Showing posts with label Python. Show all posts
Showing posts with label Python. Show all posts

Saturday, October 20, 2007

Python Scripting Tutorial, Part two

Here is my second part of the hands on tutorial on basic python script. It works in an interactive mode just like adduser on a linux system, only
it sets a very strong random password (using a little utility called pwgen - you can install it from /usr/ports/sysutils/pwgen2) for the user, gives you
the ability of making a system user, a ftp user or both. My pure-ftpd is based on MySQL table auth. It also makes a public_html for the user and
build a virtual host for the user. Check the script out because I think it is pretty straightforward. Tweak it a bit so you can use it as your own.
On the next tutorial we'll the users a mail with the password and also add them to an LDAP directory.
PS: I'm aware that some things could be done more easily by using hefty tricks, but hey, I aimed for easy understanding.



#/usr/local/bin/python

import os
import getopt
import sys
import MySQLdb

# Where should i write the vhost details?
VHOSTS_CONFIG = "/usr/local/etc/apache22/extra/httpd-vhosts.conf"

# Init the variables
user_flag = -1
ftp_flag = -1

# MySQL authentification variables
mysql_user = "user"
mysql_pass = "password"
mysql_host = "localhost"
mysql_database = "pureftpd"

# The usage() function that gets used when we call the script with the -h option
def usage():
print """
Usage: sudo python create_python.py : create a user in the system.
You can create a ftp user only, a system user or both.
It also adds the corresponding vhost to the configuration and builds the
home directory. If run with no arguments it will go into interactive mode.

create_user.py [-h]

-h print this help
"""

# Parse the command line arguments
# Basicly this looks for the -h argument only but could be
# easily extended to something else

o, a = getopt.getopt(sys.argv[1:], 'h')
opts = {}
for k,v in o:
opts[k] = v
if opts.has_key('-h'):
usage();
sys.exit(0)

# Check to see if we're running as superuser
uid = `os.getuid()`
if uid != "0":
print "You must be superuser in order to run this program"
sys.exit(1)

# Make a system user?
user_input = raw_input("Do you want to add a system user [n/Y]: ")
if user_input.lower() == "y":
user_flag = 1
if user_input.lower() == "n":
user_flag = 0
else:
user_flag = 1

# Make a ftp user?
ftp_input = raw_input("Do you want to add a ftp user [n/Y]: ")
if ftp_input.lower() == "y":
ftp_flag = 1
if ftp_input.lower() == "n":
ftp_flag = 0
else:
ftp_flag = 1

# If you do not want a system user or a ftp user then ... you don't want anything
if ftp_flag == 0 and user_flag == 0:
print "Come back when you know what you want"
sys.exit()

# How do you want to name your user?
user_name = raw_input("Username: ")

# Try to figure out the shell or input another shell
# something like /usr/local/bin/rssh
if user_flag == 1:
user_shell = raw_input("Shell [/usr/local/bin/bash]: ")
# Make /usr/local/bin/bash the default shell if the user presses enter
if user_shell == "":
user_shell = "/usr/local/bin/bash"

# Basicly we have to types of accounts
# Those that are the system users with ssh account and those with only ftp access
# System users have the /home/user directory
# whilst the ftp users have /home/ftpusers/user

if user_flag == 1:
home = "/home/" + user_name
else:
home = "/home/ftpusers/" + user_name

# But if you want you can input another directory as the home directory
# We are making this script a little more interactive
home_dir = raw_input("Home directory [" + home + "]: ")
if home_dir == "":
home_dir = home

# We generate a new random password. This is based on the pwgen port
# Please install it before if you don't have it:
# cd /usr/ports/sysutils/pwgen2 && sudo make search install
newpassword = os.popen("pwgen -s -n -B -c 12 1").readline().split()[-1]
if user_flag == 1:
# Add the new user using the randomly generated password earlier
# This command enters:
# echo pass | pw user add -d /home/user -m -s /usr/local/bin/bash -n user -g users -h 0
# -d - home directory
# -m - builds the home directory if it doesn't exist
# -s - the shell to user
# -n - the name of the user
# -g - the original group for the user
# -h 0 - get the password from stdin
cmd = "echo " + newpassword + " | pw user add -d " + home_dir + " -m -s " + user_shell + " -n " + user_name + " -g users -h 0"
os.system(cmd)
# Save the new password somewhere as you don't want an inactive account or manually input another pasword
f = open("/root/accounts", "a+")
line = user_name + " " + newpassword + " " + `user_flag` + " " + `ftp_flag` + "\n"
f.write(line)
f.close()
print "Details have been saved to /root/accounts. Please mail the information to the user and then delete the file"
# Make the /home/user/public_html directory so the user can have his own web server
# at the http://host/~user address
os.mkdir(home_dir + "/public_html")
# Change the vhost configuration to a new entry so
# http://host/~user is mapped as http://user.host/
# This is much more professional in my opinion
f = open(VHOSTS_CONFIG, "a")
vhost = """<VirtualHost *:80>
ServerAdmin email@mail.com
DocumentRoot """ + home_dir + """/public_html
ServerName """ + user_name + """.host
ErrorLog /var/log/httpd/""" + user_name + """-error_log
CustomLog /var/log/httpd/""" + user_name + """-access_log combined
</VirtualHost>
"""
f.write(vhost)
f.close()
# Restart the Apache Webserver
os.system("apachectl graceful")
# For the ftp users only you should manage their accounts using the system account ftpusers
if user_flag == 0 and ftp_flag == 1:
group = "ftpusers"
uid = "ftpusers"
else:
uid = user_name
group = "users"
# Add the ftp user to the existing MySQL table (I do MySQL auth to my ftp server)
# with the same use
so if you give ftp access to a system user he can login with
# the same password
You should only give a user access to the system with no ftp
# access if you want him to make transactions
only with ssh (through scp)
if ftp_flag == 1:
# Open the MySQL database
db = MySQLdb.connect(mysql_host,mysql_user,mysql_pass,mysql_database)
# Make a cursor (a pointer to that database)
cursor = db.cursor()
# Execute an insert query
cursor.execute("INSERT INTO `pureftpd`.`users` (`User`, `Password`, `Uid`, `Gid`, `Dir`, `QuotaSize`) VALUES (\'%s', MD5(\'%s\'), \'%s\', \'%s\', \'%s\', \'%s\');" % (user_name,newpassword,uid,group,home_dir,100))
cursor.close()
if ftp_flag == 1 and user_flag == 0:
os.mkdir(home_dir)


Powered by ScribeFire.

Friday, October 5, 2007

Python Scripting Tutorial, Part one

Introduction

Python is a great tool to work with. I like the fact that I can accomplish all sorts of tasks, from socket programming to web development to GUI) in just one language. Python has an incredible standard library, it is very readable and I found it to be very fast. I prefer it over BASH because it seems I just can make the damn thing work.

In this series, we'll first start on with some very simple scripts and then move on, developing on those and adding more features. This is a hands-on tutorial, because you have to write the code and try to understand it. As I always comment my code excessively when writing tutorials, I won't explain the same thing twice.

In this part you will learn how to:
  • find out if a program is running by searching for its pid
  • get simple command line arguments
  • learn what a list is and how to access it
Scenario

As you may already know, I have moved my sshd port to 8722 on my servers (they are all in sync). Also, I use only public/private keys for authentification using ssh-agent and ssh-add. I found it very cumbersome that everytime I want to ssh to see if ssh-agent is already running, then if it's not, ssh-add the key, and type that long command. Here is the command that I actually type to get into one of my hosts:

ssh rsavu@host1 -p 8722

The problem is I don't have any short hosts like host1 in /etc/hosts and I just want to make a script that automates this task (okay, admit I need it just for the sake of argument).

What should the script do? Well, if it receives an argument (user@host is necessary) it should connect to that host using the port 8722. If it doesn't receive any arguments it should print a menu with known hosts.

What to improve on in the next parts

  • check if the format of the first argument is user@host
  • read hosts from /etc/hosts
  • read all other options from a configuration file that can be thrown through a command line argument or be a predefined one
  • suppressing any warnings
The script

#!/usr/bin/python
"""
That thing above is called a shabang line for anyone that did not know that
It instructs the shell what interpreter should be used for the following
lines of code
"""

"""
These are the libraries we are going to work with.
"""
import sys
import os
"""
The main function
"""
def main(argv):
# First let's find out if ssh-agent is working
pid = os.system("pidof -s ssh-agent")
if pid == 256:
os.system("ssh-agent")
os.system("ssh-add")
# Let's see how many arguments we have
argc = len(argv)
# Test if we don't have any argument
if argc == 1:
# This is a list
knownHosts = ["user@host1", "user@host2"]
printTable(knownHosts)
# Request some input from the user and transform it in an integer
option = int(raw_input("Choose an option: "))
remoteHost = knownHosts[option-1]
elif argc == 2:
remoteHost = argv[1]
cmd = 'ssh ' + remoteHost + ' -p 8722'
print cmd

"""
Prints a table with know hosts
"""
def printTable(knownHosts):
i = 1
for host in knownHosts:
# In the next line the statement `i` makes us able concat a string and int
print `i` + ". " + host
i = i+1

"""
This basically means that if this file is ran independently and not included
in any other file it should call function main with that argument.
More on this another time
"""
if __name__ == '__main__':
main(sys.argv[0:])