def addRole(self, role_name, group_names_list):
role_name = validators.os.validGroupName(role_name)
group_names_list = [
validators.os.validGroupName(item) for item in group_names_list
]
rid = grp.getgrnam(role_name).gr_gid
if len(gids) == 0:
logger.verbose(
"{mod}: Ignored an attempt to create an empty NSS role \"%s\" (rid=%d)"
% (role_name, rid))
return 1
logger.verbose(
"{mod}: Request to add NSS role \"%s\" (rid=%d) with groups \"%s\""
% (role_name, rid, str(group_names_list)))
editor = tools.editors.PlainEditor(delimiter=":",
spaces_list=[],
quotes_list=[])
editor.open(config.value(SERVICE_NAME, "role_conf"))
editor.setValue(
str(rid),
",".join([grp.getgrnam(item).gr_gid for item in group_names_list]))
editor.save()
editor.close()
return 0
def removeGroup(self, group_name):
group_name = validators.os.validGroupName(group_name)
gid = grp.getgrnam(group_name).gr_gid
rid = grp.getgrnam(self.__role_name).gr_gid
logger.verbose(
"{mod}: Request to remove group \"%s\" from NSS role \"%s\"" %
(group_name, self.__role_name))
editor = tools.editors.PlainEditor(delimiter=":",
spaces_list=[],
quotes_list=[])
editor.open(config.value(SERVICE_NAME, "role_conf"))
role_gids_list = editor.value(str(rid))
if len(role_gids_list) > 0 and len(role_gids_list[-1]) > 0:
gids_list = role_gids_list[-1].split(",")
if str(gid) in gids_list:
gids_list.remove(str(gid))
editor.setValue(str(rid), ",".join(gids_list))
editor.save()
editor.close()
return 0
else:
logger.verbose(
"{mod}: Group \"%s\" is not included in role \"%s\"" %
(group_name, self.__role_name))
editor.close()
return 1
editor.close()
return 1
def closeService(self):
role_config_subdir_path = os.path.dirname(
config.value(SERVICE_NAME, "role_conf"))
self.__watch_manager.rm_watch(
self.__watch_manager.get_wd(role_config_subdir_path))
self.stop()
logger.verbose("{mod}: Stop polling inotify events for \"%s\"" %
(role_config_subdir_path))
def _apply(self, is_machine, who, session_id) :
op = "apply"
target_name = str(who)
target_type = "machine" if is_machine else "user"
logger.verbose("{mod}: Apply %s`s GPOs for %s" % (target_type, target_name))
proc_args_list = [config.value(SERVICE_NAME, "gpoa"), op, target_type, target_name]
mk_long_run("apply_{target}_{id}".format(target='machine' if is_machine else 'user', id=who), session_id, proc_args_list)
return 0
def setPasswd(self, passwd):
logger.verbose(
"{mod}: Request to change password for local user \"%s\"" %
(self.__user_name))
return tools.process.execProcess(
config.value(SERVICE_NAME, "chpasswd_bin"),
proc_input="%s:%s\n" % (self.__user_name, passwd),
fatal_flag=False,
confidential_input_flag=True)[2]
def addUser(self, user_name):
user_name = validators.os.validUserName(user_name)
logger.verbose("{mod}: Request to add user \"%s\" to NSS role \"%s\"" %
(user_name, self.__role_name))
proc_args_list = [
config.value(SERVICE_NAME, "usermod_bin"), "-a", "-G",
self.__role_name, user_name
]
return tools.process.execProcess(proc_args_list, fatal_flag=False)[2]
def setLock(self, lock_flag):
(lock_arg, lock_str) = (("-L", "lock") if lock_flag else
("-U", "unlock"))
logger.verbose("{mod}: Request to %s local user \"%s\"" %
(lock_str, self.__user_name))
proc_args_list = [
config.value(SERVICE_NAME, "usermod_bin"), lock_arg,
self.__user_name
]
return tools.process.execProcess(proc_args_list, fatal_flag=False)[2]
def setGid(self, gid):
if gid < 0:
raise validators.ValidatorError("Incorrect GID %d" % (gid))
logger.verbose(
"{mod}: Request to change gid for local user \"%s\", new gid=%d" %
(self.__user_name, gid))
proc_args_list = [
config.value(SERVICE_NAME, "usermod_bin"), "-g",
str(gid), self.__user_name
]
return tools.process.execProcess(proc_args_list, fatal_flag=False)[2]
def setHomePath(self, path):
if re.match(r"^[./\w\d]*$", path) == None:
raise validators.ValidatorError(
"Incorrect symbols in string \"%s\"" % (path))
logger.verbose(
"{mod}: Request to change home for local user \"%s\", new home=\"%s\""
% (self.__user_name, path))
proc_args_list = [
config.value(SERVICE_NAME, "usermod_bin"), "-d", path,
self.__user_name
]
return tools.process.execProcess(proc_args_list, fatal_flag=False)[2]
def removeUser(self, user_name, remove_data_flag):
user_name = validators.os.validUserName(user_name)
(remove_data_arg,
remove_data_str) = (("-r", " and its data") if remove_data_flag else
("", ""))
logger.verbose("{mod}: Request to remove local user \"%s\"%s" %
(user_name, remove_data_str))
proc_args_list = [
config.value(SERVICE_NAME, "userdel_bin"), remove_data_arg,
user_name
]
return tools.process.execProcess(proc_args_list, fatal_flag=False)[2]
def addUser(self, user_name, uid, gid):
user_name = validators.os.validUserName(user_name)
(uid_args_list, uid_str) = ((["-u", str(uid)],
str(uid)) if uid >= 0 else ([], "auto"))
(gid_args_list, gid_str) = ((["-g", str(gid)],
str(gid)) if gid >= 0 else ([], "auto"))
logger.verbose(
"{mod}: Request to add local user \"%s\" with uid=%s and gid=%s" %
(user_name, uid_str, gid_str))
proc_args_list = [config.value(SERVICE_NAME, "useradd_bin")
] + uid_args_list + gid_args_list + [user_name]
return tools.process.execProcess(proc_args_list, fatal_flag=False)[2]
def setComment(self, text):
if re.match(r"^[@<>./\w\d \t]*$", text) == None:
raise validators.ValidatorError(
"Incorrect symbols in string \"%s\"" % (text))
logger.verbose(
"{mod}: Request to change comment for local user \"%s\", new comment=\"%s\""
% (self.__user_name, text))
proc_args_list = [
config.value(SERVICE_NAME, "usermod_bin"), "-c", text,
self.__user_name
]
return tools.process.execProcess(proc_args_list, fatal_flag=False)[2]
def removeUser(self, user_name):
user_name = validators.os.validUserName(user_name)
users_list = grp.getgrnam(self.__role_name).gr_mem
users_list.remove(self.__role_name)
users = ",".join(users_list)
logger.verbose(
"{mod}: Request to remove user \"%s\" from NSS role \"%s\"" %
(user_name, self.__role_name))
proc_args_list = [
config.value(SERVICE_NAME, "usermod_bin"), "-G", users, user_name
]
return tools.process.execProcess(proc_args_list, fatal_flag=False)[2]
def removeRole(self, role_name):
role_name = validators.os.validGroupName(role_name)
rid = grp.getgrnam(role_name).gr_gid
logger.verbose("{mod}: Request to remove NSS role \"%s\" (rid=%d)" %
(role_name, rid))
editor = tools.editors.PlainEditor(delimiter=":",
spaces_list=[],
quotes_list=[])
editor.open(config.value(SERVICE_NAME, "role_conf"))
editor.setValue(str(rid), None)
editor.save()
editor.close()
return 0
def reload(self) :
for proc_list_item in os.listdir("/proc") :
try :
proc_pid = int(proc_list_item)
except :
continue
cmdline_file_path = os.path.join("/proc", proc_list_item, "cmdline")
cmdline_file = open(cmdline_file_path)
cmdline_list = cmdline_file.read().split("\0")
try :
cmdline_file.close()
except : pass
if len(cmdline_list) >= 1 and os.path.basename(cmdline_list[0]) == "dnsmasq" :
os.kill(proc_pid, signal.SIGHUP)
logger.verbose("{mod}: Sended signal to dnsmasq with pid \"%d\" for re-read configs" % (proc_pid))
return
raise NoDnsmasqProcess("Dnsmasq process is not found")
def initService(self):
shared.Functions.addShared(LOCAL_USERS_SHARED_NAME)
shared.Functions.addSharedObject(LOCAL_USERS_OBJECT_NAME,
self.__local_users)
logger.verbose("{mod}: First local users request...")
local_users_shared = shared.Functions.shared(LOCAL_USERS_SHARED_NAME)
user_count = 0
for user_name in self.localUsers():
dbus_user_name = re.sub(r"[^\w\d_]", "_", user_name)
local_users_shared.addSharedObject(
dbus_user_name,
LocalUser(user_name,
tools.dbus.joinPath(SERVICE_NAME, dbus_user_name),
self))
user_count += 1
logger.verbose("{mod}: Added %d local users" % (user_count))
passwd_config_subdir_path = os.path.dirname(
config.value(SERVICE_NAME, "passwd_conf"))
self.__watch_manager.add_watch(
passwd_config_subdir_path,
pyinotify.IN_DELETE | pyinotify.IN_CREATE | pyinotify.IN_MOVED_TO,
rec=True)
self.start()
logger.verbose("{mod}: Start polling inotify events for \"%s\"" %
(passwd_config_subdir_path))
def initService(self):
shared.Functions.addShared(NSS_ROLES_SHARED_NAME)
shared.Functions.addSharedObject(NSS_ROLES_OBJECT_NAME,
self.__nss_roles)
logger.verbose("{mod}: First NSS roles request...")
nss_roles_shared = shared.Functions.shared(NSS_ROLES_SHARED_NAME)
role_count = 0
for role_name in self.nssRoles():
dbus_role_name = re.sub(r"[^\w\d_]", "_", role_name)
nss_roles_shared.addSharedObject(
dbus_role_name,
NssRole(role_name,
tools.dbus.joinPath(SERVICE_NAME, dbus_role_name),
self))
role_count += 1
logger.verbose("{mod}: Added %d NSS roles" % (role_count))
role_config_subdir_path = os.path.dirname(
config.value(SERVICE_NAME, "role_conf"))
self.__watch_manager.add_watch(
role_config_subdir_path,
pyinotify.IN_DELETE | pyinotify.IN_CREATE | pyinotify.IN_MOVED_TO,
rec=True)
self.start()
logger.verbose("{mod}: Start polling inotify events for \"%s\"" %
(role_config_subdir_path))
def inotifyEvent(self, event):
if event.dir or not event.pathname in (
config.value(SERVICE_NAME, "passwd_conf"),
config.value(SERVICE_NAME, "shadow_conf"),
config.value(SERVICE_NAME, "login_defs_conf")):
return
user_names_list = self.localUsers()
dbus_user_names_list = [
re.sub(r"[^\w\d_]", "_", item) for item in user_names_list
]
local_users_shared = shared.Functions.shared(LOCAL_USERS_SHARED_NAME)
for count in xrange(len(user_names_list)):
if not local_users_shared.hasSharedObject(
dbus_user_names_list[count]):
local_users_shared.addSharedObject(
dbus_user_names_list[count],
LocalUser(
user_names_list[count],
tools.dbus.joinPath(SERVICE_NAME,
dbus_user_names_list[count]),
self))
logger.verbose("{mod}: Added local user \"%s\"" %
(user_names_list[count]))
for dbus_user_name in local_users_shared.sharedObjects().keys():
if not dbus_user_name in dbus_user_names_list:
user_name = local_users_shared.sharedObject(
dbus_user_name).realName()
local_users_shared.sharedObject(
dbus_user_name).removeFromConnection()
local_users_shared.removeSharedObject(dbus_user_name)
logger.verbose("{mod}: Removed local user \"%s\"" %
(user_name))
self.__local_users.usersChanged()
def inotifyEvent(self, event):
if event.dir or not event.pathname in (config.value(
SERVICE_NAME,
"role_conf"), config.value(SERVICE_NAME, "group_conf")):
return
role_names_list = self.nssRoles()
dbus_role_names_list = [
re.sub(r"[^\w\d_]", "_", item) for item in role_names_list
]
nss_roles_shared = shared.Functions.shared(NSS_ROLES_SHARED_NAME)
for count in xrange(len(roles_names_list)):
if not nss_roles_shared.hasSharedObject(
dbus_role_names_list[count]):
nss_roles_shared.addSharedObject(
dbus_role_names_list[count],
NssRole(
role_names_list[count],
tools.dbus.joinPath(SERVICE_NAME,
dbus_role_names_list[count]),
self))
logger.verbose("{mod}: Added NSS role \"%s\"" %
(role_names_list[count]))
for dbus_role_name in nss_roles_shared.sharedObjects().keys():
if not dbus_role_name in dbus_role_names_list:
role_name = nss_roles_shared.sharedObject(
dbus_role_name).realName()
nss_roles_shared.sharedObject(
dbus_role_name).removeFromConnection()
nss_roles_shared.removeSharedObject(dbus_role_name)
logger.verbose("{mod}: Removed NSS role \"%s\"" % (role_name))
self.__nss_roles.rolesChanged()
def initService(self) :
shared.Functions.addShared(DISKS_SMART_SHARED_NAME)
shared.Functions.addSharedObject(DISKS_SMART_SHARED_NAME, self.__disks_smart)
logger.verbose("{mod}: First devices request...")
disks_smart_shared = shared.Functions.shared(DISKS_SMART_SHARED_NAME)
disks_filter_regexp = re.compile(config.value(SERVICE_NAME, "disks_filter"))
devices_count = 0
for device in self.__udev_client.query_by_subsystem("block") :
device_name = device.get_name()
device_file_path = device.get_device_file()
if disks_filter_regexp.match(device_name) and self.smartAvailable(device_file_path) :
disks_smart_shared.addSharedObject(device_name, Disk(device_file_path,
tools.dbus.joinPath(DISKS_SMART_SHARED_NAME, device_name), self))
devices_count += 1
logger.verbose("{mod}: Added %d devices" % (devices_count))
self.__udev_client.connect("uevent", self.udevEvent)
logger.verbose("{mod}: Start polling udev events for \"block\"")
def disable(self, name):
logger.verbose("{mod}: Request to disable service \"%s\"" % name)
self._systemd_manager.DisableUnitFiles([name + '.service'], False, True)
def reload(self, name) :
logger.verbose("{mod}: Request to reload service \"%s\"" % name)
self._systemd_manager.ReloadUnit(name + '.service', 'replace')
def closeService(self) :
self.__udev_client.disconnect_by_func(self.udevEvent)
logger.verbose("{mod}: Stop polling udev events for \"block\"")
def stop(self, name) :
logger.verbose("{mod}: Request to stop service \"%s\"" % name)
self._systemd_manager.StopUnit(name + '.service', 'replace')
