[svn.haxx.se] · SVN Dev · SVN Users · SVN Org · TSVN Dev · TSVN Users · Subclipse Dev · Subclipse Users · this month's index

Re: utility to manage the AuthUserFile(mod_authz_svn)

From: Kamesh Jayachandran <kamesh_at_collab.net>
Date: 2005-12-19 06:37:54 CET

Hi Darix,
Thanks for the info.
Anyway completed most of the functionality before even knowing this
information.
Attaching the new prog in case useful.

With regards
Kamesh Jayachandran
Marcus Rueckert wrote:
> hi,
>
> http://only.mawhrin.net/~mss/thingies/authz/
>
> you know that?
> and there are 1 or 2 other out there but i forgot the names.
>
> darix
>
>

#!/usr/bin/python
import getopt
import sys
import time
def help():
  print 'Usage:'
  print sys.argv[0], 'list-users -i /path/to/AuthUserFile'
  print 'Lists the users in the AuthUserFile.'
  print sys.argv[0], 'list-groups -i /path/to/AuthUserFile'
  print 'Lists the groups in the AuthUserFile.'
  print sys.argv[0], 'add-group -i /path/to/AuthUserFile -o /path/to/AuthUserFile --group=group_name_to_add'
  print 'Adds the group to the AuthUserFile.'
  print sys.argv[0], 'delete-user --user=username_to_delete -i /path/to/AuthUserFile -o /path/to/AuthUserFile'
  print 'Removes the user from all the groups he belongs. Removes the permissions the user as on any of the paths.'
  print sys.argv[0], 'delete-group --group=group_name_to_delete -i /path/to/AuthUserFile -o /path/to/AuthUserFile'
  print 'Removes the group definition and group specific permission on the paths.'
  print sys.argv[0], 'add-user-to-group --user=user --group=group -i /path/to/AuthUserFile -o /path/to/AuthUserFile'
  print 'Adds the user to the group.'
  print sys.argv[0], 'delete-user-from-group --user=user --group=group -i /path/to/AuthUserFile -o /path/to/AuthUserFile'
  print 'Removed the user from the group.'
  print sys.argv[0], 'grant-perms --path= --users= --groups= --perms -i /path/to/AuthUserFile -o /path/to/AuthUserFile'
  print 'Grants the permission on the path to user/group given.'
  print sys.argv[0], 'list-perms --path= --users= --groups= -i /path/to/AuthUserFile'
  print 'Lists the permission on the path to user/group given.'

def parsesection(lines):
  sectionname=lines[0][1:-1]
  section={}
  previous_line_continued=0
  prev_key = None
  counter = 0
  for i in lines[1:]:
    counter = counter + 1
    line = i.strip()
    if len(line) == 0:
      continue
    if line[0] == '#':
      continue
    elif line[0] == '[':
      break
 
    fields=[]
    if previous_line_continued == 0:
      fields = line.split('=')
    else:
      fields.append(prev_key)
      fields.append(line)
    if line[-1] == '\\':
      previous_line_continued=1
    else:
      previous_line_continued=0
    if len(fields) == 2:
      prev_key = fields[0].strip()
      if len(fields[1]) > 0:
        if fields[1][-1] == '\\':
                 fields[1] = fields[1][0:-1]
      if sectionname == 'groups':
        if section.has_key(fields[0]) == False:
          section[fields[0].strip()]=[]
        valuelist = fields[1].strip().split(',')
        if len(valuelist) > 0:
          if len(valuelist[-1].strip()) == 0:
            valuelist = valuelist[0:-1]
        for i in valuelist:
          section[fields[0].strip()].append(i.strip())
      else:
        section[fields[0].strip()]=fields[1].strip()
  return counter, sectionname, section

def saveAuthUserFile(sections, output_file_name):
  if output_file_name == None:
    print 'Please provide the output_file_name'
    help()
    return 1
  max_characters_per_line = 76
  outf = file(output_file_name, 'w')
  for section in sections:
    outf.write('[' + section + ']\n')
    for entry in sections[section]:
      if section == 'groups':
        entrylen = len(entry) + 3
        start_entrylen = entrylen
        total_entries = len(sections[section][entry])
        entry_num = 0
        outf.write(entry + ' = ')
        for username in sections[section][entry]:
          if entrylen == start_entrylen and entry_num !=0:
            outf.write(' ' * start_entrylen)
          outf.write(username)
          if entry_num != total_entries-1:
            outf.write(', ')
          entrylen = entrylen + len(username) + 2
          if entrylen > max_characters_per_line:
            outf.write('\\\n')
            entrylen = start_entrylen
          entry_num = entry_num + 1
      else:
        outf.write(entry + '=' + sections[section][entry])
      outf.write('\n')
    outf.write('\n')
  outf.close()

def getsections(input_file_name):
  f = file(input_file_name)
  lines = f.read().split('\n')[0:-1]
  total_lines = len(lines)
  lines_parsed = 0
  f.close()
  sectiondict={}
  while lines_parsed < total_lines-1:
    section_tuple = parsesection(lines[lines_parsed:])
    lines_parsed = lines_parsed + section_tuple[0]
    sectiondict[section_tuple[1]]=section_tuple[2]
  return sectiondict

def listusers(input_file_name):
  if input_file_name == None:
    print 'To list the users you need to give the AuthUserFile. If you don\'t have such a file start with some commands like add-group etc. '
    help()
    return 1
  userdict={}
  sections=getsections(input_file_name)
  for i in sections['groups']:
    for j in sections['groups'][i]:
      if j[0] != '@':
        userdict[j]=''

  del sections['groups']
  for i in sections:
    for j in sections[i]:
      auth_settings = j.strip()
      if len(auth_settings) > 0:
        if auth_settings[0] == '@':
          #entries starting with is group we don't get the usernames from this entry
          continue
      userdict[j]=''
  if userdict.has_key('*') == True:
    del userdict['*']
    userdict['Anonymous']=''
  userlist = userdict.keys()
  userlist.sort()
  for i in userlist:
    print i

def listgroups(input_file_name):
  if input_file_name == None:
    print 'To list the groups you need to give the AuthUserFile. If you don\'t have such a file start with some commands like add-group etc. '
    help()
    return 1
  userdict={}
  groups=getsections(input_file_name)['groups'].keys()
  groups.sort()
  for i in groups:
    print i

def addgroup(group, input_file_name, output_file_name):
  sections = getsections(input_file_name)
  if sections.has_key('groups') == False:
    sections['groups'] = {}
  sections['groups'][group]=[]
  saveAuthUserFile(sections, output_file_name)

def addusertogroup(user, group, input_file_name, output_file_name):
  sections = getsections(input_file_name)
  print sections['groups']
  if sections.has_key('groups') == False:
    sections['groups'] = {}
  else:
    if sections['groups'].has_key(group) == False:
      sections['groups'][group]=[]
  sections['groups'][group].append(user)
  saveAuthUserFile(sections, output_file_name)

def deleteuserfromgroup(user, group, input_file_name, output_file_name):
  if input_file_name == None:
    print 'Please provide the AuthUserFile to read from'
    help()
    return 1
  if output_file_name == None:
    print 'Please provide the AuthUserFile to write to'
    help()
    return 1
  if user == None:
    print 'Please provide the user to delete from the group'
    help()
    return 1
  if group == None:
    print 'Please provide the group to delete the user from'
    help()
    return 1
  sections = getsections(input_file_name)
  if sections.has_key('groups') == False:
    return 1
  elif group != '*':
    if sections['groups'].has_key(group) == False:
      return 1
  if group == '*':
    for group in sections['groups']:
      index = 0
      for i in sections['groups'][group]:
        if i == user:
          print 'deleting from the group ' + group
          del sections['groups'][group][index]
        index = index + 1
  else:
    index = 0
    for i in sections['groups'][group]:
      if i == user:
        del sections['groups'][group][index]
      index = index + 1

  saveAuthUserFile(sections, output_file_name)

def grantperms(path, perms, user, group, input_file_name, output_file_name):
  if input_file_name == None:
    print 'Please provide the AuthUserFile to read from'
    help()
    return 1
  if output_file_name == None:
    print 'Please provide the AuthUserFile to write to'
    help()
    return 1
  if path == None:
    print 'Please provide the path'
    help()
    return 1
  if user == None and group == None:
    print 'Please provide the user or group name grant the permission to'
    help()
    return 1
  sections = getsections(input_file_name)
  if sections.has_key(path) == False:
    sections[path]={}
  if user != None:
    sections[path][user]=perms
  if group != None:
    if sections.has_key('groups') == False:
      print 'You don\'t seem to have any group create one using add-group.'
      return 1
    if sections['groups'].has_key(group) == False:
      print group + ' does not exist. Create a group using add-group.'
      return 1
    sections[path]['@' + group]=perms
  saveAuthUserFile(sections, output_file_name)

def deleteperms(path, user, group, input_file_name, output_file_name):
  if input_file_name == None:
    print 'Please provide the AuthUserFile to read from'
    help()
    return 1
  if output_file_name == None:
    print 'Please provide the AuthUserFile to write to'
    help()
    return 1
  if path == None:
    print 'Please provide the path'
    help()
    return 1
  if user == None and group == None:
    print 'Please provide the user or group name delete the permission on', path
    help()
    return 1
  sections = getsections(input_file_name)
  if sections.has_key(path) == False:
    print 'No explicit permission set for', path
    return 1
  if user != None:
    if sections[path].has_key(user) == True:
      del sections[path][user]
    else:
      print 'You don\'t have permission already set for this user', user, 'on', path
  if group != None:
    if sections[path].has_key('@' + group) == True:
      del sections[path]['@' + group]
    else:
      print 'You don\'t have permission already set for this group', group, 'on', path
  saveAuthUserFile(sections, output_file_name)

def deletegroup(group, input_file_name, output_file_name):
  sections = getsections(input_file_name)
  if sections.has_key('groups') == False:
    print 'There does not seem to be a groups section in the input file name.'
    if sections['groups'].has_key(group) == False:
      print group + ' does not exist in the groups section.'
    else:
      del sections['groups'][group]
  for section in sections:
    if section != 'groups':
      deletekeylist=[]
      for perm in sections[section]:
        if perm == '@' + group:
          deletekeylist.append(perm)
      for perm in deletekeylist:
        del sections[section][perm]
  
  saveAuthUserFile(sections, output_file_name)
  print 'Successfully deleted the group ' + group

def deleteuser(user, input_file_name, output_file_name):
  sections = getsections(input_file_name)
  if sections.has_key('groups') == False:
    print 'There does not seem to be a groups section in the input file name.'
  else:
    for group in sections['groups']:
      index = 0
      for i in sections['groups'][group]:
        if i == user:
          del sections['groups'][group][index]
        index = index + 1

  for section in sections:
    if section != 'groups':
      deletekeylist=[]
      for perm in sections[section]:
        if perm == user:
          deletekeylist.append(perm)
      for perm in deletekeylist:
        del sections[section][perm]
  saveAuthUserFile(sections, output_file_name)
  print 'Successfully deleted the user ' + user

def printperms(sections, user_or_group):
  for path in sections:
    if sections[path].has_key(user_or_group) == True:
      if len(sections[path][user_or_group]) == 0:
        print path + ':', 'No Access'
      else:
        print path + ':', sections[path][user_or_group]

def listperms(path, user, group, input_file_name):
  sections = getsections(input_file_name)
  del sections['groups']
  if user != None:
    print 'Authorizations granted to user', user
    print '------------------------------', '-' * len(user)
    printperms(sections, user)
  if group != None:
    print 'Authorizations granted to group', group
    print '-------------------------------', '-' * len(group)
    printperms(sections, '@' + group)
  if path != None:
    print 'Access permissions on', path
    print '---------------------', '-' * len(path)
    if sections.has_key(path) == True:
      for user_or_group in sections[path]:
        print 'On', path, sections[path][user_or_group], 'by', user_or_group
    else:
      #Here path need to be matched from left
      pass
      

if len(sys.argv) < 2:
  help()
  sys.exit(1)

options = getopt.getopt(sys.argv[2:], 'i:o:', ['user=', 'group=', 'path=', 'perms='])
input_file_name=None
output_file_name=None
group=None
user=None
path=None
perms=None

for i in options[0]:
  if i[0] == '-i':
    input_file_name = i[1]
  if i[0] == '-o':
    output_file_name = i[1]
  if i[0] == '--group':
    group = i[1]
  if i[0] == '--user':
    user = i[1]
  if i[0] == '--path':
    path = i[1]
  if i[0] == '--perms':
    perms = i[1]
if sys.argv[1]=='list-users':
  listusers(input_file_name)
elif sys.argv[1]=='list-groups':
  listgroups(input_file_name)
elif sys.argv[1]=='add-group':
  addgroup(group, input_file_name, output_file_name)
elif sys.argv[1]=='add-user-to-group':
  addusertogroup(user, group, input_file_name, output_file_name)
elif sys.argv[1]=='delete-user-from-group':
  deleteuserfromgroup(user, group, input_file_name, output_file_name)
elif sys.argv[1]=='grant-perms':
  grantperms(path, perms, user, group, input_file_name, output_file_name)
elif sys.argv[1]=='delete-perms':
  deleteperms(path, user, group, input_file_name, output_file_name)
elif sys.argv[1]=='list-perms':
  listperms(path, user, group, input_file_name)
elif sys.argv[1]=='delete-group':
  deletegroup(group, input_file_name, output_file_name)
elif sys.argv[1]=='delete-user':
  deleteuser(user, input_file_name, output_file_name)

---------------------------------------------------------------------
To unsubscribe, e-mail: dev-unsubscribe@subversion.tigris.org
For additional commands, e-mail: dev-help@subversion.tigris.org
Received on Mon Dec 19 06:38:40 2005

This is an archived mail posted to the Subversion Dev mailing list.

This site is subject to the Apache Privacy Policy and the Apache Public Forum Archive Policy.