#!/usr/bin/env python # mkapachepw.py # Generate Apache-Compatible Password And Group Files # From Unix System Passwords And Groups. # # Copyright (c) 2005 TundraWare Inc. All Rights Reserved. # For Updates See: http://www.tundraware.com/Software/mkapachepw # Program Information PROGNAME = "mkapachepw" RCSID = "$Id: mkapachepw.py,v 1.110 2005/04/05 20:43:44 root Exp $" VERSION = RCSID.split()[2] # Copyright Information CPRT = "(c)" DATE = "2005" OWNER = "TundraWare Inc." RIGHTS = "All Rights Reserved" COPYRIGHT = "Copyright %s %s %s %s. " % (CPRT, DATE, OWNER, RIGHTS) #----------------------------------------------------------# # Variables User Might Change # #----------------------------------------------------------# GRFILE = "./.htgroups" # Group output file PWFILE = "./.htpasswords" # Password output file STARTUID = 100 # User IDs below this ignored STARTGID = 100 # Group IDS below this ignored #------------------- Nothing Below Here Should Need Changing ------------------# #----------------------------------------------------------# # Imports # #----------------------------------------------------------# import getopt import grp import os import pwd from socket import getfqdn import sys import time #----------------------------------------------------------# # Aliases & Redefinitions # #----------------------------------------------------------# #----------------------------------------------------------# # Constants & Literals # #----------------------------------------------------------# ##### # Constants ##### ##### # Literals ##### TIMESTAMP = "# Created By %s %s On %s At %s\n" % (PROGNAME, VERSION, getfqdn(), time.asctime()) CMDLINE = "# Command Line: %s\n" % " ".join(sys.argv) #----------------------------------------------------------# # Prompts, & Application Strings # #----------------------------------------------------------# ##### # Error Messages ##### eERROR = "ERROR" ##### # Informational Messages ##### ##### # Usage Prompts ##### uTable = [PROGNAME + " " + VERSION + " - %s\n" % COPYRIGHT, "usage: " + PROGNAME + " [-GUfghuv] where,\n", " -G list of groups to include (+group) or exclude (-group) (default: none)", " -U list of users to include (+user) or exclude (-user) (default: none)", " -g # smallest GID to include in output (default: 100)", " -h print this help information", " -u # smallest UID to include in output (default: 100)", " -v print detailed version information", ] #----------------------------------------------------------# # Global Variables & Data Structures # #----------------------------------------------------------# groups = {} # Place to store group information users = {} # Place to store user information #--------------------------- Code Begins Here ---------------------------------# #----------------------------------------------------------# # Object Base Class Definitions # #----------------------------------------------------------# #----------------------------------------------------------# # Supporting Function Definitions # #----------------------------------------------------------# ##### # Print An Error Message ##### def ErrorMsg(emsg): print PROGNAME + " " + VERSION + " " + eERROR + ": " + emsg # End of 'ErrorMsg()' ##### # Print Usage Information ##### def Usage(): for line in uTable: print line # End of 'Usage()' ##### # Process An Enumerated List Of Groups/Users To Include Or Exclude. # # The 'items' argument must be a string with the names or numbers to # process, with a '-' or '+' prepended to indicate Delete or Add, # respectively. ##### def ProcessEnumeratedList(items, master, lookup, name): for item in items.split(): orig = item # Verify argument is in correct format and determine type of # operation desired. if item[0] == '-': additem = False elif item[0] == '+': additem = True else: ErrorMsg("'%s' Must Be Prefixed With '+' or '-' To Indicate Desired Action." % item) sys.exit(2) item = item[1:] # We just need the item Name/ID portion # Convert GIDs and UIDs to names first try: item = int(item) # Handle the case where the ID does not exist try: item = lookup(item)[0] except: ErrorMsg("'%s' Is An Invalid %s ID." % (orig[1:], name)) sys.exit(2) # If not, assume it is a name and look it up except ValueError: # Make sure it even exists if item not in master: ErrorMsg("'%s' Is An Invalid %s Name." % (item, name)) sys.exit(2) # Do the actual in/exclusion # Include if additem: master[item][2] = True # Mark entry as protected # Exclude else: del master[item] # End of 'ProcessEnumeratedList(()' #----------------------------------------------------------# # Program Entry Point # #----------------------------------------------------------# ##### # Build An Internal List Of Groups And Users Before Doing Anything Else. # Command Line Parsing May Need This Information. ##### Protected = False ##### # Build List Of Groups ##### for group in grp.getgrall(): gname, gpw, gid, gmembers = group[:4] groups[gname] = [gid, [], Protected] for member in gmembers: groups[gname][1].append(member) ##### # Build A List Of Users ##### for user in pwd.getpwall(): uname, pw, uid, gid = user[:4] gname = grp.getgrgid(gid)[0] users[uname] = [uid, pw, Protected] if uname not in groups[gname][1]: groups[gname][1].append(uname) ##### # Command line processing - Process any options set in the # environment first, and then those given on the command line ##### OPTIONS = sys.argv[1:] envopt = os.getenv(PROGNAME.upper()) if envopt: OPTIONS = envopt.split() + OPTIONS try: opts, args = getopt.getopt(OPTIONS, '-G:U:g:hu:v') except getopt.GetoptError: Usage() sys.exit(1) for opt, val in opts: if opt == "-G": ProcessEnumeratedList(val, groups, grp.getgrgid, "Group") if opt == "-U": ProcessEnumeratedList(val, users, pwd.getpwuid, "User") if opt == "-g": try: STARTGID=int(val) except: ErrorMsg("Invalid Starting GID, '%s' - Must Be An Integer Value." % val) sys.exit(1) if opt == "-h": Usage() sys.exit(0) if opt == "-u": try: STARTUID=int(val) except: ErrorMsg("Invalid Starting UID '%s' - Must Be An Integer Value." % val) sys.exit(1) if opt == "-v": print RCSID sys.exit(0) # This command line accepts no args if args: Usage() sys.exit(1) ##### # Write Out The Files ##### # Files Should Be Read-Only os.umask(0377) # Group File grfile = open(GRFILE, "w") grfile.write(TIMESTAMP) grfile.write(CMDLINE) # Write out groups if they are either protected or >= specified starting ID gnames = groups.keys() gnames.sort() for gname in gnames: if (groups[gname][2]) or (groups[gname][0] >= STARTGID): grfile.write("%s: %s\n" % (gname, " ".join(groups[gname][1]))) grfile.close() # Password File pwfile = open(PWFILE, "w") pwfile.write(TIMESTAMP) pwfile.write(CMDLINE) # Write out users if they are either protected or >= specified starting ID # Unless explicitly protected, any account that has '*' as a password # (thus indicating it does not support login), will be suppressed. unames = users.keys() unames.sort() for uname in unames: if (users[uname][2]) or ((users[uname][0] >= STARTUID) and (users[uname][1] != '*')): pwfile.write("%s:%s\n" % (uname, users[uname][1])) pwfile.close()