def get_file(self, local_path=None, file_name=None): self.logger.debug('Getting file ...') try: tmp_file_name = str(Util.generate_uuid()) local_full_path = System.Ahenk.received_dir_path() + tmp_file_name sftp = paramiko.SFTPClient.from_transport(self.connection) sftp.get(self.target_path, local_full_path) if local_path is None: receive_path = System.Ahenk.received_dir_path() else: receive_path = local_path if file_name is not None: f_name = file_name else: f_name = str(Util.get_md5_file(local_full_path)) Util.rename_file(local_full_path, receive_path + f_name) self.logger.debug('File was downloaded to {0} from {1}'.format( receive_path, self.target_path)) except Exception as e: self.logger.warning( 'A problem occurred while downloading file. Exception message: {0}' .format(str(e))) raise return f_name
def execute_script(self, arg): try: self.logger.debug('Executing script...') messenger = Scope().get_instance().get_messenger() json_data = json.loads(arg) result_code, p_out, p_err = Util.execute(str(json_data['command'])) self.logger.debug('Executed script') data = dict() data['type'] = 'SCRIPT_RESULT' data['timestamp'] = str(Util.timestamp()) if result_code == 0: self.logger.debug('Command execution was finished successfully') try: temp_name = str(Util.generate_uuid()) temp_full_path = System.Ahenk.received_dir_path() + temp_name self.logger.debug('Writing result to file') Util.write_file(temp_full_path, str(p_out)) md5 = Util.get_md5_file(temp_full_path) Util.rename_file(temp_full_path, System.Ahenk.received_dir_path() + md5) file_manager = FileTransferManager(json_data['fileServerConf']['protocol'], json_data['fileServerConf']['parameterMap']) file_manager.transporter.connect() self.logger.debug('File transfer connection was created') success = file_manager.transporter.send_file(System.Ahenk.received_dir_path() + md5, md5) self.logger.debug('File was transferred') file_manager.transporter.disconnect() self.logger.debug('File transfer connection was closed') if success is False: self.logger.error('A problem occurred while file transferring') data['resultCode'] = '-1' data[ 'errorMessage'] = 'Command executed successfully but a problem occurred while sending result file' else: data['md5'] = md5 except Exception as e: self.logger.error( 'A problem occurred while file transferring. Error Message :{0}'.format( str(e))) raise else: self.logger.error( 'Command execution was failed. Error Message :{0}'.format(str(result_code))) data['resultCode'] = str(result_code) data['errorMessage'] = str(p_err) messenger.send_direct_message(json.dumps(data)) except Exception as e: self.logger.error( 'A problem occurred while running execute script action. Error Message :{0}'.format( str(e)))
def get_file(self): self.logger.debug('[FileTransfer] Getting file ...') file_md5 = None try: tmp_file_name = str(Util.generate_uuid()) local_full_path = System.Ahenk.received_dir_path() + tmp_file_name urllib.request.urlretrieve(self.url, local_full_path) file_md5 = str(Util.get_md5_file(local_full_path)) Util.rename_file(local_full_path, System.Ahenk.received_dir_path() + file_md5) self.logger.debug('File was downloaded to {0} from {1}'.format(local_full_path, self.url)) except Exception as e: self.logger.error( 'A problem occurred while downloading file. Exception message: {0}'.format(str(e))) raise return file_md5
def get_file(self): self.logger.debug('[FileTransfer] Getting file ...') file_md5 = None try: tmp_file_name = str(Util.generate_uuid()) local_full_path = System.Ahenk.received_dir_path() + tmp_file_name urllib.request.urlretrieve(self.url, local_full_path) file_md5 = str(Util.get_md5_file(local_full_path)) Util.rename_file(local_full_path, System.Ahenk.received_dir_path() + file_md5) self.logger.debug('File was downloaded to {0} from {1}'.format( local_full_path, self.url)) except Exception as e: self.logger.error( 'A problem occurred while downloading file. Exception message: {0}' .format(str(e))) raise return file_md5
def get_file(self, local_path=None, file_name=None): self.logger.debug('Getting file ...') try: tmp_file_name = str(Util.generate_uuid()) local_full_path = System.Ahenk.received_dir_path() + tmp_file_name sftp = paramiko.SFTPClient.from_transport(self.connection) sftp.get(self.target_path, local_full_path) if local_path is None: receive_path = System.Ahenk.received_dir_path() else: receive_path = local_path if file_name is not None: f_name = file_name else: f_name = str(Util.get_md5_file(local_full_path)) Util.rename_file(local_full_path, receive_path + f_name) self.logger.debug('File was downloaded to {0} from {1}'.format(receive_path, self.target_path)) except Exception as e: self.logger.warning('A problem occurred while downloading file. Exception message: {0}'.format(str(e))) raise return f_name
class DefaultPolicy: def __init__(self): scope = Scope().get_instance() self.logger = scope.get_logger() self.util = Util() ## default firefox policy for user def default_firefox_policy(self, username): exec_command = None firefox_path = None if self.util.is_exist("/usr/lib/firefox-esr/"): firefox_path = "/usr/lib/firefox-esr/" exec_command = "firefox-esr" elif self.util.is_exist('/opt/firefox-esr/'): firefox_path = "/opt/firefox-esr/" exec_command = "firefox-esr" elif self.util.is_exist('/usr/lib/iceweasel/'): firefox_path = "/usr/lib/iceweasel/" exec_command = "iceweasel" elif self.util.is_exist('/opt/firefox/'): firefox_path = "/opt/firefox/" exec_command = "firefox" else: self.logger.error('Firefox installation path not found') self.logger.info( "if mozilla profile is not created run firefox to create profile for user: "******"Get home directory is {0} of {1} for firefox default policy". format(homedir, username)) if not Util.is_exist("{0}/.mozilla/".format(homedir)): self.logger.info( "firefox profile does not exist. Check autostart file.") if not Util.is_exist("{0}/.config/autostart/".format(homedir)): self.logger.info( ".config/autostart folder does not exist. Creating folder." ) Util.create_directory("{0}/.config/autostart/".format(homedir)) else: self.logger.info(".config/autostart folder exists.") self.logger.info( "Checking if {0}-autostart-for-profile.desktop autorun file exists." .format(exec_command)) if not Util.is_exist( "{0}/.config/autostart/{1}-autostart-for-profile.desktop". format(homedir, exec_command)): self.logger.info( "{0}-autostart-for-profile.desktop autorun file does not exists. Creating file." .format(exec_command)) Util.create_file( "{0}/.config/autostart/{1}-autostart-for-profile.desktop". format(homedir, exec_command)) content = "[Desktop Entry]\n\n" \ "Type=Application\n\n" \ "Exec={0}{1} www.liderahenk.org".format(firefox_path, exec_command) Util.write_file( "{0}/.config/autostart/{1}-autostart-for-profile.desktop". format(homedir, exec_command), content) self.logger.info( "Autorun config is written to {0}-autostart-for-profile.desktop." .format(exec_command)) gid = self.util.file_group(homedir) cmd = "chown -R {0}:{1} {2}/.config/autostart".format( username, gid, homedir) self.util.execute(cmd) self.logger.info( "Set permissons for {0}/.config/autostart directory". format(homedir)) else: self.logger.info( "{0}-autostart-for-profile.desktop exists".format( exec_command)) else: self.logger.info( ".mozilla firefox profile path exists. Delete autorun file.") Util.delete_file( "{0}/.config/autostart/{1}-autostart-for-profile.desktop". format(homedir, exec_command)) ## disabled update package notify for user def disable_update_package_notify(self, username): homedir = self.util.get_homedir(username) self.logger.info( "Get home directory is {0} of {1} for disable update package notify" .format(homedir, username)) xfce4_notify_template_path = "/usr/share/ahenk/base/default_policy/config-files/xfce4-notifyd.xml" fileName = "{0}/.config/xfce4/xfconf/xfce-perchannel-xml/xfce4-notifyd.xml".format( homedir) if not self.util.is_exist(fileName): ## if configuration file does not exist will be create /home/{username}/.config/xfce4/xfconf/xfce-perchannel-xml/ self.logger.info("Configuration file does not exist") self.util.create_directory( "{0}/.config/xfce4/xfconf/xfce-perchannel-xml/".format( homedir)) self.logger.info( "Created directory {0}/.config/xfce4/xfconf/xfce-perchannel-xml/" .format(homedir)) self.util.copy_file( xfce4_notify_template_path, "{0}/.config/xfce4/xfconf/xfce-perchannel-xml/".format( homedir)) self.logger.info("Copy xfce4-notifyd.xml template file") gid = self.util.file_group(homedir) cmd = "chown -R {0}:{1} {2}/.config".format(username, gid, homedir) self.util.execute(cmd) self.logger.info( "Set permissons for {0}/.config directory".format(homedir)) self.notifyd_xml_parser(username, homedir) else: self.logger.info("Configuration file exist") self.notifyd_xml_parser(username, homedir) pk_update_icon_file = "/etc/xdg/autostart/pk-update-icon.desktop" if self.util.is_exist(pk_update_icon_file): self.logger.info("{0} file exists".format(pk_update_icon_file)) self.util.rename_file(pk_update_icon_file, pk_update_icon_file + ".ahenk") self.logger.info( "Renamed from {0} to {0}.ahenk".format(pk_update_icon_file)) self.logger.info("Disabled autostart for pk-update-icon") else: self.logger.info("File not found") self.logger.info( "Disable notifications if there is a package update notification for user: "******"{0}/.config/xfce4/xfconf/xfce-perchannel-xml/xfce4-notifyd.xml".format( homedir) tree = ET.parse(fileName) root = tree.getroot() app_name_for_blocking = "pk-update-icon" element = root.find("./property/[@name='applications']") if element is None: self.logger.info("applications element could not be found.") else: element = root.find( "./property/property[@name='muted_applications']") if element is None: self.logger.info( "muted_applications element could not be found.") self.logger.info( "adding muted_applications element to applications tag.") element = root.find("./property/[@name='applications']") new_element = ET.SubElement(element, 'property') new_element.attrib["name"] = 'muted_applications' new_element.attrib["type"] = 'array' tree.write(fileName) else: self.logger.info("muted_applications tag exists.") self.logger.info("checking if '" + app_name_for_blocking + "' exists in muted_applications tag.") element = root.find( "./property/property[@name='muted_applications']/value[@value='{0}']" .format(app_name_for_blocking)) if element is None: self.logger.info( "'" + app_name_for_blocking + "' is not found in muted_applications element.") self.logger.info("'" + app_name_for_blocking + "' will be added to muted_applications tag.") element = root.find( "./property/property[@name='muted_applications']") new_element = ET.SubElement(element, 'value') new_element.attrib["type"] = 'string' new_element.attrib["value"] = app_name_for_blocking tree.write(fileName) else: self.logger.info( "'" + app_name_for_blocking + "' is already added to muted_applications tag.")
class ExecuteSSSDAdAuthentication: def __init__(self): scope = Scope().get_instance() self.logger = scope.get_logger() self.util = Util() self.system = System() def authenticate(self, domain_name, host_name, ip_address, password, ad_username, dynamic_dns_update): try: # Installation of required packages (result_code, p_out, p_err) = self.util.execute( "sudo apt-get -y install realmd") if (result_code == 0): self.logger.info("İndirmeler Başarılı") else: self.logger.error("İndirmeler Başarısız : " + str(p_err)) # Split datas that Lider send self.logger.info(host_name) self.logger.info(ip_address) ip_address_split = ip_address.split(",") host_name_split = host_name.split(",") ip_address = ip_address_split[0] host_name = host_name_split[0] # Execute the commands that require for leave (result_code, p_out, p_err) = self.util.execute("realm leave") if (result_code == 0): self.logger.info("Realm Leave komutu başarılı") else: self.logger.error("Realm Leave komutu başarısız : " + str(p_err)) # Create and Configure ad_info file (result_code, p_out, p_err) = self.util.execute("touch /etc/ahenk/ad_info") if (result_code == 0): self.logger.info("AD INFO başarılı bir şekilde oluşturuldu") # Configure ad_info for deregisteration info default_ad_info_path = "/etc/ahenk/ad_info" file_default_ad_info = open(default_ad_info_path, 'r') file_data = file_default_ad_info.read() file_data = file_data + ("{}".format(ip_address_split)) + "\n" + ( "{}".format(host_name_split)) + "\n" + ( "{}".format(domain_name)) + "\n" + ("{}".format(ad_username)) self.logger.info("/etc/ahenk/ad_info bilgiler girildi.") file_default_ad_info.close() file_default_ad_info = open(default_ad_info_path, 'w') file_default_ad_info.write(file_data) file_default_ad_info.close() else: self.logger.error("ad_info oluşturma komutu başarısız : " + str(p_err)) self.logger.info("Authenticate starting....") # Configure /etc/dhcp/dhclient.conf dhclient_conf_path = "/etc/dhcp/dhclient.conf" dhc_conf = self.util.read_file_by_line(dhclient_conf_path, "r") dhc_conf_temp = open(dhclient_conf_path, 'w') for lines in dhc_conf: if (lines == "#prepend domain-name-servers 127.0.0.1;\n"): lines = lines.replace(lines, ("prepend domain-name-servers {};\n".format(ip_address))) dhc_conf_temp.write(lines) dhc_conf_temp.close() file_default_dhcp = open(dhclient_conf_path, 'r') file_data = file_default_dhcp.read() if ("prepend domain-name-servers {};\n".format(ip_address)) not in file_data: file_data = file_data + "\n" + ("prepend domain-name-servers {};".format(ip_address)) file_default_dhcp.close() file_default_dhcp = open(dhclient_conf_path, 'w') file_default_dhcp.write(file_data) file_default_dhcp.close() # Configure /etc/resolv.conf resolve_conf_path = "/etc/resolv.conf" resolve_conf = self.util.read_file_by_line(resolve_conf_path, "r") resolve_conf_temp = open(resolve_conf_path, 'w') for lines in resolve_conf: if (lines == ("nameserver {}\n".format(ip_address))): continue lines = lines.replace(lines, ("#" + lines)) resolve_conf_temp.write(lines) resolve_conf_temp.close() file_default_resolve = open(resolve_conf_path, 'r') file_data = file_default_resolve.read() if ("nameserver {}\n".format(ip_address)) not in file_data: file_data = file_data + "\n" + ("nameserver {}\n".format(ip_address)) self.logger.info("/etc/resolv.conf is configured") file_default_resolve.close() file_default_resolve = open(resolve_conf_path, 'w') file_default_resolve.write(file_data) file_default_resolve.close() # Configure /etc/hosts host_path = "/etc/hosts" file_default_hosts = open(host_path, 'r') file_data = file_default_hosts.read() for ips, hostnames in zip(ip_address_split, host_name_split): file_data = file_data + "\n" + ips + " " + hostnames + " " + domain_name file_default_hosts.close() file_default_hosts = open(host_path, 'w') file_default_hosts.write(file_data) file_default_hosts.close() # Execute the script that required for "samba-common" and "krb5" (result_code, p_out, p_err) = self.util.execute( "/bin/bash /usr/share/ahenk/base/registration/scripts/ad.sh {0} {1}".format(domain_name.upper(), host_name)) if (result_code == 0): self.logger.info("Script başarılı bir şekilde çalıştırıldı.") else: self.logger.error("Script başarısız oldu : " + str(p_err)) # Installation of required packages (result_code, p_out, p_err) = self.util.execute( "sudo apt-get -y install sssd sssd-tools adcli packagekit samba-common-bin samba-libs") if (result_code == 0): self.logger.info("İndirmeler Başarılı") else: self.logger.error("İndirmeler Başarısız : " + str(p_err)) # Configure pam.d/common-session pamd_common_session_path = "/etc/pam.d/common-session" file_default_pam = open(pamd_common_session_path, 'r') file_data = file_default_pam.read() if "session optional pam_mkhomedir.so skel=/etc/skel umask=077" not in file_data: file_data = file_data + "\n" + "session optional pam_mkhomedir.so skel=/etc/skel umask=077" self.logger.info("/etc/pam.d/common-session is configured") file_default_pam.close() file_default_pam = open(pamd_common_session_path, 'w') file_default_pam.write(file_data) file_default_pam.close() self.discover_try_counter2 = 0 try: while (True): self.discover_try_counter2 = self.discover_try_counter2 + 1 if (self.discover_try_counter2 == 5): break else: (result_code, p_out, p_err) = self.util.execute("realm discover {}".format(domain_name.upper())) if (result_code == 0): self.logger.info("Realm Discover komutu başarılı") break else: self.logger.error("Realm Discover komutu başarısız : ") time.sleep(2) except Exception as e: self.logger.error(e) self.logger.info("Active Directory Discover işlemi esnasında hata oluştu.") self.join_try_counter = 0 try: while (True): self.join_try_counter = self.join_try_counter + 1 if (self.join_try_counter == 5): break else: (result_code, p_out, p_err) = self.util.execute( "echo \"{0}\" | realm join --user={1} {2}".format(password, ad_username, domain_name.upper())) if (result_code == 0): self.logger.info("Realm Join komutu başarılı") break else: self.logger.error("Realm Join komutu başarısız : ") time.sleep(2) except Exception as e: self.logger.error(e) self.logger.info("Active Directory Join işlemi esnasında hata oluştu.") # DynamicDNSUpdate in Active Directory if dynamic_dns_update == True: self.logger.info("dynamicDNSUpdate is Activated") # Installation of required packages (result_code, p_out, p_err) = self.util.execute( "sudo apt-get -y install dnsutils") if (result_code == 0): self.logger.info("İndirmeler Başarılı") else: self.logger.error("İndirmeler Başarısız : " + str(p_err)) # Configure sssd template sssd_config_template_path = "/usr/share/ahenk/base/registration/config-files/sssd_ad_dns.conf" sssd_config_folder_path = "/etc/sssd" sssd_config_file_path = "/etc/sssd/sssd.conf" if not self.util.is_exist(sssd_config_folder_path): self.util.create_directory(sssd_config_folder_path) self.logger.info("{0} folder is created".format(sssd_config_folder_path)) if self.util.is_exist(sssd_config_file_path): self.util.delete_file(sssd_config_file_path) self.logger.info("delete sssd org conf") self.util.copy_file(sssd_config_template_path, sssd_config_folder_path) self.logger.info( "{0} config file is copied under {1}".format(sssd_config_template_path, sssd_config_folder_path)) self.util.rename_file("/etc/sssd/sssd_ad_dns.conf", "/etc/sssd/sssd.conf") # Configure sssd.conf file_sssd = open(sssd_config_file_path, 'r') file_data = file_sssd.read() file_data = file_data.replace("###domains###", "domains = {}".format(domain_name)) file_data = file_data.replace("###[domain/###", "[domain/{}]".format(domain_name)) file_data = file_data.replace("###ad_domain###", "ad_domain = {}".format(domain_name)) file_data = file_data.replace("###krb5_realm###", "krb5_realm = {}".format(domain_name.upper())) file_data = file_data.replace("###ad_hostname###", "ad_hostname = {0}.{1}".format(self.system.Os.hostname(), domain_name.lower())) file_sssd.close() file_sssd = open(sssd_config_file_path, 'w') file_sssd.write(file_data) file_sssd.close() # Arrangement of chmod as 600 for sssd.conf (result_code, p_out, p_err) = self.util.execute("chmod 600 {}".format(sssd_config_file_path)) if (result_code == 0): self.logger.info("Chmod komutu başarılı bir şekilde çalıştırıldı") else: self.logger.error("Chmod komutu başarısız : " + str(p_err)) else: self.logger.info("dynamicDNSUpdate is NOT Activated") # Configure sssd template sssd_config_template_path = "/usr/share/ahenk/base/registration/config-files/sssd_ad.conf" sssd_config_folder_path = "/etc/sssd" sssd_config_file_path = "/etc/sssd/sssd.conf" if not self.util.is_exist(sssd_config_folder_path): self.util.create_directory(sssd_config_folder_path) self.logger.info("{0} folder is created".format(sssd_config_folder_path)) if self.util.is_exist(sssd_config_file_path): self.util.delete_file(sssd_config_file_path) self.logger.info("delete sssd org conf") self.util.copy_file(sssd_config_template_path, sssd_config_folder_path) self.logger.info( "{0} config file is copied under {1}".format(sssd_config_template_path, sssd_config_folder_path)) self.util.rename_file("/etc/sssd/sssd_ad.conf", "/etc/sssd/sssd.conf") # Configure sssd.conf file_sssd = open(sssd_config_file_path, 'r') file_data = file_sssd.read() file_data = file_data.replace("###domains###", "domains = {}".format(domain_name)) file_data = file_data.replace("###[domain/###", "[domain/{}]".format(domain_name)) file_data = file_data.replace("###ad_domain###", "ad_domain = {}".format(domain_name)) file_data = file_data.replace("###krb5_realm###", "krb5_realm = {}".format(domain_name.upper())) file_sssd.close() file_sssd = open(sssd_config_file_path, 'w') file_sssd.write(file_data) file_sssd.close() # Arrangement of chmod as 600 for sssd.conf (result_code, p_out, p_err) = self.util.execute("chmod 600 {}".format(sssd_config_file_path)) if (result_code == 0): self.logger.info("Chmod komutu başarılı bir şekilde çalıştırıldı") else: self.logger.error("Chmod komutu başarısız : " + str(p_err)) # Configure krb5 template krb5_config_template_path = "/usr/share/ahenk/base/registration/config-files/krb5_ad.conf" krb5_config_folder_path = "/etc" krb5_config_file_path = "/etc/krb5.conf" if not self.util.is_exist(krb5_config_folder_path): self.util.create_directory(krb5_config_folder_path) self.logger.info("{0} folder is created".format(krb5_config_folder_path)) if self.util.is_exist(krb5_config_file_path): self.util.delete_file(krb5_config_file_path) self.logger.info("delete krb5 org conf") self.util.copy_file(krb5_config_template_path, krb5_config_folder_path) self.logger.info( "{0} config file is copied under {1}".format(krb5_config_template_path, krb5_config_folder_path)) self.util.rename_file("/etc/krb5_ad.conf", "/etc/krb5.conf") # Configure krb5_ad.conf file_krb5 = open(krb5_config_file_path, 'r') file_data = file_krb5.read() file_data = file_data.replace("###default_realm###", "default_realm = {}".format(domain_name.upper())) file_krb5.close() file_krb5 = open(krb5_config_file_path, 'w') file_krb5.write(file_data) file_krb5.close() # Arrangement of chmod as 644 for krb5_ad.conf (result_code, p_out, p_err) = self.util.execute("chmod 644 {}".format(krb5_config_file_path)) if (result_code == 0): self.logger.info("Chmod komutu başarılı bir şekilde çalıştırıldı") else: self.logger.error("Chmod komutu başarısız : " + str(p_err)) # Configure sssd for language environment default_sssd_path = "/etc/default/sssd" file_default_sssd = open(default_sssd_path, 'r') file_data = file_default_sssd.read() if not self.util.is_exist(default_sssd_path): self.util.create_directory(default_sssd_path) self.logger.info("{0} folder is created".format(default_sssd_path)) if self.util.is_exist(default_sssd_path): self.util.delete_file(default_sssd_path) self.logger.info("delete sssd org conf") if "LC_ALL=\"tr_CY.UTF-8\"" not in file_data: file_data = file_data + "\n" + "LC_ALL=\"tr_CY.UTF-8\"" self.logger.info("/etc/default/sssd is configured") file_default_sssd.close() file_default_sssd = open(default_sssd_path, 'w') file_default_sssd.write(file_data) file_default_sssd.close() self.util.execute("systemctl restart nscd.service") self.logger.info("AD Login operation has been completed.") self.logger.info("AD Login işlemi başarı ile sağlandı.") return True except Exception as e: self.logger.error(str(e)) self.logger.info("AD Login işlemi esnasında hata oluştu.") return False