[tac_plus] managing accounts
Asif Iqbal
vadud3 at gmail.com
Thu May 22 20:56:08 UTC 2014
On Thu, May 22, 2014 at 4:14 PM, Daniel Schmidt <daniel.schmidt at wyo.gov>wrote:
> Put users in do_auth and manage them there instead. Import ConfigParser
> to add/remove users as needed. Can even cross reference a database if
> needed.
>
That is the direction I am heading. But I need to normalize the existing
users into rows for the database and then it will easier to convert that
into ini type file to work with do_auth.
I am pretty close to complete.
So far I got this far
import re
f = open('tac_plus.conf').read()
pattern = '\n?user\s*=\s*(\S+)\s*{(.+?)}'
users = re.findall(pattern,f,re.DOTALL|re.MULTILINE)
which outputs like this
('aa49451', '\n\tlogin = PAM\n\tacl = oobrs\n\tmember = readonly')
('aa15561', '\n\tlogin = PAM\n\tacl = oobrs\n\tmember = readonly')
('aa56743', '\n\tlogin = PAM\n\tmember = oobrs')
('cariden', '\n\tlogin = des s5YXYZAm4f.\n\tmember = cariden')
('ssarepts', '\n #login = des qwASvuPKw\n login = file
/etc/tacacs-passwd\n cmd = terminal {\n permit
"length"\n deny .*\n }\n cmd = show
{\n permit "interfaces|policy-map
interface"\n deny .*\n }\n\tcmd = exit {\n\t\tpermit
.*\n\t}')
('vtt2440', '\n\tlogin = PAM\n\tmember = opsdb')
('aa60589', '\n login = PAM\n member = opsdb')
('aa92589', '\n login = PAM\n member = opsdb')
I am still working on to clean up more.
There are only 6 users with cmd = {..} inside. So I will just convert those
into new groups and just use member = newgroup.
So not much work left to clean up.
>
> On Thu, May 22, 2014 at 12:41 PM, Asif Iqbal <vadud3 at gmail.com> wrote:
>
>> On Thu, May 22, 2014 at 12:48 PM, Asif Iqbal <vadud3 at gmail.com> wrote:
>>
>> >
>> >
>> >
>> > On Thu, May 22, 2014 at 12:27 PM, heasley <heas at shrubbery.net> wrote:
>> >
>> >> Thu, May 22, 2014 at 12:26:10PM -0400, Asif Iqbal:
>> >> > Any one has tool to manage user accounts on tac_plus.conf?
>> >> >
>> >> > Looking for adding/deleting multiple users.
>> >> >
>> >> > Adding/Modifying/Deleting them manually with an editor is painful.
>> >>
>> >> why not do it in a database/elsewhere and export it to the config file?
>> >>
>> >
>> > I would go with mysql then.
>> >
>> > Most of them are like below.
>> > user = vtt2440 {
>> > login = PAM
>> > member = opsdb
>> > }
>> >
>> > So creating a schema and inserting these data would be pretty simple
>> >
>> > CREATE TABLE Users (
>> > user varchar(20) primary key,
>> > login varchar(20),
>> > member varchar(20)
>> > );
>> >
>> > INSERT INTO Users (`user`, `login`,`member`) VALUES ("vtt2440","PAM",
>> > "opsdb");
>> >
>> > But I will need some help with parsing this into a txt file and then
>> just
>> > LOAD DATA INFILE
>> > would save lot of time with ~2000 users.
>> >
>> >
>> > However, how would I manage stanza like this? Should I just move those
>> > cmds inside group
>> > definition?
>> >
>> > user = ssarepts {
>> > login = file /etc/tacacs-passwd
>> > cmd = terminal {
>> > permit "length"
>> > deny .*
>> > }
>> > cmd = show {
>> > permit "interfaces|policy-map interface"
>> > deny .*
>> > }
>> > cmd = exit {
>> > permit .*
>> > }
>> > }
>> >
>> > So looks like really need help with parsing these and normalize to rows,
>> > before I can insert them into database.
>> >
>> > Thanks for any help with parsing.
>> >
>>
>>
>> So, so far I managed to parse most of the users
>>
>> import re
>> f = open ('tac_plus.conf','rb').read()
>>
>> regex =
>>
>> re.compile('\s?\w*\s*=\s*(\w*)\s{\s+\w*\s*=\s*(\w*)\s+\w*\s*=\s*(\w*)\s+}',re.DOTALL|re.MULTILINE)
>>
>> users = regex.findall(f)
>>
>> for f in users:
>> print f
>>
>> So this gets me 1532 users out of 1760 users. I still need to improve the
>> regex and could use some help.
>>
>> Thanks
>>
>>
>>
>> >
>> > --
>> > Asif Iqbal
>> > PGP Key: 0xE62693C5 KeyServer: pgp.mit.edu
>> > A: Because it messes up the order in which people normally read text.
>> > Q: Why is top-posting such a bad thing?
>> >
>> >
>>
>>
>> --
>> Asif Iqbal
>> PGP Key: 0xE62693C5 KeyServer: pgp.mit.edu
>> A: Because it messes up the order in which people normally read text.
>> Q: Why is top-posting such a bad thing?
>> -------------- next part --------------
>> An HTML attachment was scrubbed...
>> URL: <
>> http://www.shrubbery.net/pipermail/tac_plus/attachments/20140522/decbfebc/attachment.html
>> >
>> _______________________________________________
>> tac_plus mailing list
>> tac_plus at shrubbery.net
>> http://www.shrubbery.net/mailman/listinfo/tac_plus
>>
>
> E-Mail to and from me, in connection with the transaction
> of public business, is subject to the Wyoming Public Records
> Act and may be disclosed to third parties.
>
>
>
--
Asif Iqbal
PGP Key: 0xE62693C5 KeyServer: pgp.mit.edu
A: Because it messes up the order in which people normally read text.
Q: Why is top-posting such a bad thing?
-------------- next part --------------
An HTML attachment was scrubbed...
URL: <http://www.shrubbery.net/pipermail/tac_plus/attachments/20140522/8ec3543e/attachment.html>
More information about the tac_plus
mailing list