From 3d94de9b56ef2a6030ef5cea8b307098688c949d Mon Sep 17 00:00:00 2001
From: Dmytro Aleksandrov <alkersan@gmail.com>
Date: Wed, 14 Aug 2019 01:21:20 +0300
Subject: [op-mode] T1590 xml-style rewrite of 'show system' operations

---
 src/helpers/vyos-sudo.py  |  40 +++++++++++++++++
 src/op_mode/show_ram.sh   |  33 ++++++++++++++
 src/op_mode/show_users.py | 111 ++++++++++++++++++++++++++++++++++++++++++++++
 3 files changed, 184 insertions(+)
 create mode 100755 src/helpers/vyos-sudo.py
 create mode 100755 src/op_mode/show_ram.sh
 create mode 100755 src/op_mode/show_users.py

(limited to 'src')

diff --git a/src/helpers/vyos-sudo.py b/src/helpers/vyos-sudo.py
new file mode 100755
index 000000000..0101a0c95
--- /dev/null
+++ b/src/helpers/vyos-sudo.py
@@ -0,0 +1,40 @@
+#!/usr/bin/env python3
+
+# Copyright 2019 VyOS maintainers and contributors <maintainers@vyos.io>
+#
+# This library is free software; you can redistribute it and/or
+# modify it under the terms of the GNU Lesser General Public
+# License as published by the Free Software Foundation; either
+# version 2.1 of the License, or (at your option) any later version.
+#
+# This library is distributed in the hope that it will be useful,
+# but WITHOUT ANY WARRANTY; without even the implied warranty of
+# MERCHANTABILITY or FITNESS FOR A PARTICULAR PURPOSE.  See the GNU
+# Lesser General Public License for more details.
+#
+# You should have received a copy of the GNU Lesser General Public
+# License along with this library.  If not, see <http://www.gnu.org/licenses/>.
+
+import getpass
+import grp
+import os
+import sys
+
+
+def is_admin() -> bool:
+    """Look if current user is in sudo group"""
+    current_user = getpass.getuser()
+    (_, _, _, admin_group_members) = grp.getgrnam('sudo')
+    return current_user in admin_group_members
+
+
+if __name__ == '__main__':
+    if len(sys.argv) < 2:
+        print('Missing command argument')
+        sys.exit(1)
+
+    if not is_admin():
+        print('This account is not authorized to run this command')
+        sys.exit(1)
+
+    os.execvp('sudo', ['sudo'] + sys.argv[1:])
diff --git a/src/op_mode/show_ram.sh b/src/op_mode/show_ram.sh
new file mode 100755
index 000000000..b013e16f8
--- /dev/null
+++ b/src/op_mode/show_ram.sh
@@ -0,0 +1,33 @@
+#!/bin/bash
+#
+# Module: vyos-show-ram.sh
+# Displays memory usage information in minimalistic format
+#
+# Copyright (C) 2019 VyOS maintainers and contributors
+#
+# This program is free software; you can redistribute it and/or modify
+# it under the terms of the GNU General Public License version 2 as
+# published by the Free Software Foundation.
+#
+# This program is distributed in the hope that it will be useful,
+# but WITHOUT ANY WARRANTY; without even the implied warranty of
+# MERCHANTABILITY or FITNESS FOR A PARTICULAR PURPOSE.  See the
+# GNU General Public License for more details.
+#
+# You should have received a copy of the GNU General Public License
+# along with this program.  If not, see <http://www.gnu.org/licenses/>.
+
+MB_DIVISOR=1024
+
+TOTAL=$(cat /proc/meminfo | grep -E "^MemTotal:" | awk -F ' ' '{print $2}')
+FREE=$(cat /proc/meminfo | grep -E "^MemFree:" | awk -F ' ' '{print $2}')
+BUFFERS=$(cat /proc/meminfo | grep -E "^Buffers:" | awk -F ' ' '{print $2}')
+CACHED=$(cat /proc/meminfo | grep -E "^Cached:" | awk -F ' ' '{print $2}')
+
+DISPLAY_FREE=$(( ($FREE + $BUFFERS + $CACHED) / $MB_DIVISOR ))
+DISPLAY_TOTAL=$(( $TOTAL / $MB_DIVISOR ))
+DISPLAY_USED=$(( $DISPLAY_TOTAL - $DISPLAY_FREE ))
+
+echo "Total: $DISPLAY_TOTAL"
+echo "Free:  $DISPLAY_FREE"
+echo "Used:  $DISPLAY_USED"
diff --git a/src/op_mode/show_users.py b/src/op_mode/show_users.py
new file mode 100755
index 000000000..8e4f12851
--- /dev/null
+++ b/src/op_mode/show_users.py
@@ -0,0 +1,111 @@
+#!/usr/bin/env python3
+#
+# Copyright (C) 2019 VyOS maintainers and contributors
+#
+# This program is free software; you can redistribute it and/or modify
+# it under the terms of the GNU General Public License version 2 or later as
+# published by the Free Software Foundation.
+#
+# This program is distributed in the hope that it will be useful,
+# but WITHOUT ANY WARRANTY; without even the implied warranty of
+# MERCHANTABILITY or FITNESS FOR A PARTICULAR PURPOSE.  See the
+# GNU General Public License for more details.
+#
+# You should have received a copy of the GNU General Public License
+# along with this program.  If not, see <http://www.gnu.org/licenses/>.
+import argparse
+import pwd
+import spwd
+import struct
+import sys
+from time import ctime
+
+from tabulate import tabulate
+from vyos.config import Config
+
+
+class UserInfo:
+    def __init__(self, uid, name, user_type, is_locked, login_time, tty, host):
+        self.uid = uid
+        self.name = name
+        self.user_type = user_type
+        self.is_locked = is_locked
+        self.login_time = login_time
+        self.tty = tty
+        self.host = host
+
+
+filters = {
+    'default': lambda user: not user.is_locked,  # Default is everything but locked accounts
+    'vyos': lambda user: user.user_type == 'vyos',
+    'other': lambda user: user.user_type != 'vyos',
+    'locked': lambda user: user.is_locked,
+    'all': lambda user: True
+}
+
+
+def is_locked(user_name: str) -> bool:
+    """Check if a given user has password in shadow db"""
+
+    try:
+        encrypted_password = spwd.getspnam(user_name)[1]
+        return encrypted_password == '*' or encrypted_password.startswith('!')
+    except (KeyError, PermissionError):
+        print('Cannot access shadow database, ensure this script is run with sufficient permissions')
+        sys.exit(1)
+
+
+def decode_lastlog(lastlog_file, uid: int):
+    """Decode last login info of a given user uid from the lastlog file"""
+
+    struct_fmt = '=L32s256s'
+    recordsize = struct.calcsize(struct_fmt)
+    lastlog_file.seek(recordsize * uid)
+    buf = lastlog_file.read(recordsize)
+    if len(buf) < recordsize:
+        return None
+    (time, tty, host) = struct.unpack(struct_fmt, buf)
+    time = 'never logged in' if time == 0 else ctime(time)
+    tty = tty.strip(b'\x00')
+    host = host.strip(b'\x00')
+    return time, tty, host
+
+
+def list_users():
+    cfg = Config()
+    vyos_users = cfg.list_effective_nodes('system login user')
+    users = []
+    with open('/var/log/lastlog', 'rb') as lastlog_file:
+        for (name, _, uid, _, _, _, _) in pwd.getpwall():
+            lastlog_info = decode_lastlog(lastlog_file, uid)
+            if lastlog_info is None:
+                continue
+            user_info = UserInfo(
+                uid, name,
+                user_type='vyos' if name in vyos_users else 'other',
+                is_locked=is_locked(name),
+                login_time=lastlog_info[0],
+                tty=lastlog_info[1],
+                host=lastlog_info[2])
+            users.append(user_info)
+    return users
+
+
+def main():
+    parser = argparse.ArgumentParser(prog=sys.argv[0], add_help=False)
+    parser.add_argument('type', nargs='?', choices=['all', 'vyos', 'other', 'locked'])
+    args = parser.parse_args()
+
+    filter_type = args.type if args.type is not None else 'default'
+    filter_expr = filters[filter_type]
+
+    headers = ['Username', 'Type', 'Locked', 'Tty', 'From', 'Last login']
+    table_data = []
+    for user in list_users():
+        if filter_expr(user):
+            table_data.append([user.name, user.user_type, user.is_locked, user.tty, user.host, user.login_time])
+    print(tabulate(table_data, headers, tablefmt='simple'))
+
+
+if __name__ == '__main__':
+    main()
-- 
cgit v1.2.3