Validating user & group names prior to system call and wait() on proc spawned with pexpect.
diff --git a/userman.py b/userman.py
index 6109582..033d3d1 100755
--- a/userman.py
+++ b/userman.py
@@ -25,7 +25,8 @@
Object Path > /org/openbmc/UserManager/Groups
Interface:Method > org.openbmc.Enrol.GroupAddSys string:"groupname"
Interface:Method > org.openbmc.Enrol.GroupAddUsr string:"groupname"
- Interface:Method > org.openbmc.Enrol.GroupList
+ Interface:Method > org.openbmc.Enrol.GroupListUsr
+ Interface:Method > org.openbmc.Enrol.GroupListSys
Object Path > /org/openbmc/UserManager/Group
Interface:Method > org.openbmc.Enrol.GroupDel string:"groupname"
Object Path > /org/openbmc/UserManager/Users
@@ -60,16 +61,26 @@
@dbus.service.method(INTF_NAME, "s", "x")
def GroupAddUsr (self, groupname):
+ if not groupname : return 1
+
+ groups = self.GroupListAll ()
+ if groupname in groups: return 1
+
r = call (["addgroup", groupname])
return r
@dbus.service.method(INTF_NAME, "s", "x")
def GroupAddSys (self, groupname):
+ if not groupname : return 1
+
+ groups = self.GroupListAll ()
+ if groupname in groups: return 1
+
r = call (["addgroup", "-S", groupname])
return 0
@dbus.service.method(INTF_NAME, "", "as")
- def GroupList (self):
+ def GroupListUsr (self):
groupList = []
with open("/etc/group", "r") as f:
for grent in f:
@@ -78,6 +89,23 @@
groupList.append(groupParams[0])
return groupList
+ @dbus.service.method(INTF_NAME, "", "as")
+ def GroupListSys (self):
+ groupList = []
+ with open("/etc/group", "r") as f:
+ for grent in f:
+ groupParams = grent.split (":")
+ if (int(groupParams[2]) > 100 and int(groupParams[2]) < 1000): groupList.append(groupParams[0])
+ return groupList
+
+ def GroupListAll (self):
+ groupList = []
+ with open("/etc/group", "r") as f:
+ for grent in f:
+ groupParams = grent.split (":")
+ groupList.append(groupParams[0])
+ return groupList
+
class UserManGroup (dbus.service.Object):
def __init__(self, bus, name):
self.bus = bus
@@ -93,6 +121,11 @@
@dbus.service.method(INTF_NAME, "", "x")
def GroupDel (self, groupname):
+ if not groupname : return 1
+
+ groups = Groupsobj.GroupListAll ()
+ if groupname not in groups: return 1
+
r = call (["delgroup", groupname])
return r
@@ -111,40 +144,32 @@
@dbus.service.method(INTF_NAME, "ssss", "x")
def UserAdd (self, gecos, username, groupname, passwd):
+ if not username: return 1
+
+ users = self.UserList ()
+ if username in users : return 1
+
if groupname:
- cmd = "adduser " + " -g " + gecos + " -G ", groupname + " " + username
+ groups = Groupsobj.GroupListAll ()
+ if groupname not in groups: return 1
+
+ opts = ""
+ if gecos: opts = " -g " + '"' + gecos + '"'
+
+ if groupname:
+ cmd = "adduser " + opts + " " + " -G " + groupname + " " + username
else:
- cmd = "adduser " + " -g " + gecos + username
+ cmd = "adduser " + opts + " " + username
proc = pexpect.spawn (cmd)
- proc.expect ("[New password: ]")
+ proc.expect (['New password: ', 'Retype password: '])
proc.sendline (passwd)
- proc.expect ("[Retype password: ]")
+ proc.expect (['New password: ', 'Retype password: '])
proc.sendline (passwd)
+
+ proc.wait()
return 0
-
-# if groupname:
-# proc = subprocess.Popen(['adduser', "-g", gecos, "-G", groupname, username], shell=False, stdin=subprocess.PIPE, stdout=subprocess.PIPE, stderr=subprocess.PIPE, bufsize=1)
-# else:
-# proc = subprocess.Popen(['adduser', "-g", gecos, username], shell=False, stdin=subprocess.PIPE, stdout=subprocess.PIPE, stderr=subprocess.PIPE, bufsize=1)
-#
-# with proc.stdout:
-# for prompt in iter(proc.stdout.readline, b''):
-# proc.stdin.write(passwd)
-#
-# return 0
-
-# proc = subprocess.Popen(['passwd', username], shell=False, stdin=subprocess.PIPE, stdout=subprocess.PIPE, stderr=subprocess.PIPE)
-# out,err = proc.communicate(passwd)
-# out,err = proc.communicate(passwd)
-# proc.stdin.write(passwd)
-# proc.stdin.write(passwd)
-# if (not err): return 0
-# print out
-# print err
-# return 0
-
@dbus.service.method(INTF_NAME, "", "as")
def UserList (self):
userList = []
@@ -170,20 +195,41 @@
@dbus.service.method(INTF_NAME, "s", "x")
def UserDel (self, username):
+ if not username : return 1
+
+ users = Usersobj.UserList ()
+ if username not in users : return 1
+
r = call (["deluser", username])
return r
@dbus.service.method(INTF_NAME, "ss", "x")
def Passwd (self, username, passwd):
- r = call (["echo", "-e", passwd, "passwd", username])
- return r
+ if not username : return 1
+
+ users = self.UserList ()
+ if username not in users : return 1
+ cmd = "passwd" + " " + username
+ proc = pexpect.spawn (cmd)
+ proc.expect (['New password: ', 'Retype password: '])
+ proc.sendline (passwd)
+ proc.expect (['New password: ', 'Retype password: '])
+ proc.sendline (passwd)
+
+ proc.wait()
+ return r
def main():
dbus.mainloop.glib.DBusGMainLoop(set_as_default=True)
bus = dbus.SystemBus()
name = dbus.service.BusName(DBUS_NAME, bus)
+ global Groupsobj
+ global Groupobj
+ global Usersobj
+ global Userobj
+
Groupsobj = UserManGroups (bus, OBJ_NAME_GROUPS)
Groupobj = UserManGroup (bus, OBJ_NAME_GROUP)
Usersobj = UserManUsers (bus, OBJ_NAME_USERS)