1# coding: utf-8
2
3# users.py - functions for validating the user to change information for
4#
5# Copyright (C) 2013-2019 Arthur de Jong
6#
7# This library is free software; you can redistribute it and/or
8# modify it under the terms of the GNU Lesser General Public
9# License as published by the Free Software Foundation; either
10# version 2.1 of the License, or (at your option) any later version.
11#
12# This library is distributed in the hope that it will be useful,
13# but WITHOUT ANY WARRANTY; without even the implied warranty of
14# MERCHANTABILITY or FITNESS FOR A PARTICULAR PURPOSE.  See the GNU
15# Lesser General Public License for more details.
16#
17# You should have received a copy of the GNU Lesser General Public
18# License along with this library; if not, write to the Free Software
19# Foundation, Inc., 51 Franklin Street, Fifth Floor, Boston, MA
20# 02110-1301 USA
21
22import getpass
23import os
24import pwd
25import sys
26
27
28class User(object):
29
30    def __init__(self, username):
31        self.myuid = os.getuid()
32        if username:
33            userinfo = pwd.getpwnam(username)
34        else:
35            self.asroot = False
36            userinfo = pwd.getpwuid(self.myuid)
37        (self.username, self.password, self.uid, self.gid, self.gecos,
38            self.homedir, self.shell) = userinfo
39        # if we are trying to modify another user we should be root
40        self.asroot = self.myuid != self.uid
41
42    def check(self):
43        """Check whether we can modify the user.
44
45        Check if the user is an LDAP user and whether we may modify the user
46        information.
47        """
48        if self.asroot and self.myuid != 0:
49            print("%s: you may not modify user '%s'.\n" %
50                  (sys.argv[0], self.username))
51            sys.exit(1)
52        # FIXME: check if the user is an LDAP user
53
54    def get_passwd(self):
55        """Ask and return a password that is required to change the user."""
56        # FIXME: only ask the password if we require it
57        # (e.g. when root and nslcd has userpwmoddn we don't need to)
58        return getpass.getpass(
59            'LDAP administrator password: '
60            if self.asroot else
61            'LDAP password for %s: ' % self.username)
62        # FIXME: check if the provided password is valid
63