GNS3 Docker Images
You can not select more than 25 topics Topics must start with a letter or number, can include dashes ('-') and can be up to 35 characters long.

tac_passwd 4.0KB

123456789101112131415161718192021222324252627282930313233343536373839404142434445464748495051525354555657585960616263646566676869707172737475767778798081828384858687888990919293949596979899100101102103104105106107108109110111112113114115116117118119120121122123124125126127128129130131132133134135136137138139140141142143144145146147148149150151152153154155156157158159160161162163164165166167168169170171172173174175176177
  1. #!/usr/bin/python
  2. #
  3. # passwd / adduser / deluser utility for tacacs password file
  4. #
  5. import os
  6. import sys
  7. import crypt
  8. import getpass
  9. import random
  10. PASSWD_FILE = "/etc/tacacs+/passwd"
  11. app = os.path.basename(sys.argv[0])
  12. def get_enc_passwd():
  13. """
  14. get_enc_passwd - get encrypted password
  15. """
  16. passwd = getpass.getpass('Enter new password: ')
  17. verify = getpass.getpass('Retype new password: ')
  18. if passwd != verify:
  19. sys.stderr.write('{}: sorry, passwords do not match\n'.format(app))
  20. sys.exit(1)
  21. if passwd == '':
  22. sys.stderr.write('{}: sorry, password is empty\n'.format(app))
  23. sys.exit(1)
  24. salt_chars = 'abcdefghijklmnopqrstuvwxyz' \
  25. 'ABCDEFGHIJKLMNOPQRSTUVWXYZ' \
  26. '0123456789' './'
  27. salt = '$6$' + ''.join(random.choice(salt_chars) for i in range(16)) + '$'
  28. enc_passwd = crypt.crypt(passwd, salt)
  29. # if glibc salt style is not supported, fallback to DES
  30. if enc_passwd[2] != '$':
  31. enc_passwd = crypt.crypt(passwd, salt[3:5])
  32. return enc_passwd
  33. def tac_passwd():
  34. """
  35. tac_passwd - set new password
  36. """
  37. if len(sys.argv) != 2:
  38. sys.stderr.write("Usage: {} <user>\n".format(app))
  39. return 2
  40. user = sys.argv[1]
  41. passwd = get_enc_passwd()
  42. # open passwd file
  43. try:
  44. f = open(PASSWD_FILE, "a+")
  45. except (IOError, OSError) as err:
  46. sys.stderr.write("{}: can't open {}: {}\n".format(app, PASSWD_FILE, err))
  47. return 1
  48. # read passwd file
  49. f.seek(0, 0)
  50. lines = f.readlines()
  51. for idx, line in enumerate(lines):
  52. l_user, l_passwd, remain = line.split(':', 2)
  53. if user == l_user:
  54. lines[idx] = ':'.join((user, passwd, remain))
  55. break
  56. else:
  57. sys.stderr.write("{}: user '{}' does not exist\n".format(app, user))
  58. f.close()
  59. return 1
  60. # save passwd file
  61. f.seek(0, 0)
  62. f.truncate()
  63. f.writelines(lines)
  64. f.close()
  65. return 0
  66. def tac_adduser():
  67. """
  68. tac_adduser - add new user
  69. """
  70. if len(sys.argv) != 2:
  71. sys.stderr.write("Usage: {} <user>\n".format(app))
  72. return 2
  73. user = sys.argv[1]
  74. passwd = get_enc_passwd()
  75. # open passwd file
  76. try:
  77. f = open(PASSWD_FILE, "a+")
  78. except (IOError, OSError) as err:
  79. sys.stderr.write("{}: can't open {}: {}\n".format(app, PASSWD_FILE, err))
  80. return 1
  81. # read passwd file
  82. f.seek(0, 0)
  83. lines = f.readlines()
  84. uid_max = 999
  85. for line in lines:
  86. l_user, l_passwd, l_uid, remain = line.split(':', 3)
  87. if user == l_user:
  88. sys.stderr.write("{}: user '{}' already exists\n".format(app, user))
  89. f.close()
  90. return 1
  91. uid = int(l_uid)
  92. if uid_max < uid:
  93. uid_max = uid
  94. # save passwd file
  95. f.seek(0, 2)
  96. f.write(':'.join((user, passwd, str(uid_max+1), str(100), '', '/home/'+user, '/bin/sh')) + "\n")
  97. f.close()
  98. return 0
  99. def tac_deluser():
  100. """
  101. tac_deluser - delete user
  102. """
  103. if len(sys.argv) != 2:
  104. sys.stderr.write("Usage: {} <user>\n".format(app))
  105. return 2
  106. user = sys.argv[1]
  107. # open passwd file
  108. try:
  109. f = open(PASSWD_FILE, "a+")
  110. except (IOError, OSError) as err:
  111. sys.stderr.write("{}: can't open {}: {}\n".format(app, PASSWD_FILE, err))
  112. return 1
  113. # read passwd file
  114. f.seek(0, 0)
  115. lines = f.readlines()
  116. for idx, line in enumerate(lines):
  117. l_user, remain = line.split(':', 1)
  118. if user == l_user:
  119. lines[idx] = ''
  120. break
  121. else:
  122. sys.stderr.write("{}: user '{}' does not exist\n".format(app, user))
  123. f.close()
  124. return 1
  125. # save passwd file
  126. f.seek(0, 0)
  127. f.truncate()
  128. f.writelines(lines)
  129. f.close()
  130. return 0
  131. # main
  132. app_functions = {
  133. 'tac_passwd': tac_passwd,
  134. 'tac_adduser': tac_adduser,
  135. 'tac_deluser': tac_deluser
  136. }
  137. status = 0
  138. if app in app_functions:
  139. status = app_functions[app]()
  140. else:
  141. sys.stderr.write("{}: command not found\n".format(app))
  142. status = 1
  143. sys.exit(status)