                return False
+            if not cacheGroupObj.save():
+                return False
+        # Add shadow user
+        cacheShadowObj = cacheShadow()
+        if not cacheShadowObj.add(userName, pwdHash,
+                                  shadowLastChange=ldapData['shadowLastChange'],
+                                  shadowMin=ldapData['shadowMin'],
+                                  shadowMax=ldapData['shadowMax'],
+                                  shadowWarning=ldapData['shadowWarning']):
+            return False
+        if not cacheShadowObj.save():
+            return False
+        return True
+
+    def delUserFromCache(self, userName):
+        '''Delete LDAP user from cache'''
+        cachePasswdObj = cachePasswd()
+        cacheUserData = cachePasswdObj.get(userName)
+        if cacheUserData is False:
+            return False
+        if not cacheUserData:
+            return True
+        gid = cacheUserData[3]
+        flagDeleteGroup = len(filter(lambda x:x[3]==gid,cachePasswdObj.data))==1
+        # delete user
+        if not cachePasswdObj.delete(userName):
+            return False
+        if not cachePasswdObj.save():
+            return False
+        # delete shadow user
+        cacheShadowObj = cacheShadow()
+        if not cacheShadowObj.delete(userName):
+            return False
+        if not cacheShadowObj.save():
+            return False
+        # delete group
+        if flagDeleteGroup:
+            cacheGroupObj = cacheGroup()
+            cacheListGroupData = cacheGroupObj.getData()
+            if cacheListGroupData is False:
+                return False
+            cacheGroupData = map(lambda x: x[0], filter(lambda x: x[2]==gid,
+                                    cacheListGroupData))
+             # delete group
+            if cacheGroupData:
+                groupName = cacheGroupData[0]
+                if not cacheGroupObj.delete(groupName):
+                    return False
+                if not cacheGroupObj.save():
+                    return False
+        return True
+
+    def delUserFromSystem(self, userName):
+        '''Delete LDAP user from system files ( passwd, group, shadow )'''
+        cachePasswdObj = cachePasswd()
+        cacheUserData = cachePasswdObj.get(userName)
+        if cacheUserData is False:
+            return False
+        if not cacheUserData:
+            return True
+        passwdObj = passwd()
+        userData = passwdObj.get(userName)
+        if userData is False:
+            return False
+        # delete user
+        if not userData:
+            return True
+        if not passwdObj.delete(userName):
+            return False
+        if not passwdObj.save():
+            return False
+        gid = userData[3]
+        cacheGroupObj = cacheGroup()
+        cacheListGroupData = cacheGroupObj.getData()
+        if cacheListGroupData is False:
+            return False
+        cacheGroupData = map(lambda x: x[0], filter(lambda x: x[2]==gid,
+                             cacheListGroupData))
+        # delete group
+        if cacheGroupData:
+            groupName = cacheGroupData[0]
+            groupObj = group()
+            groupData = groupObj.get(groupName)
+            if groupData is False:
+                return False
+            if not groupObj.delete(groupName):
+                return False
+            if not groupObj.save():
+                return False
+        # delete user shadow
+        shadowObj = shadow()
+        shadowData = shadowObj.get(userName)
+        if shadowData is False:
+            return False
+        if not shadowData:
+            return True
+        if not shadowObj.delete(userName):
+            return False
+        if not shadowObj.save():
+            return False
+        return True
+
+    def isConnectToLdap(self):
+        connectData = self.ldapObj.getBindConnectData()
+        if not connectData:
+            return {}
+        bindDn, bindPw, host = connectData
+        usersDN = self.ldapObj.getUsersDN()
+        groupsDNs = self.ldapObj.getGroupsDN()
+        # Соединяемся с LDAP
+        if not self.ldapObj.ldapConnect(bindDn, bindPw, host):
+            return False
+        return True
+
+    def deleteCacheUsersFromSystem(self):
+        '''Delete cache users from system'''
+        cachePasswdObj = cachePasswd()
+        cacheListPasswdData = cachePasswdObj.getData()
+        if cacheListPasswdData is False:
+            return False
+        delUsersPasswd = map(lambda x: x[0], cacheListPasswdData)
+        passwdObj = passwd()
+        for delUser in delUsersPasswd:
+            if not passwdObj.delete(delUser):
+                return False
+        if delUsersPasswd:
+            if not passwdObj.save():
+                return False
+        cacheShadowObj = cacheShadow()
+        cacheListShadowData = cacheShadowObj.getData()
+        if cacheListShadowData is False:
+            return False
+        delUsersShadow = map(lambda x: x[0], cacheListShadowData)
+        shadowObj = shadow()
+        for delUser in delUsersShadow:
+            if not shadowObj.delete(delUser):
+                return False
+        if delUsersShadow:
+            if not shadowObj.save():
+                return False
+        cacheGroupObj = cacheGroup()
+        cacheListGroupData = cacheGroupObj.getData()
+        if cacheListGroupData is False:
+            return False
+        delGroups = map(lambda x: x[0], cacheListGroupData)
+        groupObj = group()
+        for delGroup in delGroups:
+            if not groupObj.delete(delGroup):
+                return False
+        if delGroups:
+            if not groupObj.save():
+                return False
+        return True
+
+    def addCacheUsersFromSystem(self):
+        '''Add cache users from system'''
+        cachePasswdObj = cachePasswd()
+        cacheListPasswdData = cachePasswdObj.getData()
+        if cacheListPasswdData is False:
+            return False
+        # Add cache passwd users to system
+        passwdObj = passwd()
+        for cachePasswdData in cacheListPasswdData:
+            userName, x, uid, gid, gecos, directory, shell = cachePasswdData
+            if not passwdObj.add(userName, uid, gid,
+                                 gecos=gecos,
+                                 directory=directory,
+                                 shell=shell):
+                return False
+        if cacheListPasswdData:
+            if not passwdObj.save():
+                return False
+        cacheShadowObj = cacheShadow()
+        cacheListShadowData = cacheShadowObj.getData()
+        if cacheListShadowData is False:
+            return False
+        # Add cache shadow users to system
+        shadowObj = shadow()
+        for cacheShadowData in cacheListShadowData:
+            userName, pwdHash, shadowLastChange, shadowMin, shadowMax,\
+            shadowWarning, x,x,x = cacheShadowData
+            if not shadowObj.add(userName, pwdHash,
+                                  shadowLastChange=shadowLastChange,
+                                  shadowMin=shadowMin,
+                                  shadowMax=shadowMax,
+                                  shadowWarning=shadowWarning):
+                return False
+        if cacheListShadowData:
+            if not shadowObj.save():
+                return False
+        cacheGroupObj = cacheGroup()
+        cacheListGroupData = cacheGroupObj.getData()
+        if cacheListGroupData is False:
+            return False
+        # Add cache group users to system
+        groupObj = group()
+        for cacheGroupData in cacheListGroupData:
+            groupName, x, gid, x = cacheGroupData
+            if not groupObj.add(groupName, gid):
+                return False
+        if cacheListGroupData:
+            if not groupObj.save():
+                return False
+        return True
+
+    def syncCacheToLdap(self):
+        '''Compare cache users to LDAP users.
+
+        Deleting a user from the cache when the differences'''
+        if not self.isConnectToLdap():
+            self.printERROR(_("Can not conected to LDAP server"))
+            return False
+        cachePasswdObj = cachePasswd()
+        cacheListPasswdData = cachePasswdObj.getData()
+        if cacheListPasswdData is False:
+            return False
+        if not cacheListPasswdData:
+            return True
+        cacheGroupObj = cacheGroup()
+        cacheListGroupData = cacheGroupObj.getData()
+        if cacheListGroupData is False:
+            return False
+        cacheShadowObj = cacheShadow()
+        deletedCacheUsers = []
+        for cachePasswdData in cacheListPasswdData:
+            userName, x, uid, gid, gecos, directory, shell = cachePasswdData
+            ldapData = self.ldapObj.getUserLdapInfo(userName, shadowAttr=True)
+            if not ldapData:
+                deletedCacheUsers.append(userName)
+                continue
+            cacheGroupData = map(lambda x: x[0], filter(lambda x: x[2]==gid,
+                                    cacheListGroupData))
+            if not cacheGroupData:
+                deletedCacheUsers.append(userName)
+                continue
+            groupName = cacheGroupData[0]
+            cacheShadowData = cacheShadowObj.get(userName)
+            if cacheShadowData is False:
+                return False
+            if not cacheShadowData:
+                deletedCacheUsers.append(userName)
+                continue
+            x,x, shadowLastChange, shadowMin, shadowMax, shadowWarning,\
+                x,x,x = cacheShadowData
+            userShadowDict = {'uid': uid,
+                              'gid': gid,
+                              'fullName': gecos,
+                              'home': directory,
+                              'group': groupName,
+                              'loginShell':shell,
+                              'shadowLastChange':shadowLastChange,
+                              'shadowMin':shadowMin,
+                              'shadowMax':shadowMax,
+                              'shadowWarning':shadowWarning}
+            flagDeleteUser = False
+            for attr, value in userShadowDict.items():
+                if ldapData[attr] != value:
+                    flagDeleteUser = True
+                    break
+            if flagDeleteUser:
+                deletedCacheUsers.append(userName)
+                continue
+        # Deleted cache users
+        for delUserName in deletedCacheUsers:
+            if not self.delUserFromCache(delUserName):
+                return False
+        # sync groups
+        cachePasswdObj = cachePasswd()
+        cacheListPasswdData = cachePasswdObj.getData()
+        if cacheListPasswdData is False:
+            return False
+        if not cacheListPasswdData:
+            return True
+        cacheGroupObj = cacheGroup()
+        cacheListGroupData = cacheGroupObj.getData()
+        if cacheListGroupData is False:
+            return False
+        deletedCacheGroups = []        
+        for cacheGroupData in cacheListGroupData:
+            groupName, x , gid, x = cacheGroupData
+            if not filter(lambda x: x[3]==gid, cacheListPasswdData):
+                deletedCacheGroups.append(groupName)
+        # Delete groups
+        for delGroupName in deletedCacheGroups:
+            if not cacheGroupObj.delete(cacheGroupObj):
+                return False
+        if deletedCacheGroups:
+            if not cacheGroupObj.save():
+                return False
+        return True
+
+    def clearCache(self):
+        '''Clear cache files'''
+        cacheObjs = (cachePasswd(), cacheShadow(), cacheGroup())
+        for cacheObj in cacheObjs:
+            if not cacheObj.save():
+                return False
+        return True