Add blocked check

c2c82598 · Sven Mäder · 989b6353 · c2c82598
Commit c2c82598 authored 6 years ago by Sven Mäder
--- a/bin/check-home-permissions.py
+++ b/bin/check-home-permissions.py
@@ -22,6 +22,9 @@ bad_home_directory = []
 no_ldap_user = []
 bad_nis_map = []
 no_nis_map = []
+no_blocked = []
+not_closed = []
+not_open = []


 class Home(object):
@@ -63,13 +66,20 @@ class Home(object):

 def search_ldap():
    ldap = dphysldap.Ldap()
-    ldap_users = dphysldap.Users(ldap, ['uid', 'uidNumber', 'gidNumber', 'homeDirectory'])
+    ldap_users = dphysldap.Users(ldap, ['uid', 'uidNumber', 'gidNumber', 'homeDirectory', 'blocked'])
    entries = dphysldap.Entries(ldap, ['cn', 'nisMapEntry'])
    auto_home = 'nisMapName=auto.home,ou=automount,dc=phys,dc=ethz,dc=ch'

    ldap_users.search('*')
    for user in ldap_users:
-        users[user['uid'][0]] = user['homeDirectory'][0]
+        user_attrs = {}
+        user_attrs['homeDirectory'] = user['homeDirectory'][0]
+        if user['blocked']:
+            user_attrs['blocked'] = user['blocked'][0]
+        else:
+            no_blocked.append(user['uid'][0])
+            user_attrs['blocked'] = 'no'
+        users[user['uid'][0]] = user_attrs

    entries.search('cn: *, nisMapEntry: phd-home*', ['nisObject'], base=auto_home)
    for entry in entries:
@@ -104,8 +114,14 @@ def check_homes(top):
            acl.append(home)

        if home.name in users:
-            if users[home.name][6:] != home.name:
-                bad_home_directory.append(': '.join([home.name, users[home.name]]))
+            if users[home.name]['homeDirectory'][6:] != home.name:
+                bad_home_directory.append(': '.join([home.name, users[home.name]['homeDirectory']]))
+            if users[home.name]['blocked'] == 'yes':
+                if home.st.st_mode != stat.S_IFDIR:
+                    not_closed.append(home)
+            else:
+                if home.st.st_mode != stat.S_IFDIR | stat.S_IRUSR | stat.S_IWUSR | stat.S_IXUSR:
+                    not_open.append(home)
            del users[home.name]
        else:
            no_ldap_user.append(home)
@@ -166,6 +182,9 @@ if __name__ == '__main__':

    print('home dirs:            ' + str(home_dirs))
    print('strange ldap users:   ' + str(len(users)))
+    print('no blocked attr:      ' + str(len(no_blocked)))
+    print('home not closed:      ' + str(len(not_closed)))
+    print('home not open:        ' + str(len(not_open)))
    print('orphaned nis homes:   ' + str(len(nis_homes)))
    print('orphaned nis shares:  ' + str(len(nis_shares)))
    print('bad homeDirectory:    ' + str(len(bad_home_directory)))
@@ -201,7 +220,28 @@ if __name__ == '__main__':
        print('strange ldap users:')
        print('-------------------')
        for k, v in users.items():
-            print(': '.join([k, v]))
+            print(''.join([k, ': ', 'blocked=', v['blocked'], ' ', 'homeDirectory=', v['homeDirectory']]))
+        print()
+
+    if no_blocked:
+        print('no blocked attr:')
+        print('----------------')
+        for home in no_blocked:
+            print(home)
+        print()
+
+    if not_closed:
+        print('home not closed:')
+        print('----------------')
+        for home in not_closed:
+            print(home)
+        print()
+
+    if not_open:
+        print('home not open:')
+        print('-------------')
+        for home in not_open:
+            print(home)
        print()

    if nis_homes: