Hi Darix,
Thanks for the info.
Anyway completed most of the functionality before even knowing this
information.
Attaching the new prog in case useful.
With regards
Kamesh Jayachandran
Marcus Rueckert wrote:
> hi,
>
> http://only.mawhrin.net/~mss/thingies/authz/
>
> you know that?
> and there are 1 or 2 other out there but i forgot the names.
>
> darix
>
>
#!/usr/bin/python
import getopt
import sys
import time
def help():
print 'Usage:'
print sys.argv[0], 'list-users -i /path/to/AuthUserFile'
print 'Lists the users in the AuthUserFile.'
print sys.argv[0], 'list-groups -i /path/to/AuthUserFile'
print 'Lists the groups in the AuthUserFile.'
print sys.argv[0], 'add-group -i /path/to/AuthUserFile -o /path/to/AuthUserFile --group=group_name_to_add'
print 'Adds the group to the AuthUserFile.'
print sys.argv[0], 'delete-user --user=username_to_delete -i /path/to/AuthUserFile -o /path/to/AuthUserFile'
print 'Removes the user from all the groups he belongs. Removes the permissions the user as on any of the paths.'
print sys.argv[0], 'delete-group --group=group_name_to_delete -i /path/to/AuthUserFile -o /path/to/AuthUserFile'
print 'Removes the group definition and group specific permission on the paths.'
print sys.argv[0], 'add-user-to-group --user=user --group=group -i /path/to/AuthUserFile -o /path/to/AuthUserFile'
print 'Adds the user to the group.'
print sys.argv[0], 'delete-user-from-group --user=user --group=group -i /path/to/AuthUserFile -o /path/to/AuthUserFile'
print 'Removed the user from the group.'
print sys.argv[0], 'grant-perms --path= --users= --groups= --perms -i /path/to/AuthUserFile -o /path/to/AuthUserFile'
print 'Grants the permission on the path to user/group given.'
print sys.argv[0], 'list-perms --path= --users= --groups= -i /path/to/AuthUserFile'
print 'Lists the permission on the path to user/group given.'
def parsesection(lines):
sectionname=lines[0][1:-1]
section={}
previous_line_continued=0
prev_key = None
counter = 0
for i in lines[1:]:
counter = counter + 1
line = i.strip()
if len(line) == 0:
continue
if line[0] == '#':
continue
elif line[0] == '[':
break
fields=[]
if previous_line_continued == 0:
fields = line.split('=')
else:
fields.append(prev_key)
fields.append(line)
if line[-1] == '\\':
previous_line_continued=1
else:
previous_line_continued=0
if len(fields) == 2:
prev_key = fields[0].strip()
if len(fields[1]) > 0:
if fields[1][-1] == '\\':
fields[1] = fields[1][0:-1]
if sectionname == 'groups':
if section.has_key(fields[0]) == False:
section[fields[0].strip()]=[]
valuelist = fields[1].strip().split(',')
if len(valuelist) > 0:
if len(valuelist[-1].strip()) == 0:
valuelist = valuelist[0:-1]
for i in valuelist:
section[fields[0].strip()].append(i.strip())
else:
section[fields[0].strip()]=fields[1].strip()
return counter, sectionname, section
def saveAuthUserFile(sections, output_file_name):
if output_file_name == None:
print 'Please provide the output_file_name'
help()
return 1
max_characters_per_line = 76
outf = file(output_file_name, 'w')
for section in sections:
outf.write('[' + section + ']\n')
for entry in sections[section]:
if section == 'groups':
entrylen = len(entry) + 3
start_entrylen = entrylen
total_entries = len(sections[section][entry])
entry_num = 0
outf.write(entry + ' = ')
for username in sections[section][entry]:
if entrylen == start_entrylen and entry_num !=0:
outf.write(' ' * start_entrylen)
outf.write(username)
if entry_num != total_entries-1:
outf.write(', ')
entrylen = entrylen + len(username) + 2
if entrylen > max_characters_per_line:
outf.write('\\\n')
entrylen = start_entrylen
entry_num = entry_num + 1
else:
outf.write(entry + '=' + sections[section][entry])
outf.write('\n')
outf.write('\n')
outf.close()
def getsections(input_file_name):
f = file(input_file_name)
lines = f.read().split('\n')[0:-1]
total_lines = len(lines)
lines_parsed = 0
f.close()
sectiondict={}
while lines_parsed < total_lines-1:
section_tuple = parsesection(lines[lines_parsed:])
lines_parsed = lines_parsed + section_tuple[0]
sectiondict[section_tuple[1]]=section_tuple[2]
return sectiondict
def listusers(input_file_name):
if input_file_name == None:
print 'To list the users you need to give the AuthUserFile. If you don\'t have such a file start with some commands like add-group etc. '
help()
return 1
userdict={}
sections=getsections(input_file_name)
for i in sections['groups']:
for j in sections['groups'][i]:
if j[0] != '@':
userdict[j]=''
del sections['groups']
for i in sections:
for j in sections[i]:
auth_settings = j.strip()
if len(auth_settings) > 0:
if auth_settings[0] == '@':
#entries starting with is group we don't get the usernames from this entry
continue
userdict[j]=''
if userdict.has_key('*') == True:
del userdict['*']
userdict['Anonymous']=''
userlist = userdict.keys()
userlist.sort()
for i in userlist:
print i
def listgroups(input_file_name):
if input_file_name == None:
print 'To list the groups you need to give the AuthUserFile. If you don\'t have such a file start with some commands like add-group etc. '
help()
return 1
userdict={}
groups=getsections(input_file_name)['groups'].keys()
groups.sort()
for i in groups:
print i
def addgroup(group, input_file_name, output_file_name):
sections = getsections(input_file_name)
if sections.has_key('groups') == False:
sections['groups'] = {}
sections['groups'][group]=[]
saveAuthUserFile(sections, output_file_name)
def addusertogroup(user, group, input_file_name, output_file_name):
sections = getsections(input_file_name)
print sections['groups']
if sections.has_key('groups') == False:
sections['groups'] = {}
else:
if sections['groups'].has_key(group) == False:
sections['groups'][group]=[]
sections['groups'][group].append(user)
saveAuthUserFile(sections, output_file_name)
def deleteuserfromgroup(user, group, input_file_name, output_file_name):
if input_file_name == None:
print 'Please provide the AuthUserFile to read from'
help()
return 1
if output_file_name == None:
print 'Please provide the AuthUserFile to write to'
help()
return 1
if user == None:
print 'Please provide the user to delete from the group'
help()
return 1
if group == None:
print 'Please provide the group to delete the user from'
help()
return 1
sections = getsections(input_file_name)
if sections.has_key('groups') == False:
return 1
elif group != '*':
if sections['groups'].has_key(group) == False:
return 1
if group == '*':
for group in sections['groups']:
index = 0
for i in sections['groups'][group]:
if i == user:
print 'deleting from the group ' + group
del sections['groups'][group][index]
index = index + 1
else:
index = 0
for i in sections['groups'][group]:
if i == user:
del sections['groups'][group][index]
index = index + 1
saveAuthUserFile(sections, output_file_name)
def grantperms(path, perms, user, group, input_file_name, output_file_name):
if input_file_name == None:
print 'Please provide the AuthUserFile to read from'
help()
return 1
if output_file_name == None:
print 'Please provide the AuthUserFile to write to'
help()
return 1
if path == None:
print 'Please provide the path'
help()
return 1
if user == None and group == None:
print 'Please provide the user or group name grant the permission to'
help()
return 1
sections = getsections(input_file_name)
if sections.has_key(path) == False:
sections[path]={}
if user != None:
sections[path][user]=perms
if group != None:
if sections.has_key('groups') == False:
print 'You don\'t seem to have any group create one using add-group.'
return 1
if sections['groups'].has_key(group) == False:
print group + ' does not exist. Create a group using add-group.'
return 1
sections[path]['@' + group]=perms
saveAuthUserFile(sections, output_file_name)
def deleteperms(path, user, group, input_file_name, output_file_name):
if input_file_name == None:
print 'Please provide the AuthUserFile to read from'
help()
return 1
if output_file_name == None:
print 'Please provide the AuthUserFile to write to'
help()
return 1
if path == None:
print 'Please provide the path'
help()
return 1
if user == None and group == None:
print 'Please provide the user or group name delete the permission on', path
help()
return 1
sections = getsections(input_file_name)
if sections.has_key(path) == False:
print 'No explicit permission set for', path
return 1
if user != None:
if sections[path].has_key(user) == True:
del sections[path][user]
else:
print 'You don\'t have permission already set for this user', user, 'on', path
if group != None:
if sections[path].has_key('@' + group) == True:
del sections[path]['@' + group]
else:
print 'You don\'t have permission already set for this group', group, 'on', path
saveAuthUserFile(sections, output_file_name)
def deletegroup(group, input_file_name, output_file_name):
sections = getsections(input_file_name)
if sections.has_key('groups') == False:
print 'There does not seem to be a groups section in the input file name.'
if sections['groups'].has_key(group) == False:
print group + ' does not exist in the groups section.'
else:
del sections['groups'][group]
for section in sections:
if section != 'groups':
deletekeylist=[]
for perm in sections[section]:
if perm == '@' + group:
deletekeylist.append(perm)
for perm in deletekeylist:
del sections[section][perm]
saveAuthUserFile(sections, output_file_name)
print 'Successfully deleted the group ' + group
def deleteuser(user, input_file_name, output_file_name):
sections = getsections(input_file_name)
if sections.has_key('groups') == False:
print 'There does not seem to be a groups section in the input file name.'
else:
for group in sections['groups']:
index = 0
for i in sections['groups'][group]:
if i == user:
del sections['groups'][group][index]
index = index + 1
for section in sections:
if section != 'groups':
deletekeylist=[]
for perm in sections[section]:
if perm == user:
deletekeylist.append(perm)
for perm in deletekeylist:
del sections[section][perm]
saveAuthUserFile(sections, output_file_name)
print 'Successfully deleted the user ' + user
def printperms(sections, user_or_group):
for path in sections:
if sections[path].has_key(user_or_group) == True:
if len(sections[path][user_or_group]) == 0:
print path + ':', 'No Access'
else:
print path + ':', sections[path][user_or_group]
def listperms(path, user, group, input_file_name):
sections = getsections(input_file_name)
del sections['groups']
if user != None:
print 'Authorizations granted to user', user
print '------------------------------', '-' * len(user)
printperms(sections, user)
if group != None:
print 'Authorizations granted to group', group
print '-------------------------------', '-' * len(group)
printperms(sections, '@' + group)
if path != None:
print 'Access permissions on', path
print '---------------------', '-' * len(path)
if sections.has_key(path) == True:
for user_or_group in sections[path]:
print 'On', path, sections[path][user_or_group], 'by', user_or_group
else:
#Here path need to be matched from left
pass
if len(sys.argv) < 2:
help()
sys.exit(1)
options = getopt.getopt(sys.argv[2:], 'i:o:', ['user=', 'group=', 'path=', 'perms='])
input_file_name=None
output_file_name=None
group=None
user=None
path=None
perms=None
for i in options[0]:
if i[0] == '-i':
input_file_name = i[1]
if i[0] == '-o':
output_file_name = i[1]
if i[0] == '--group':
group = i[1]
if i[0] == '--user':
user = i[1]
if i[0] == '--path':
path = i[1]
if i[0] == '--perms':
perms = i[1]
if sys.argv[1]=='list-users':
listusers(input_file_name)
elif sys.argv[1]=='list-groups':
listgroups(input_file_name)
elif sys.argv[1]=='add-group':
addgroup(group, input_file_name, output_file_name)
elif sys.argv[1]=='add-user-to-group':
addusertogroup(user, group, input_file_name, output_file_name)
elif sys.argv[1]=='delete-user-from-group':
deleteuserfromgroup(user, group, input_file_name, output_file_name)
elif sys.argv[1]=='grant-perms':
grantperms(path, perms, user, group, input_file_name, output_file_name)
elif sys.argv[1]=='delete-perms':
deleteperms(path, user, group, input_file_name, output_file_name)
elif sys.argv[1]=='list-perms':
listperms(path, user, group, input_file_name)
elif sys.argv[1]=='delete-group':
deletegroup(group, input_file_name, output_file_name)
elif sys.argv[1]=='delete-user':
deleteuser(user, input_file_name, output_file_name)
---------------------------------------------------------------------
To unsubscribe, e-mail: dev-unsubscribe@subversion.tigris.org
For additional commands, e-mail: dev-help@subversion.tigris.org
Received on Mon Dec 19 06:38:40 2005