def _fsck_check(hutil):
try:
retcode = ext_utils.run(['fsck', '-As', '-y'])
if retcode > 0:
hutil.log(retcode)
raise Exception("Disk check was not successful")
else:
return retcode
except Exception as e:
hutil.error("Failed to run disk check with error: {0}, {1}".format(
str(e), traceback.format_exc()))
hutil.do_exit(1, 'Check', 'error', '0', 'Check failed.')
def restart_ssh_service(self):
"""
Service call to re(start) the SSH service
"""
ssh_restart_cmd = [
self.service_cmd, self.ssh_service_name,
self.ssh_service_restart_option
]
ret_code = ext_utils.run(ssh_restart_cmd)
if ret_code != 0:
logger.error("Failed to restart SSH service with return code:" +
str(ret_code))
return ret_code
def delete_account(self, user):
"""
Delete the 'user'.
Clear utmp first, to avoid error.
Removes the /etc/sudoers.d/waagent file.
"""
userentry = None
try:
userentry = pwd.getpwnam(user)
except (OSError, KeyError):
pass
if userentry is None:
logger.error("DeleteAccount: " + user + " not found.")
return
uidmin = None
try:
if os.path.isfile("/etc/login.defs"):
uidmin = int(
ext_utils.get_line_starting_with(
"UID_MIN", "/etc/login.defs").split()[1])
except (ValueError, KeyError, AttributeError, OSError):
pass
if uidmin is None:
uidmin = 100
if userentry[2] < uidmin:
logger.error("DeleteAccount: " + user +
" is a system user. Will not delete account.")
return
# empty contents of utmp to prevent error if we are the 'user' deleted
ext_utils.run_command_and_write_stdout_to_file(['echo'],
'/var/run/utmp')
ext_utils.run(['rmuser', '-y', user], chk_err=False)
try:
os.remove(self.sudoers_dir_base + "/sudoers.d/waagent")
except OSError:
pass
return
def delete_account(self, user):
"""
Delete the 'user'.
Clear utmp first, to avoid error.
Removes the /etc/sudoers.d/waagent file.
"""
user_entry = None
try:
user_entry = pwd.getpwnam(user)
except (KeyError, OSError):
pass
if user_entry is None:
logger.error("DeleteAccount: " + user + " not found.")
return
uid_min = None
try:
uid_min = int(
ext_utils.get_line_starting_with("UID_MIN",
"/etc/login.defs").split()[1])
except (ValueError, KeyError, AttributeError, OSError):
pass
if uid_min is None:
uid_min = 100
if user_entry[2] < uid_min:
logger.error("DeleteAccount: " + user +
" is a system user. Will not delete account.")
return
ext_utils.run([
'rm', '-f', '/var/run/utmp'
]) # Delete utmp to prevent error if we are the 'user' deleted
ext_utils.run(['userdel', '-f', '-r', user])
try:
os.remove("/etc/sudoers.d/waagent")
except OSError:
pass
return
def delete_account(self, user):
ext_utils.run(['/sbin/usermod', user, '-G', ''])
def create_account(self, user, password, expiration, thumbprint):
ext_utils.run(['/sbin/usermod', user, '-G', 'wheel'])
def create_account(self, user, password, expiration, thumbprint):
"""
Create a user account, with 'user', 'password', 'expiration', ssh keys
and sudo permissions.
Returns None if successful, error string on failure.
"""
userentry = None
try:
userentry = pwd.getpwnam(user)
except (EnvironmentError, KeyError):
pass
uidmin = None
try:
if os.path.isfile("/etc/login.defs"):
uidmin = int(ext_utils.get_line_starting_with("UID_MIN", "/etc/login.defs").split()[1])
except (ValueError, KeyError, AttributeError, EnvironmentError):
pass
pass
if uidmin is None:
uidmin = 100
if userentry is not None and userentry[2] < uidmin:
logger.error(
"CreateAccount: " + user + " is a system user. Will not set password.")
return "Failed to set password for system user: "******" (0x06)."
if userentry is None:
command = ['pw', 'useradd', user, '-m']
if expiration is not None:
command += ['-e', expiration.split('.')[0]]
if ext_utils.run(command):
logger.error("Failed to create user account: " + user)
return "Failed to create user account: " + user + " (0x07)."
else:
logger.log(
"CreateAccount: " + user + " already exists. Will update password.")
if password is not None:
self.change_password(user, password)
try:
# for older distros create sudoers.d
if not os.path.isdir(self.sudoers_dir_base + '/sudoers.d/'):
# create the /etc/sudoers.d/ directory
os.mkdir(self.sudoers_dir_base + '/sudoers.d')
# add the include of sudoers.d to the /etc/sudoers
ext_utils.set_file_contents(
self.sudoers_dir_base + '/sudoers',
ext_utils.get_file_contents(
self.sudoers_dir_base + '/sudoers') + '\n#includedir ' + self.sudoers_dir_base + '/sudoers.d\n')
if password is None:
ext_utils.set_file_contents(
self.sudoers_dir_base + "/sudoers.d/waagent", user + " ALL = (ALL) NOPASSWD: ALL\n")
else:
ext_utils.set_file_contents(self.sudoers_dir_base + "/sudoers.d/waagent", user + " ALL = (ALL) ALL\n")
os.chmod(self.sudoers_dir_base + "/sudoers.d/waagent", 0o440)
except (ValueError, KeyError, AttributeError, EnvironmentError):
logger.error("CreateAccount: Failed to configure sudo access for user.")
return "Failed to configure sudo privileges (0x08)."
home = self.get_home()
if thumbprint is not None:
ssh_dir = home + "/" + user + "/.ssh"
ext_utils.create_dir(ssh_dir, user, 0o700)
pub = ssh_dir + "/id_rsa.pub"
prv = ssh_dir + "/id_rsa"
ext_utils.run_command_and_write_stdout_to_file(['sh-keygen', '-y', '-f', thumbprint + '.prv'], pub)
ext_utils.set_file_contents(
prv, ext_utils.get_file_contents(thumbprint + ".prv"))
for f in [pub, prv]:
os.chmod(f, 0o600)
ext_utils.change_owner(f, user)
ext_utils.set_file_contents(
ssh_dir + "/authorized_keys",
ext_utils.get_file_contents(pub))
ext_utils.change_owner(ssh_dir + "/authorized_keys", user)
logger.log("Created user account: " + user)
return None
def _del_rule_if_exists(rule_string):
rule_string_for_cmp = " ".join(rule_string)
cmd_result = ext_utils.run_command_get_output(['iptables-save'])
while cmd_result[0] == 0 and (rule_string_for_cmp in cmd_result[1]):
ext_utils.run(['iptables', '-D'] + rule_string)
cmd_result = ext_utils.run_command_get_output(['iptables-save'])
