summaryrefslogtreecommitdiff
path: root/src/op_mode/show_users.py
diff options
context:
space:
mode:
Diffstat (limited to 'src/op_mode/show_users.py')
-rwxr-xr-xsrc/op_mode/show_users.py111
1 files changed, 111 insertions, 0 deletions
diff --git a/src/op_mode/show_users.py b/src/op_mode/show_users.py
new file mode 100755
index 000000000..8e4f12851
--- /dev/null
+++ b/src/op_mode/show_users.py
@@ -0,0 +1,111 @@
+#!/usr/bin/env python3
+#
+# Copyright (C) 2019 VyOS maintainers and contributors
+#
+# This program is free software; you can redistribute it and/or modify
+# it under the terms of the GNU General Public License version 2 or later as
+# published by the Free Software Foundation.
+#
+# This program is distributed in the hope that it will be useful,
+# but WITHOUT ANY WARRANTY; without even the implied warranty of
+# MERCHANTABILITY or FITNESS FOR A PARTICULAR PURPOSE. See the
+# GNU General Public License for more details.
+#
+# You should have received a copy of the GNU General Public License
+# along with this program. If not, see <http://www.gnu.org/licenses/>.
+import argparse
+import pwd
+import spwd
+import struct
+import sys
+from time import ctime
+
+from tabulate import tabulate
+from vyos.config import Config
+
+
+class UserInfo:
+ def __init__(self, uid, name, user_type, is_locked, login_time, tty, host):
+ self.uid = uid
+ self.name = name
+ self.user_type = user_type
+ self.is_locked = is_locked
+ self.login_time = login_time
+ self.tty = tty
+ self.host = host
+
+
+filters = {
+ 'default': lambda user: not user.is_locked, # Default is everything but locked accounts
+ 'vyos': lambda user: user.user_type == 'vyos',
+ 'other': lambda user: user.user_type != 'vyos',
+ 'locked': lambda user: user.is_locked,
+ 'all': lambda user: True
+}
+
+
+def is_locked(user_name: str) -> bool:
+ """Check if a given user has password in shadow db"""
+
+ try:
+ encrypted_password = spwd.getspnam(user_name)[1]
+ return encrypted_password == '*' or encrypted_password.startswith('!')
+ except (KeyError, PermissionError):
+ print('Cannot access shadow database, ensure this script is run with sufficient permissions')
+ sys.exit(1)
+
+
+def decode_lastlog(lastlog_file, uid: int):
+ """Decode last login info of a given user uid from the lastlog file"""
+
+ struct_fmt = '=L32s256s'
+ recordsize = struct.calcsize(struct_fmt)
+ lastlog_file.seek(recordsize * uid)
+ buf = lastlog_file.read(recordsize)
+ if len(buf) < recordsize:
+ return None
+ (time, tty, host) = struct.unpack(struct_fmt, buf)
+ time = 'never logged in' if time == 0 else ctime(time)
+ tty = tty.strip(b'\x00')
+ host = host.strip(b'\x00')
+ return time, tty, host
+
+
+def list_users():
+ cfg = Config()
+ vyos_users = cfg.list_effective_nodes('system login user')
+ users = []
+ with open('/var/log/lastlog', 'rb') as lastlog_file:
+ for (name, _, uid, _, _, _, _) in pwd.getpwall():
+ lastlog_info = decode_lastlog(lastlog_file, uid)
+ if lastlog_info is None:
+ continue
+ user_info = UserInfo(
+ uid, name,
+ user_type='vyos' if name in vyos_users else 'other',
+ is_locked=is_locked(name),
+ login_time=lastlog_info[0],
+ tty=lastlog_info[1],
+ host=lastlog_info[2])
+ users.append(user_info)
+ return users
+
+
+def main():
+ parser = argparse.ArgumentParser(prog=sys.argv[0], add_help=False)
+ parser.add_argument('type', nargs='?', choices=['all', 'vyos', 'other', 'locked'])
+ args = parser.parse_args()
+
+ filter_type = args.type if args.type is not None else 'default'
+ filter_expr = filters[filter_type]
+
+ headers = ['Username', 'Type', 'Locked', 'Tty', 'From', 'Last login']
+ table_data = []
+ for user in list_users():
+ if filter_expr(user):
+ table_data.append([user.name, user.user_type, user.is_locked, user.tty, user.host, user.login_time])
+ print(tabulate(table_data, headers, tablefmt='simple'))
+
+
+if __name__ == '__main__':
+ main()