nethsec.users

package documentation
(source)

Library that handles users and groups

From __init__.py:

Function add_ldap_database Add a new LDAP database
Function add_local_database Add a new local database
Function add_local_group Add a new local group
Function add_local_user Add a new local user
Function add_remote_user Add a new remote user
Function check_password Check a shadow password
Function delete_ldap_database Delete an existing LDAP database
Function delete_local_database Delete an existing local database
Function delete_local_group Delete an existing local group
Function delete_local_user Delete an existing local user
Function delete_remote_user Delete an existing remote user
Function edit_ldap_database Edit an existing LDAP database
Function edit_local_database Edit an existing local database
Function edit_local_group Edit an existing local group
Function edit_local_user Edit an existing local user
Function edit_remote_user Edit an existing remote user
Function get_database Retrieve a database by name
Function get_database_type Retrieve database type
Function get_group_addresses Retrieve all IP addresses associated to given group
Function get_group_by_name Retrieve a group by name
Function get_group_macs Retrieve all MAC addresses associated to given group
Function get_user_addresses Retrieve all IP addresses associated to given user
Function get_user_by_name Retrieve a user by name
Function get_user_macs Retrieve all MAC addresses associated to given user
Function is_admin Check if a user is admin
Function ldif2users Parse an LDIF file and return a list of users
Function list_databases Retrieve all databases
Function list_remote_users Test LDAP connection
Function list_users Retrieve all users
Function remove_admin Remove a user from rpcd configuration database
Function set_admin Set a user as admin by creating a login record in rpcd configuration database
Function shadow_password Generate a shadow password
def add_ldap_database(uci, name, uri, schema, base_dn, user_dn, user_attr, user_display_attr, start_tls=False, tls_reqcert='never', description='', bind_dn=None, bind_password=None, user_bind_dn=None): (source)

Add a new LDAP database

Arguments:
  • uci -- EUci pointer
  • name -- Database identifier
  • uri -- LDAP URI
  • schema -- LDAP schema
  • base_dn -- LDAP base DN
  • user_dn -- LDAP user DN
  • user_attr -- LDAP user attribute
  • user_display_attr -- LDAP user full name attribute
  • start_tls -- Use TLS (default: False)
  • tls_reqcert -- TLS certificate validation (default: never)
  • description -- Database description (default: "")
  • bind_dn -- LDAP bind DN
  • bind_password -- LDAP bind password
  • user_bind_dn -- LDAP custom user bind DN
Returns:
  • The database identifier
def add_local_database(uci, name, description=''): (source)

Add a new local database

Arguments:
  • uci -- EUci pointer
  • name -- Database identifier
  • description -- Database description (default: "")
Returns:
  • The database identifier
def add_local_group(uci, name, users=[], description='', database='main'): (source)

Add a new local group

Arguments:
  • uci -- EUci pointer
  • name -- Group name
  • users -- List of users (default: [])
  • description -- Group description (default: "")
  • database -- Local database identifier (default: main)
Returns:
  • The group identifier
def add_local_user(uci, name, password='', description='', database='main', extra_fields={}): (source)

Add a new local user

Arguments:
  • uci -- EUci pointer
  • name -- User name
  • password -- User password
  • description -- User description (default: "")
  • database -- Local database identifier (default: main)
  • extra_fields -- Extra fields to add to the user (default: {})
Returns:
  • The user identifier
def add_remote_user(uci, name, database, extra_fields={}): (source)

Add a new remote user

Arguments:
  • uci -- EUci pointer
  • name -- User name
  • database -- Database identifier
  • extra_fields -- Extra fields to add to the user (default: {})
Returns:
  • The user identifier
def check_password(password, shadow): (source)

Check a shadow password

Arguments:
  • password -- Clear text password
  • shadow -- Shadow password in crypt(3) format
Returns:
  • True if password matches, False otherwise
def delete_ldap_database(uci, name): (source)

Delete an existing LDAP database

Arguments:
  • uci -- EUci pointer
  • name -- Database identifier
Returns:
  • True if successful
def delete_local_database(uci, name): (source)

Delete an existing local database

Arguments:
  • uci -- EUci pointer
  • name -- Database identifier
Returns:
  • True if successful
def delete_local_group(uci, name, database='main'): (source)

Delete an existing local group

Arguments:
  • uci -- EUci pointer
  • name -- Group name
  • database -- Local database identifier (default: main)
Returns:
  • True if successful
def delete_local_user(uci, name, database='main'): (source)

Delete an existing local user

Arguments:
  • uci -- EUci pointer
  • name -- User name
  • database -- Local database identifier (default: main)
Returns:
  • True if successful
def delete_remote_user(uci, name, database): (source)

Delete an existing remote user

Arguments:
  • uci -- EUci pointer
  • name -- User name
  • database -- Database identifier
Returns:
  • True if successful
def edit_ldap_database(uci, name, uri, schema, base_dn, user_dn, user_attr, user_display_attr, start_tls=False, tls_reqcert='never', description='', bind_dn=None, bind_password=None, user_bind_dn=None): (source)

Edit an existing LDAP database

Arguments:
  • uci -- EUci pointer
  • name -- Database identifier
  • uri -- LDAP URI
  • schema -- LDAP schema
  • base_dn -- LDAP base DN
  • user_dn -- LDAP user DN
  • user_attr -- LDAP user attribute
  • user_display_attr -- LDAP user full name attribute
  • start_tls -- Use TLS (default: False)
  • tls_reqcert -- TLS certificate validation (default: never)
  • description -- Database description (default: "")
  • bind_dn -- LDAP bind DN
  • bind_password -- LDAP bind password
  • user_bind_dn -- LDAP custom user bind DN
Returns:
  • The database identifier
def edit_local_database(uci, name, description=''): (source)

Edit an existing local database

Arguments:
  • uci -- EUci pointer
  • name -- Database identifier
  • description -- Database description (default: "")
Returns:
  • The database identifier
def edit_local_group(uci, name, users=[], description='', database='main'): (source)

Edit an existing local group

Arguments:
  • uci -- EUci pointer
  • name -- Group name
  • users -- List of users (default: [])
  • description -- Group description (default: "")
  • database -- Local database identifier (default: main)
Returns:
  • The group identifier
def edit_local_user(uci, name, password='', description=None, database='main', extra_fields={}): (source)

Edit an existing local user

Arguments:
  • uci -- EUci pointer
  • name -- User name
  • password -- User password
  • description -- User description (default: None)
  • database -- Local database identifier (default: main)
  • extra_fields -- Extra fields to add to the user (default: {})
Returns:
  • The user identifier
def edit_remote_user(uci, name, database, extra_fields={}): (source)

Edit an existing remote user

Arguments:
  • uci -- EUci pointer
  • name -- User name
  • database -- Database identifier
  • extra_fields -- Extra fields to add to the user (default: {})
Returns:
  • The user identifier
def get_database(uci, name): (source)

Retrieve a database by name

Arguments:
  • uci -- EUci pointer
  • name -- Database identifier
Returns:
  • A database object or None if not found
def get_database_type(uci, database): (source)

Retrieve database type

Arguments:
  • uci -- EUci pointer
  • database -- Database identifier
Returns:
  • Database type (local or ldap)
def get_group_addresses(uci, group): (source)

Retrieve all IP addresses associated to given group

Arguments:
  • uci -- EUci pointer
  • user -- Group object id (UCI section)
Returns:
  • A tuple of lists: - first element is a list of IPv4 addresses - second element is a list of IPv6 addresses
def get_group_by_name(uci, name, database='main'): (source)

Retrieve a group by name

Arguments:
  • uci -- EUci pointer
  • name -- Group name
  • database -- Local database identifier (default: main)
Returns:
  • A group object or None if not found
def get_group_macs(uci, group): (source)

Retrieve all MAC addresses associated to given group

Arguments:
  • uci -- EUci pointer
  • group -- Group object id (UCI section)
Returns:
  • A list of MAC addresses
def get_user_addresses(uci, user): (source)

Retrieve all IP addresses associated to given user

Arguments:
  • uci -- EUci pointer
  • user -- User object id (UCI section)
Returns a tuple of lists:
  • first element is a list of IPv4 addresses
  • second element is a list of IPv6 addresses
def get_user_by_name(uci, name, database='main'): (source)

Retrieve a user by name

Arguments:
  • uci -- EUci pointer
  • name -- User name
  • database -- Local database identifier (default: main)
Returns:
  • A user object or None if not found
def get_user_macs(uci, user): (source)

Retrieve all MAC addresses associated to given user

Arguments:
  • uci -- EUci pointer
  • user -- User object id (UCI section)
Returns:
  • A list of MAC addresses
def is_admin(uci, username): (source)

Check if a user is admin

Arguments:
  • uci -- EUci pointer
  • username -- User name
Returns:
  • True if user is admin, False otherwise
def ldif2users(ldif_data, user_attr='uid', display_attr='cn'): (source)

Parse an LDIF file and return a list of users

Arguments:
  • ldif_data -- LDIF data
  • user_attr -- User attribute (default: uid)
  • display_attr -- Display name attr (default: cn)
Returns:
  • A list of users
def list_databases(uci): (source)

Retrieve all databases

Arguments:
  • uci -- EUci pointer
Returns:
  • A list of database objects, each one containing: - name: database identifier - type: database type (local or ldap) - description: database description
def list_remote_users(uri, user_dn, user_attr, user_display_attr, start_tls=False, tls_reqcert='never', bind_dn=None, bind_password=None, schema='ldap'): (source)

Test LDAP connection

Arguments:
  • uri -- LDAP URI
  • user_dn -- LDAP user DN
  • user_attr -- LDAP user attribute
  • user_display_attr -- LDAP user full name attribute
  • start_tls -- Use TLS (default: False)
  • tls_reqcert -- TLS certificate validation (default: never)
  • bind_dn -- LDAP bind DN
  • bind_password -- LDAP bind password
  • schema -- LDAP schema, 'ad' or 'ldap'
Returns:
  • A list of users, each one containing: - name: user name - description: user description
def list_users(uci, database='main'): (source)

Retrieve all users

Arguments:
  • database -- Database identifier (default: main)
Returns:
  • A list of user objects
def remove_admin(uci, username): (source)

Remove a user from rpcd configuration database

Arguments:
  • uci -- EUci pointer
  • username -- User name
Returns:
  • True if successful
def set_admin(uci, username, database): (source)

Set a user as admin by creating a login record in rpcd configuration database

Arguments:
  • uci -- EUci pointer
  • username -- User name
  • database -- Database identifier
Returns:
  • The user identifier inside the rpcd configuration database
def shadow_password(password): (source)

Generate a shadow password

Arguments:
  • password -- Clear text password
Returns:
  • A shadow password in crypt(3) format, as generate by mkpasswd. Format: $6$salt$hash