[checkmk-commits] Check_MK Git: check_mk: Preventing creation of users which are only found in htpasswd (-> hidden from WATO)

Module: check_mk Branch: master Commit: 49c48b609aa0c21b1f9d486409ff0739a1c6f6e6 URL: http://git.mathias-kettner.de/git/?p=check_mk.git;a=commit;h=49c48b609aa0c2… Author: Lars Michelsen <lm(a)mathias-kettner.de> Date: Mon Apr 16 10:34:47 2012 +0200 Preventing creation of users which are only found in htpasswd (-> hidden from WATO) --- web/htdocs/wato.py | 57 +++++++++++++++++++++++++++++++-------------------- 1 files changed, 35 insertions(+), 22 deletions(-) diff --git a/web/htdocs/wato.py b/web/htdocs/wato.py index 57fdd2b..f8f7ff3 100644 --- a/web/htdocs/wato.py +++ b/web/htdocs/wato.py @@ -6815,7 +6815,7 @@ def mode_edit_user(phase): return "users" id = html.var("userid").strip() - if new and id in users: + if new and (id in users or in_htpasswd(id)): raise MKUserError("userid", _("This username is already being used by another user.")) if not re.match("^[-a-z0-9A-Z_\.]+$", id): raise MKUserError("userid", _("The username must consist only of letters, digit and the underscore.")) @@ -7139,6 +7139,27 @@ def mode_edit_user(phase): html.hidden_fields() html.end_form() +def load_htpasswd(): + users = {} + filename = defaults.htpasswd_file + if os.path.exists(filename): + for line in file(filename): + id, password = line.strip().split(":")[:2] + if password.startswith("!"): + locked = True + password = password[1:] + else: + locked = False + + users[id] = { + 'password': password, + 'locked': locked, + } + return users + +def in_htpasswd(id): + return id in load_htpasswd() + def load_users(): # First load monitoring contacts from Check_MK's world filename = root_dir + "contacts.mk" @@ -7195,27 +7216,19 @@ def load_users(): # they are getting according to the multisite old-style # configuration variables. - filename = defaults.htpasswd_file - if os.path.exists(filename): - for line in file(filename): - id, password = line.strip().split(":")[:2] - if password.startswith("!"): - locked = True - password = password[1:] - else: - locked = False - if id in result: - result[id]["password"] = password - result[id]["locked"] = locked - elif wato_create_users_from_htpasswd: - # Create entry if this is an admin user - new_user = { - "roles" : config.roles_of_user(id), - "password" : password, - "locked" : False - } - result[id] = new_user - # Other unknown entries will silently be dropped. Sorry... + for id, user in load_htpasswd().items(): + if id in result: + result[id]["password"] = user['password'] + result[id]["locked"] = user['locked'] + elif config.wato_create_users_from_htpasswd: + # Create entry if this is an admin user + new_user = { + "roles" : config.roles_of_user(id), + "password" : user['password'], + "locked" : False + } + result[id] = new_user + # Other unknown entries will silently be dropped. Sorry... # Now read the automation secrets and add them to existing # users or create new users automatically