def setConfigValue(self, variable_name, values_list) : dnsmasq_editor = tools.editors.PlainEditor(spaces_list = [], quotes_list = []) dnsmasq_editor.open(config.value(SERVICE_NAME, "dnsmasq_conf"), config.value(SERVICE_NAME, "dnsmasq_conf_sample")) dnsmasq_editor.setValue(variable_name, values_list) dnsmasq_editor.save() dnsmasq_editor.close()
def setServers(self, servers_list):
ntp_editor = tools.editors.PlainEditor(delimiter="", quotes_list=[])
ntp_editor.open(config.value(SERVICE_NAME, "ntp_conf"),
config.value(SERVICE_NAME, "ntp_conf_sample"))
ntp_editor.setValue("server", servers_list)
ntp_editor.save()
ntp_editor.close()
def addStaticHost(self, mac, ip, name) :
static_host = "%s,%s" % (validators.network.validMacAddress(mac)[0], validators.network.validIpv4Address(ip)[0])
static_host += ( ",%s" % (name) if len(name) != 0 else "" )
dnsmasq_editor = tools.editors.PlainEditor(spaces_list = [], quotes_list = [])
dnsmasq_editor.open(config.value(SERVICE_NAME, "dnsmasq_conf"),
config.value(SERVICE_NAME, "dnsmasq_conf_sample"))
dnsmasq_editor.setValue("dhcp-host", dnsmasq_editor.value("dhcp_host") + [static_host])
dnsmasq_editor.save()
dnsmasq_editor.close()
def unameOption(self, option):
try:
proc_args_list = [config.value(SERVICE_NAME, "uname_bin"), option]
return tools.process.execProcess(proc_args_list)[0].strip()
except FileNotFoundError:
logger.error("Directory /usr/bin/lsb_release does not exist")
return "Error: /usr/bin/lsb_release doesn\'t exist"
def nssRoles(self):
rid_regexp = re.compile(r"(^\d+):")
try:
role_config_file = open(config.value(SERVICE_NAME, "role_conf"))
except:
logger.attachException()
return []
role_names_list = []
for role_record in role_config_file.read().split("\n"):
rid_regexp_match = rid_regexp.match(role_record)
if rid_regexp_match != None:
try:
role_names_list.append(
grp.getgrgid(int(rid_regexp_match.group(1))).gr_name)
except:
logger.error("{mod}: Cannot resolve group name by gid")
logger.attachException()
try:
role_config_file.close()
except:
pass
return role_names_list
def attributes(self) :
proc_args_list = [config.value(SERVICE_NAME, "smartctl_bin"), "-A", self.__device_file_path]
attrs_list = []
attrs_found_flag = False
for attrs_list_item in tools.process.execProcess(proc_args_list)[0].split("\n") :
attrs_list_item = attrs_list_item.strip()
if attrs_found_flag :
attrs_records_list = re.split(r"\s+", attrs_list_item)
if len(attrs_records_list) == 10 and attrs_records_list[0] != "ID#" :
attrs_list.append([int(attrs_records_list[0]),
attrs_records_list[1],
int(attrs_records_list[2], 16),
int(attrs_records_list[3]),
int(attrs_records_list[4]),
int(attrs_records_list[5]),
attrs_records_list[6],
attrs_records_list[7],
attrs_records_list[8],
attrs_records_list[9]])
if attrs_list_item == "=== START OF READ SMART DATA SECTION ===" :
attrs_found_flag = True
return attrs_list
def setUtcTime(self, month, monthday, hour, minute, year, second):
proc_args_list = [
config.value(SERVICE_NAME, "date_bin"), "-u",
"%02d%02d%02d%02d%04d.%02d" %
(month, monthday, hour, minute, year, second)
]
return tools.process.execProcess(proc_args_list, fatal_flag=False)[2]
def addRole(self, role_name, group_names_list):
role_name = validators.os.validGroupName(role_name)
group_names_list = [
validators.os.validGroupName(item) for item in group_names_list
]
rid = grp.getgrnam(role_name).gr_gid
if len(gids) == 0:
logger.verbose(
"{mod}: Ignored an attempt to create an empty NSS role \"%s\" (rid=%d)"
% (role_name, rid))
return 1
logger.verbose(
"{mod}: Request to add NSS role \"%s\" (rid=%d) with groups \"%s\""
% (role_name, rid, str(group_names_list)))
editor = tools.editors.PlainEditor(delimiter=":",
spaces_list=[],
quotes_list=[])
editor.open(config.value(SERVICE_NAME, "role_conf"))
editor.setValue(
str(rid),
",".join([grp.getgrnam(item).gr_gid for item in group_names_list]))
editor.save()
editor.close()
return 0
def initService(self):
shared.Functions.addShared(LOCAL_USERS_SHARED_NAME)
shared.Functions.addSharedObject(LOCAL_USERS_OBJECT_NAME,
self.__local_users)
logger.verbose("{mod}: First local users request...")
local_users_shared = shared.Functions.shared(LOCAL_USERS_SHARED_NAME)
user_count = 0
for user_name in self.localUsers():
dbus_user_name = re.sub(r"[^\w\d_]", "_", user_name)
local_users_shared.addSharedObject(
dbus_user_name,
LocalUser(user_name,
tools.dbus.joinPath(SERVICE_NAME, dbus_user_name),
self))
user_count += 1
logger.verbose("{mod}: Added %d local users" % (user_count))
passwd_config_subdir_path = os.path.dirname(
config.value(SERVICE_NAME, "passwd_conf"))
self.__watch_manager.add_watch(
passwd_config_subdir_path,
pyinotify.IN_DELETE | pyinotify.IN_CREATE | pyinotify.IN_MOVED_TO,
rec=True)
self.start()
logger.verbose("{mod}: Start polling inotify events for \"%s\"" %
(passwd_config_subdir_path))
def initService(self):
shared.Functions.addShared(NSS_ROLES_SHARED_NAME)
shared.Functions.addSharedObject(NSS_ROLES_OBJECT_NAME,
self.__nss_roles)
logger.verbose("{mod}: First NSS roles request...")
nss_roles_shared = shared.Functions.shared(NSS_ROLES_SHARED_NAME)
role_count = 0
for role_name in self.nssRoles():
dbus_role_name = re.sub(r"[^\w\d_]", "_", role_name)
nss_roles_shared.addSharedObject(
dbus_role_name,
NssRole(role_name,
tools.dbus.joinPath(SERVICE_NAME, dbus_role_name),
self))
role_count += 1
logger.verbose("{mod}: Added %d NSS roles" % (role_count))
role_config_subdir_path = os.path.dirname(
config.value(SERVICE_NAME, "role_conf"))
self.__watch_manager.add_watch(
role_config_subdir_path,
pyinotify.IN_DELETE | pyinotify.IN_CREATE | pyinotify.IN_MOVED_TO,
rec=True)
self.start()
logger.verbose("{mod}: Start polling inotify events for \"%s\"" %
(role_config_subdir_path))
def removeGroup(self, group_name):
group_name = validators.os.validGroupName(group_name)
gid = grp.getgrnam(group_name).gr_gid
rid = grp.getgrnam(self.__role_name).gr_gid
logger.verbose(
"{mod}: Request to remove group \"%s\" from NSS role \"%s\"" %
(group_name, self.__role_name))
editor = tools.editors.PlainEditor(delimiter=":",
spaces_list=[],
quotes_list=[])
editor.open(config.value(SERVICE_NAME, "role_conf"))
role_gids_list = editor.value(str(rid))
if len(role_gids_list) > 0 and len(role_gids_list[-1]) > 0:
gids_list = role_gids_list[-1].split(",")
if str(gid) in gids_list:
gids_list.remove(str(gid))
editor.setValue(str(rid), ",".join(gids_list))
editor.save()
editor.close()
return 0
else:
logger.verbose(
"{mod}: Group \"%s\" is not included in role \"%s\"" %
(group_name, self.__role_name))
editor.close()
return 1
editor.close()
return 1
def _apply(self, is_machine, who, session_id) :
op = "apply"
target_name = str(who)
target_type = "machine" if is_machine else "user"
logger.verbose("{mod}: Apply %s`s GPOs for %s" % (target_type, target_name))
proc_args_list = [config.value(SERVICE_NAME, "gpoa"), op, target_type, target_name]
mk_long_run("apply_{target}_{id}".format(target='machine' if is_machine else 'user', id=who), session_id, proc_args_list)
return 0
def closeService(self):
role_config_subdir_path = os.path.dirname(
config.value(SERVICE_NAME, "role_conf"))
self.__watch_manager.rm_watch(
self.__watch_manager.get_wd(role_config_subdir_path))
self.stop()
logger.verbose("{mod}: Stop polling inotify events for \"%s\"" %
(role_config_subdir_path))
def currentLevel(self):
level_pairs_list = tools.process.execProcess(
config.value(SERVICE_NAME, "runlevel_bin"))[0].strip().split(" ")
if len(level_pairs_list) != 2 or not level_pairs_list[1] in "0123456":
raise tools.process.SubprocessFailure(
"Error while execute \"%s\"\nStdout: %s\nStderr: %s\nReturn code: %d"
% (proc_args, proc_stdout.strip(), proc_stderr.strip(),
proc_returncode))
return int(level_pairs_list[1])
def setPasswd(self, passwd):
logger.verbose(
"{mod}: Request to change password for local user \"%s\"" %
(self.__user_name))
return tools.process.execProcess(
config.value(SERVICE_NAME, "chpasswd_bin"),
proc_input="%s:%s\n" % (self.__user_name, passwd),
fatal_flag=False,
confidential_input_flag=True)[2]
def addUser(self, user_name):
user_name = validators.os.validUserName(user_name)
logger.verbose("{mod}: Request to add user \"%s\" to NSS role \"%s\"" %
(user_name, self.__role_name))
proc_args_list = [
config.value(SERVICE_NAME, "usermod_bin"), "-a", "-G",
self.__role_name, user_name
]
return tools.process.execProcess(proc_args_list, fatal_flag=False)[2]
def setLock(self, lock_flag):
(lock_arg, lock_str) = (("-L", "lock") if lock_flag else
("-U", "unlock"))
logger.verbose("{mod}: Request to %s local user \"%s\"" %
(lock_str, self.__user_name))
proc_args_list = [
config.value(SERVICE_NAME, "usermod_bin"), lock_arg,
self.__user_name
]
return tools.process.execProcess(proc_args_list, fatal_flag=False)[2]
def __init__(self, *args):
# setting up constants
global CERTS_DIR, PEMFILE, KEYFILE, CERTFILE, CSRFILE, CAFILE, CAKEY
CERTS_DIR = config.value(SERVICE_NAME, "cert_dir")
PEMFILE = path.join(CERTS_DIR, CERT_NAME + '.pem')
KEYFILE = path.join(CERTS_DIR, CERT_NAME + '.key')
CERTFILE = path.join(CERTS_DIR, CERT_NAME + '.crt')
CSRFILE = path.join(CERTS_DIR, CERT_NAME + '.csr')
CAFILE = path.join(CERTS_DIR, 'ca.crt')
CAKEY = path.join(CERTS_DIR, 'ca.key')
super().__init__(*args)
def setGid(self, gid):
if gid < 0:
raise validators.ValidatorError("Incorrect GID %d" % (gid))
logger.verbose(
"{mod}: Request to change gid for local user \"%s\", new gid=%d" %
(self.__user_name, gid))
proc_args_list = [
config.value(SERVICE_NAME, "usermod_bin"), "-g",
str(gid), self.__user_name
]
return tools.process.execProcess(proc_args_list, fatal_flag=False)[2]
def inotifyEvent(self, event):
if event.dir or not event.pathname in (
config.value(SERVICE_NAME, "passwd_conf"),
config.value(SERVICE_NAME, "shadow_conf"),
config.value(SERVICE_NAME, "login_defs_conf")):
return
user_names_list = self.localUsers()
dbus_user_names_list = [
re.sub(r"[^\w\d_]", "_", item) for item in user_names_list
]
local_users_shared = shared.Functions.shared(LOCAL_USERS_SHARED_NAME)
for count in xrange(len(user_names_list)):
if not local_users_shared.hasSharedObject(
dbus_user_names_list[count]):
local_users_shared.addSharedObject(
dbus_user_names_list[count],
LocalUser(
user_names_list[count],
tools.dbus.joinPath(SERVICE_NAME,
dbus_user_names_list[count]),
self))
logger.verbose("{mod}: Added local user \"%s\"" %
(user_names_list[count]))
for dbus_user_name in local_users_shared.sharedObjects().keys():
if not dbus_user_name in dbus_user_names_list:
user_name = local_users_shared.sharedObject(
dbus_user_name).realName()
local_users_shared.sharedObject(
dbus_user_name).removeFromConnection()
local_users_shared.removeSharedObject(dbus_user_name)
logger.verbose("{mod}: Removed local user \"%s\"" %
(user_name))
self.__local_users.usersChanged()
def setComment(self, text):
if re.match(r"^[@<>./\w\d \t]*$", text) == None:
raise validators.ValidatorError(
"Incorrect symbols in string \"%s\"" % (text))
logger.verbose(
"{mod}: Request to change comment for local user \"%s\", new comment=\"%s\""
% (self.__user_name, text))
proc_args_list = [
config.value(SERVICE_NAME, "usermod_bin"), "-c", text,
self.__user_name
]
return tools.process.execProcess(proc_args_list, fatal_flag=False)[2]
def addUser(self, user_name, uid, gid):
user_name = validators.os.validUserName(user_name)
(uid_args_list, uid_str) = ((["-u", str(uid)],
str(uid)) if uid >= 0 else ([], "auto"))
(gid_args_list, gid_str) = ((["-g", str(gid)],
str(gid)) if gid >= 0 else ([], "auto"))
logger.verbose(
"{mod}: Request to add local user \"%s\" with uid=%s and gid=%s" %
(user_name, uid_str, gid_str))
proc_args_list = [config.value(SERVICE_NAME, "useradd_bin")
] + uid_args_list + gid_args_list + [user_name]
return tools.process.execProcess(proc_args_list, fatal_flag=False)[2]
def removeUser(self, user_name, remove_data_flag):
user_name = validators.os.validUserName(user_name)
(remove_data_arg,
remove_data_str) = (("-r", " and its data") if remove_data_flag else
("", ""))
logger.verbose("{mod}: Request to remove local user \"%s\"%s" %
(user_name, remove_data_str))
proc_args_list = [
config.value(SERVICE_NAME, "userdel_bin"), remove_data_arg,
user_name
]
return tools.process.execProcess(proc_args_list, fatal_flag=False)[2]
def setHomePath(self, path):
if re.match(r"^[./\w\d]*$", path) == None:
raise validators.ValidatorError(
"Incorrect symbols in string \"%s\"" % (path))
logger.verbose(
"{mod}: Request to change home for local user \"%s\", new home=\"%s\""
% (self.__user_name, path))
proc_args_list = [
config.value(SERVICE_NAME, "usermod_bin"), "-d", path,
self.__user_name
]
return tools.process.execProcess(proc_args_list, fatal_flag=False)[2]
def inotifyEvent(self, event):
if event.dir or not event.pathname in (config.value(
SERVICE_NAME,
"role_conf"), config.value(SERVICE_NAME, "group_conf")):
return
role_names_list = self.nssRoles()
dbus_role_names_list = [
re.sub(r"[^\w\d_]", "_", item) for item in role_names_list
]
nss_roles_shared = shared.Functions.shared(NSS_ROLES_SHARED_NAME)
for count in xrange(len(roles_names_list)):
if not nss_roles_shared.hasSharedObject(
dbus_role_names_list[count]):
nss_roles_shared.addSharedObject(
dbus_role_names_list[count],
NssRole(
role_names_list[count],
tools.dbus.joinPath(SERVICE_NAME,
dbus_role_names_list[count]),
self))
logger.verbose("{mod}: Added NSS role \"%s\"" %
(role_names_list[count]))
for dbus_role_name in nss_roles_shared.sharedObjects().keys():
if not dbus_role_name in dbus_role_names_list:
role_name = nss_roles_shared.sharedObject(
dbus_role_name).realName()
nss_roles_shared.sharedObject(
dbus_role_name).removeFromConnection()
nss_roles_shared.removeSharedObject(dbus_role_name)
logger.verbose("{mod}: Removed NSS role \"%s\"" % (role_name))
self.__nss_roles.rolesChanged()
def health(self) :
proc_args_list = [config.value(SERVICE_NAME, "smartctl_bin"), "-H", self.__device_file_path]
disk_health_flag = False
health_found_flag = False
for health_list_item in tools.process.execProcess(proc_args_list)[0].split("\n") :
health_list_item = health_list_item.strip()
if health_found_flag :
disk_health_flag = ( health_list_item.split()[-1] == "PASSED" )
break
if health_list_item == "=== START OF READ SMART DATA SECTION ===" :
health_found_flag = True
return disk_health_flag
def removeUser(self, user_name):
user_name = validators.os.validUserName(user_name)
users_list = grp.getgrnam(self.__role_name).gr_mem
users_list.remove(self.__role_name)
users = ",".join(users_list)
logger.verbose(
"{mod}: Request to remove user \"%s\" from NSS role \"%s\"" %
(user_name, self.__role_name))
proc_args_list = [
config.value(SERVICE_NAME, "usermod_bin"), "-G", users, user_name
]
return tools.process.execProcess(proc_args_list, fatal_flag=False)[2]
def groups(self):
editor = tools.editors.PlainEditor(delimiter=":",
spaces_list=[],
quotes_list=[])
editor.open(config.value(SERVICE_NAME, "role_conf"))
role_gids_list = editor.value(
str(grp.getgrnam(self.__role_name).gr_gid))
editor.close()
if len(role_gids_list) > 0:
return [
grp.getgrgid(item).gr_name
for item in role_gids_list[-1].split(",")
]
else:
return []
def removeRole(self, role_name):
role_name = validators.os.validGroupName(role_name)
rid = grp.getgrnam(role_name).gr_gid
logger.verbose("{mod}: Request to remove NSS role \"%s\" (rid=%d)" %
(role_name, rid))
editor = tools.editors.PlainEditor(delimiter=":",
spaces_list=[],
quotes_list=[])
editor.open(config.value(SERVICE_NAME, "role_conf"))
editor.setValue(str(rid), None)
editor.save()
editor.close()
return 0
def initService(self) :
shared.Functions.addShared(DISKS_SMART_SHARED_NAME)
shared.Functions.addSharedObject(DISKS_SMART_SHARED_NAME, self.__disks_smart)
logger.verbose("{mod}: First devices request...")
disks_smart_shared = shared.Functions.shared(DISKS_SMART_SHARED_NAME)
disks_filter_regexp = re.compile(config.value(SERVICE_NAME, "disks_filter"))
devices_count = 0
for device in self.__udev_client.query_by_subsystem("block") :
device_name = device.get_name()
device_file_path = device.get_device_file()
if disks_filter_regexp.match(device_name) and self.smartAvailable(device_file_path) :
disks_smart_shared.addSharedObject(device_name, Disk(device_file_path,
tools.dbus.joinPath(DISKS_SMART_SHARED_NAME, device_name), self))
devices_count += 1
logger.verbose("{mod}: Added %d devices" % (devices_count))
self.__udev_client.connect("uevent", self.udevEvent)
logger.verbose("{mod}: Start polling udev events for \"block\"")