#!/bin/python3 # {{ ansible_managed | comment }} '''' This programm is intended to run on the protected servers. It is called by sudo to allow adminstration of users. params are: 1. command: depends on hostname for perfact-login* this will be: create-signatures None renew-pf-verbindungskonfiguration None mail-add-alias --alias targets=comma seperated list of target mails mail-del-alias --alias mail-show-alias --alias mail-show-aliases None mail-show-aliases None mail-show-aliases-for-user --user add-other-mailaccount --mailadress --password del-other-mailaccount --mailadress mail-add-user --user --password --mailaddress --lastname --virtuals (comma separeted list of virtual aliases) *optional mail-del-user --user mail-add-virtual-to-user --user --virtual mail-del-virtual-from-user --user --virtual mail-add-to-alias --alias -- target (userlogin or mail-address) mail-del-from-alias --alias --target (userlogin or mail-address) mail-set-passwd --user --password file-add-user --user --password --lastname --firstname file-del-user --user file-sshkey-create --user --password --comment file-sshkey-show --user file-add-user-to-group --user --group file-del-user-from-group --user --group file-add-goup --group file-del-goup --group file-show-groups-of-user --user file-show-groups None file-show-group --group file-set-passwd --user --password for perfact-mail-* this will be: none yet for perfact-file-* this will be: file-create-home --user for pf-phonehome-2020-prod this will be: phonehome_deluser username for perfact-ema-2022-prod this will be: check-single-secrets None ''' import os import sys import socket import argparse import perfact_useradmin_functions as useradmin def get_choices(): hostname = socket.gethostname() commands_for_host = { 'perfact-login': [ 'create-signatures', 'renew-pf-verbindungskonfiguration', 'mail-add-alias', 'mail-del-alias', 'mail-show-alias', 'mail-show-aliases', 'mail-show-aliases-for-user', 'add-other-mailaccount', 'del-other-mailaccount', 'mail-add-user', 'mail-del-user', 'mail-add-virtual-to-user', 'mail-del-virtual-from-user', 'mail-add-user-to-alias', 'mail-del-user-from-alias', 'mail-set-passwd', 'file-add-user', 'file-del-user', 'file-sshkey-create', 'file-sshkey-show', 'file-add-user-to-group', 'file-del-user-from-group', 'file-show-groups-of-user', 'file-show-groups', 'file-add-group', 'file-del-group', 'file-show-group', 'file-set-passwd', ], 'perfact-mail': [], 'perfact-file': [ 'file-create-home', ], 'pf-phonehome-2020-prod': [ 'phonehome-deluser' ], 'perfact-ema-2022-prod': [ 'check-single-secrets' ] } # tread all -devel, -prod, -localdev the same if hostname.startswith('perfact-login-'): host_gen = 'perfact-login' elif hostname.startswith('perfact-mail-'): host_gen = 'perfact-mail' elif hostname.startswith('perfact-file-'): host_gen = 'perfact-file' else: host_gen = hostname # Check host if host_gen not in commands_for_host: print(f'Host "{hostname}" not in defined hosts.') sys.exit(1) return commands_for_host[host_gen] if __name__ == '__main__': # Exit if not run with sudo if os.geteuid() != 0: print("You need to have root privileges to run this script.") exit("Please run with 'sudo'. Exiting.") # Important: # We disable help here to allow help messages for # individual commands parser = argparse.ArgumentParser( description='perfact useradmin script', add_help=False, ) parser.add_argument( 'command', choices=get_choices(), ) args, leftover_args = parser.parse_known_args() command = args.command command_to_function = { 'create-signatures': useradmin.create_signatures, 'renew-pf-verbindungskonfiguration': useradmin.renew_pf_verbindungskonfiguration, 'mail-add-alias': useradmin.mail_add_alias, 'mail-del-alias': useradmin.mail_del_alias, 'mail-show-alias': useradmin.mail_show_alias, 'mail-show-aliases': useradmin.mail_show_aliases, 'mail-show-aliases-for-user': useradmin.mail_show_aliases_for_user, 'add-other-mailaccount': useradmin.add_other_mailaccount, 'del-other-mailaccount': useradmin.del_other_mailaccount, 'mail-add-user': useradmin.mail_add_user, 'mail-del-user': useradmin.mail_del_user, 'mail-add-virtual-to-user': useradmin.mail_add_virtual_to_user, 'mail-del-virtual-from-user': useradmin.mail_del_virtual_from_user, 'mail-add-user-to-alias': useradmin.mail_add_to_alias, 'mail-del-user-from-alias': useradmin.mail_del_from_alias, 'mail-set-passwd': useradmin.mail_set_passwd, 'file-add-user': useradmin.file_add_user, 'file-del-user': useradmin.file_del_user, 'file-sshkey-create': useradmin.file_sshkey_create, 'file-sshkey-show': useradmin.file_sshkey_show, 'file-add-user-to-group': useradmin.file_add_user_to_group, 'file-del-user-from-group': useradmin.file_del_user_from_group, 'file-add-group': useradmin.file_add_group, 'file-del-group': useradmin.file_del_group, 'file-show-groups-of-user': useradmin.file_show_groups_of_user, 'file-show-groups': useradmin.file_show_groups, 'file-show-group': useradmin.file_show_group, 'file-set-passwd': useradmin.file_set_passwd, 'file-create-home': useradmin.file_create_home, 'phonehome-deluser': useradmin.phonehome_deluser, 'check-single-secrets': useradmin.check_single_secrets, } # Call command command_to_function[command](leftover_args)