Newer
Older
mkapachepw / mkapachepw.py
#!/usr/bin/env python
# mkapachepw.py
# Generate Apache-Compatible Password And Group Files
# From Unix System Passwords And Groups.
#
# Copyright (c) 2005 TundraWare Inc.  All Rights Reserved.
# For Updates See:  http://www.tundraware.com/Software/mkapachepw

# Program Information

PROGNAME = "mkapachepw"
RCSID = "$Id: mkapachepw.py,v 1.110 2005/04/05 20:43:44 root Exp $"
VERSION = RCSID.split()[2]

# Copyright Information

CPRT         = "(c)"
DATE         = "2005"
OWNER        = "TundraWare Inc."
RIGHTS       = "All Rights Reserved"
COPYRIGHT    = "Copyright %s %s %s  %s. " % (CPRT, DATE, OWNER, RIGHTS)


#----------------------------------------------------------#
#            Variables User Might Change                   #
#----------------------------------------------------------#

GRFILE   = "./.htgroups"        # Group output file  
PWFILE   = "./.htpasswords"     # Password output file
STARTUID = 100                  # User IDs below this ignored
STARTGID = 100                  # Group IDS below this ignored



#------------------- Nothing Below Here Should Need Changing ------------------#


#----------------------------------------------------------#
#                       Imports                            #
#----------------------------------------------------------#

import getopt
import grp
import os
import pwd
from socket import getfqdn
import sys
import time


#----------------------------------------------------------#
#                 Aliases & Redefinitions                  #
#----------------------------------------------------------#



#----------------------------------------------------------#
#                Constants & Literals                      #
#----------------------------------------------------------#



#####
# Constants
#####



#####
# Literals
#####

TIMESTAMP = "# Created By %s %s On %s At %s\n" % (PROGNAME, VERSION, getfqdn(), time.asctime())
CMDLINE   = "# Command Line: %s\n" % " ".join(sys.argv)


#----------------------------------------------------------#
#              Prompts, & Application Strings              #
#----------------------------------------------------------#


#####
# Error Messages
#####

eERROR   =  "ERROR"


#####
# Informational Messages
#####


#####
# Usage Prompts
#####

uTable = [PROGNAME + " " + VERSION + " - %s\n" % COPYRIGHT,
          "usage:  " + PROGNAME + " [-GUfghuv] where,\n",
          "          -G       list of groups to include (+group) or exclude (-group) (default: none)",
          "          -U       list of users to include (+user) or exclude (-user) (default: none)",
          "          -g #     smallest GID to include in output (default: 100)",
          "          -h       print this help information",
          "          -u #     smallest UID to include in output (default: 100)",
          "          -v       print detailed version information",
          ]


#----------------------------------------------------------#
#          Global Variables & Data Structures              #
#----------------------------------------------------------#

groups             = {}          # Place to store group information
users              = {}          # Place to store user information


#--------------------------- Code Begins Here ---------------------------------#


#----------------------------------------------------------#
#             Object Base Class Definitions                #
#----------------------------------------------------------#

    

#----------------------------------------------------------#
#             Supporting Function Definitions              #
#----------------------------------------------------------#


#####
# Print An Error Message
#####

def ErrorMsg(emsg):
    print PROGNAME + " " + VERSION + " " + eERROR + ": " + emsg

# End of 'ErrorMsg()'


#####
# Print Usage Information
#####

def Usage():
    for line in uTable:
        print line

# End of 'Usage()'


#####
# Process An Enumerated List Of Groups/Users To Include Or Exclude.
#
# The 'items' argument must be a string with the names or numbers to
# process, with a '-' or '+' prepended to indicate Delete or Add,
# respectively.
#####

def ProcessEnumeratedList(items, master, lookup, name):

    for item in items.split():
        orig = item
        
        # Verify argument is in correct format and determine type of
        # operation desired.

        if item[0] == '-':
            additem = False

        elif item[0] == '+':
            additem = True

        else:
            ErrorMsg("'%s' Must Be Prefixed With '+' or '-' To Indicate Desired Action." % item)
            sys.exit(2)

        item = item[1:]     # We just need the item Name/ID portion

        # Convert GIDs and UIDs to names first
        try:
            item = int(item)

            # Handle the case where the ID does not exist
            try:
                item = lookup(item)[0]

            except:
                ErrorMsg("'%s' Is An Invalid %s ID." % (orig[1:], name))
                sys.exit(2)

        # If not, assume it is a name and look it up
        except ValueError:

            # Make sure it even exists

            if item not in master:
                ErrorMsg("'%s' Is An Invalid %s Name." % (item, name))
                sys.exit(2)

        # Do the actual in/exclusion

        # Include
        if additem:
            master[item][2] = True   # Mark entry as protected

        # Exclude
        else:
            del master[item]

# End of 'ProcessEnumeratedList(()'


#----------------------------------------------------------#
#                    Program Entry Point                   #
#----------------------------------------------------------#


#####
# Build An Internal List Of Groups And Users Before Doing Anything Else.
# Command Line Parsing May Need This Information.
#####

Protected = False

#####
# Build List Of Groups
#####

for group in grp.getgrall():

    gname, gpw, gid, gmembers = group[:4]

    groups[gname] = [gid, [], Protected]
    for member in gmembers:
        groups[gname][1].append(member)

#####
# Build A List Of Users
#####

for user in pwd.getpwall():

    uname, pw, uid, gid = user[:4]
    gname = grp.getgrgid(gid)[0]
    
    users[uname] = [uid, pw, Protected]
    if uname not in groups[gname][1]:
        groups[gname][1].append(uname)


#####
# Command line processing - Process any options set in the
# environment first, and then those given on the command line
#####

OPTIONS = sys.argv[1:]
envopt = os.getenv(PROGNAME.upper())
if envopt:
    OPTIONS = envopt.split() + OPTIONS

try:
    opts, args = getopt.getopt(OPTIONS, '-G:U:g:hu:v')
except getopt.GetoptError:
    Usage()
    sys.exit(1)

for opt, val in opts:
    if opt == "-G":
        ProcessEnumeratedList(val, groups, grp.getgrgid, "Group")
    if opt == "-U":
        ProcessEnumeratedList(val, users, pwd.getpwuid, "User")
    if opt == "-g":
        try:
            STARTGID=int(val)
        except:
            ErrorMsg("Invalid Starting GID, '%s' - Must Be An Integer Value." % val)
            sys.exit(1)
    if opt == "-h":
        Usage()
        sys.exit(0)
    if opt == "-u":
        try:
            STARTUID=int(val)
        except:
            ErrorMsg("Invalid Starting UID '%s' - Must Be An Integer Value." % val)
            sys.exit(1)
    if opt == "-v":
        print RCSID
        sys.exit(0)

# This command line accepts no args

if args:
    Usage()
    sys.exit(1)

#####
# Write Out The Files
#####

# Files Should Be Read-Only

os.umask(0377)

# Group File

grfile = open(GRFILE, "w")
grfile.write(TIMESTAMP)
grfile.write(CMDLINE)

# Write out groups if they are either protected or >= specified starting ID

gnames = groups.keys()
gnames.sort()
for gname in gnames:
    if (groups[gname][2]) or (groups[gname][0] >= STARTGID):
        grfile.write("%s: %s\n" % (gname, " ".join(groups[gname][1])))

grfile.close()

# Password File

pwfile = open(PWFILE, "w")
pwfile.write(TIMESTAMP)
pwfile.write(CMDLINE)

# Write out users if they are either protected or >= specified starting ID
# Unless explicitly protected, any account that has '*' as a password
# (thus indicating it does not support login), will be suppressed.

unames = users.keys()
unames.sort()
for uname in unames:
    if (users[uname][2]) or ((users[uname][0] >= STARTUID) and (users[uname][1] != '*')):
        pwfile.write("%s:%s\n" % (uname, users[uname][1]))

pwfile.close()