def execute_script(self, arg): try: self.logger.debug('Executing script...') messenger = Scope().get_instance().get_messenger() json_data = json.loads(arg) result_code, p_out, p_err = Util.execute(str(json_data['command'])) self.logger.debug('Executed script') data = dict() data['type'] = 'SCRIPT_RESULT' data['timestamp'] = str(Util.timestamp()) if result_code == 0: self.logger.debug('Command execution was finished successfully') try: temp_name = str(Util.generate_uuid()) temp_full_path = System.Ahenk.received_dir_path() + temp_name self.logger.debug('Writing result to file') Util.write_file(temp_full_path, str(p_out)) md5 = Util.get_md5_file(temp_full_path) Util.rename_file(temp_full_path, System.Ahenk.received_dir_path() + md5) file_manager = FileTransferManager(json_data['fileServerConf']['protocol'], json_data['fileServerConf']['parameterMap']) file_manager.transporter.connect() self.logger.debug('File transfer connection was created') success = file_manager.transporter.send_file(System.Ahenk.received_dir_path() + md5, md5) self.logger.debug('File was transferred') file_manager.transporter.disconnect() self.logger.debug('File transfer connection was closed') if success is False: self.logger.error('A problem occurred while file transferring') data['resultCode'] = '-1' data[ 'errorMessage'] = 'Command executed successfully but a problem occurred while sending result file' else: data['md5'] = md5 except Exception as e: self.logger.error( 'A problem occurred while file transferring. Error Message :{0}'.format( str(e))) raise else: self.logger.error( 'Command execution was failed. Error Message :{0}'.format(str(result_code))) data['resultCode'] = str(result_code) data['errorMessage'] = str(p_err) messenger.send_direct_message(json.dumps(data)) except Exception as e: self.logger.error( 'A problem occurred while running execute script action. Error Message :{0}'.format( str(e)))
def delete_polkit_user(self): content = "[Configuration] \nAdminIdentities=unix-user:root" ahenk_policy_file = "/etc/polkit-1/localauthority.conf.d/99-ahenk-policy.conf" if not Util.is_exist(ahenk_policy_file): self.logger.info('Ahenk polkit file not found') else: Util.delete_file(ahenk_policy_file) Util.write_file(ahenk_policy_file, content) self.logger.info('Root added ahenk polkit file')
def ask(self, username, display): result = self.db_service.select('contract', ['content', 'title', 'id'], 'id =(select MAX(id) from contract)') if result is None or len(result) < 1: content = 'Ahenk kurulu bu bilgisayarda ilk defa oturum açıyorsunuz. ' \ 'Devam ederseniz Lider-Ahenk in bilgisayar üzeride yapacağı ' \ 'tüm işlemlere onay vermiş sayılacaksınız. Kabul ediyor musunuz?' \ ' \n(Tanımlanmış zaman aralığında olumlu cevaplandırmadığınız takdirde oturumunuz ' \ 'sonlandırılacaktır.)' title = 'Ahenk Kurulu Bilgisayar Kullanım Anlaşması' contract_id = '-1' else: content = str(result[0][0]) title = result[0][1] contract_id = result[0][2] try: agreement_path = System.Ahenk.received_dir_path( ) + Util.generate_uuid() Util.write_file(agreement_path, content) Util.set_permission(agreement_path, 777) command = 'export DISPLAY={0};su - {1} -c \'python3 {2} \"$(cat {3})\" \"{4}\"\''.format( display, username, self.ask_path, agreement_path, title) result_code, p_out, p_err = Util.execute(command) pout = str(p_out).replace('\n', '') if pout != 'Error': if pout == 'Y': self.logger.debug( 'Agreement was accepted by {0}.'.format(username)) self.db_service.update( 'agreement', self.db_service.get_cols('agreement'), [contract_id, username, Util.timestamp(), 'Y']) elif pout == 'N': self.db_service.update( 'agreement', self.db_service.get_cols('agreement'), [contract_id, username, Util.timestamp(), 'N']) self.logger.debug( 'Agreement was ignored by {0}. Session will be closed'. format(username)) else: self.logger.error( 'A problem occurred while executing ask.py. Error Message: {0}' .format(str(pout))) Util.delete_file(agreement_path) else: self.logger.error( 'A problem occurred while executing ask.py (Probably argument fault). Error Message: {0}' .format(str(pout))) except Exception as e: self.logger.error( 'A Problem occurred while displaying agreement. Error Message: {0}' .format(str(e)))
def default_firefox_policy(self, username): exec_command = None firefox_path = None if self.util.is_exist("/usr/lib/firefox-esr/"): firefox_path = "/usr/lib/firefox-esr/" exec_command = "firefox-esr" elif self.util.is_exist('/opt/firefox-esr/'): firefox_path = "/opt/firefox-esr/" exec_command = "firefox-esr" elif self.util.is_exist('/usr/lib/iceweasel/'): firefox_path = "/usr/lib/iceweasel/" exec_command = "iceweasel" elif self.util.is_exist('/opt/firefox/'): firefox_path = "/opt/firefox/" exec_command = "firefox" else: self.logger.error('Firefox installation path not found') self.logger.info("if mozilla profile is not created run firefox to create profile for user: "******"/home/" + username + "/.mozilla/"): self.logger.info("firefox profile does not exist. Check autostart file.") if not Util.is_exist("/home/" + username + "/.config/autostart/"): self.logger.info(".config/autostart folder does not exist. Creating folder.") Util.create_directory("/home/" + username + "/.config/autostart/") else: self.logger.info(".config/autostart folder exists.") self.logger.info( "Checking if {0}-autostart-for-profile.desktop autorun file exists.".format(exec_command)) if not Util.is_exist( "/home/" + username + "/.config/autostart/{0}-autostart-for-profile.desktop".format(exec_command)): self.logger.info( "{0}-autostart-for-profile.desktop autorun file does not exists. Creating file.".format( exec_command)) Util.create_file( "/home/" + username + "/.config/autostart/{0}-autostart-for-profile.desktop".format(exec_command)) content = "[Desktop Entry]\n\n" \ "Type=Application\n\n" \ "Exec={0}{1} www.liderahenk.org".format(firefox_path, exec_command) Util.write_file( "/home/" + username + "/.config/autostart/{0}-autostart-for-profile.desktop".format(exec_command), content) self.logger.info( "Autorun config is written to {0}-autostart-for-profile.desktop.".format(exec_command)) else: self.logger.info("{0}-autostart-for-profile.desktop exists".format(exec_command)) else: self.logger.info(".mozilla firefox profile path exists. Delete autorun file.") Util.delete_file( "/home/" + username + "/.config/autostart/{0}-autostart-for-profile.desktop".format(exec_command))
def create_sudo_polkit(self, username): content = "[Configuration] \nAdminIdentities=unix-user:{}".format( username) ahenk_policy_file = "/etc/polkit-1/localauthority.conf.d/99-ahenk-policy.conf" if not Util.is_exist(ahenk_policy_file): Util.create_file(ahenk_policy_file) Util.write_file(ahenk_policy_file, content) self.logger.debug( 'Ahenk polkit file created and user added.. User : {}'.format( username)) else: self.logger.debug('Writing result to file') Util.delete_file(ahenk_policy_file) Util.create_file(ahenk_policy_file) Util.write_file(ahenk_policy_file, content)
def ask(self, username, display): result = self.db_service.select('contract', ['content', 'title', 'id'], 'id =(select MAX(id) from contract)') if result is None or len(result) < 1: content = 'Ahenk kurulu bu bilgisayarda ilk defa oturum açıyorsunuz. ' \ 'Devam ederseniz Lider-Ahenk in bilgisayar üzeride yapacağı ' \ 'tüm işlemlere onay vermiş sayılacaksınız. Kabul ediyor musunuz?' \ ' \n(Tanımlanmış zaman aralığında olumlu cevaplandırmadığınız takdirde oturumunuz ' \ 'sonlandırılacaktır.)' title = 'Ahenk Kurulu Bilgisayar Kullanım Anlaşması' contract_id = '-1' else: content = str(result[0][0]) title = result[0][1] contract_id = result[0][2] try: agreement_path = System.Ahenk.received_dir_path() + Util.generate_uuid() Util.write_file(agreement_path, content) Util.set_permission(agreement_path, 777) command = 'export DISPLAY={0};su - {1} -c \'python3 {2} \"$(cat {3})\" \"{4}\"\''.format(display, username, self.ask_path, agreement_path, title) result_code, p_out, p_err = Util.execute(command) pout = str(p_out).replace('\n', '') if pout != 'Error': if pout == 'Y': self.logger.debug('Agreement was accepted by {0}.'.format(username)) self.db_service.update('agreement', self.db_service.get_cols('agreement'), [contract_id, username, Util.timestamp(), 'Y']) elif pout == 'N': self.db_service.update('agreement', self.db_service.get_cols('agreement'), [contract_id, username, Util.timestamp(), 'N']) self.logger.debug( 'Agreement was ignored by {0}. Session will be closed'.format(username)) else: self.logger.error( 'A problem occurred while executing ask.py. Error Message: {0}'.format(str(pout))) Util.delete_file(agreement_path) else: self.logger.error( 'A problem occurred while executing ask.py (Probably argument fault). Error Message: {0}'.format( str(pout))) except Exception as e: self.logger.error( 'A Problem occurred while displaying agreement. Error Message: {0}'.format(str(e)))
def default_firefox_policy(self, username): exec_command = None firefox_path = None if self.util.is_exist("/usr/lib/firefox-esr/"): firefox_path = "/usr/lib/firefox-esr/" exec_command = "firefox-esr" elif self.util.is_exist('/opt/firefox-esr/'): firefox_path = "/opt/firefox-esr/" exec_command = "firefox-esr" elif self.util.is_exist('/usr/lib/iceweasel/'): firefox_path = "/usr/lib/iceweasel/" exec_command = "iceweasel" elif self.util.is_exist('/opt/firefox/'): firefox_path = "/opt/firefox/" exec_command = "firefox" else: self.logger.error('Firefox installation path not found') self.logger.info( "if mozilla profile is not created run firefox to create profile for user: "******"Get home directory is {0} of {1} for firefox default policy". format(homedir, username)) if not Util.is_exist("{0}/.mozilla/".format(homedir)): self.logger.info( "firefox profile does not exist. Check autostart file.") if not Util.is_exist("{0}/.config/autostart/".format(homedir)): self.logger.info( ".config/autostart folder does not exist. Creating folder." ) Util.create_directory("{0}/.config/autostart/".format(homedir)) else: self.logger.info(".config/autostart folder exists.") self.logger.info( "Checking if {0}-autostart-for-profile.desktop autorun file exists." .format(exec_command)) if not Util.is_exist( "{0}/.config/autostart/{1}-autostart-for-profile.desktop". format(homedir, exec_command)): self.logger.info( "{0}-autostart-for-profile.desktop autorun file does not exists. Creating file." .format(exec_command)) Util.create_file( "{0}/.config/autostart/{1}-autostart-for-profile.desktop". format(homedir, exec_command)) content = "[Desktop Entry]\n\n" \ "Type=Application\n\n" \ "Exec={0}{1} www.liderahenk.org".format(firefox_path, exec_command) Util.write_file( "{0}/.config/autostart/{1}-autostart-for-profile.desktop". format(homedir, exec_command), content) self.logger.info( "Autorun config is written to {0}-autostart-for-profile.desktop." .format(exec_command)) gid = self.util.file_group(homedir) cmd = "chown -R {0}:{1} {2}/.config/autostart".format( username, gid, homedir) self.util.execute(cmd) self.logger.info( "Set permissons for {0}/.config/autostart directory". format(homedir)) else: self.logger.info( "{0}-autostart-for-profile.desktop exists".format( exec_command)) else: self.logger.info( ".mozilla firefox profile path exists. Delete autorun file.") Util.delete_file( "{0}/.config/autostart/{1}-autostart-for-profile.desktop". format(homedir, exec_command))
class ExecuteLDAPLogin: def __init__(self): scope = Scope().get_instance() self.logger = scope.get_logger() self.util = Util() def login(self, server_address, dn, version, admin_dn, admin_password): try: self.logger.info("----------------> server_address: " + server_address) self.logger.info("----------------> dn: " + dn) self.logger.info("----------------> version: " + version) self.logger.info("----------------> admin_dn: " + admin_dn) self.logger.info("----------------> admin_password: "******"/bin/bash /usr/share/ahenk/base/registration/scripts/test.sh") (result_code, p_out, p_err) = self.util.execute( "/bin/bash /usr/share/ahenk/base/registration/scripts/ldap-login.sh {0} {1} {2} {3} {4}" .format(server_address, "\'" + dn + "\'", "\'" + admin_dn + "\'", "\'" + admin_password + "\'", version)) if result_code == 0: self.logger.info("Script has run successfully") else: self.logger.error("Script could not run successfully: " + p_err) # pattern for clearing file data from spaces, tabs and newlines pattern = re.compile(r'\s+') pam_scripts_original_directory_path = "/usr/share/ahenk/pam_scripts_original" ldap_back_up_file_path = "/usr/share/ahenk/pam_scripts_original/ldap" ldap_original_file_path = "/usr/share/pam-configs/ldap" ldap_configured_file_path = "/usr/share/ahenk/plugins/ldap-login/config-files/ldap" pam_script_back_up_file_path = "/usr/share/ahenk/pam_scripts_original/pam_script" pam_script_original_file_path = "/usr/share/pam-configs/pam_script" pam_script_configured_file_path = "/usr/share/ahenk/plugins/ldap-login/config-files/pam_script" # create pam_scripts_original directory if not exists if not self.util.is_exist(pam_scripts_original_directory_path): self.logger.info("Creating {0} directory.".format( pam_scripts_original_directory_path)) self.util.create_directory(pam_scripts_original_directory_path) if self.util.is_exist(ldap_back_up_file_path): self.logger.info("Changing {0} with {1}.".format( ldap_original_file_path, ldap_configured_file_path)) self.util.copy_file(ldap_configured_file_path, ldap_original_file_path) else: self.logger.info( "Backing up {0}".format(ldap_original_file_path)) self.util.copy_file(ldap_original_file_path, ldap_back_up_file_path) self.logger.info("{0} file is replaced with {1}.".format( ldap_original_file_path, ldap_configured_file_path)) self.util.copy_file(ldap_configured_file_path, ldap_original_file_path) if self.util.is_exist(pam_script_back_up_file_path): self.util.copy_file(pam_script_configured_file_path, pam_script_original_file_path) self.logger.info("{0} is replaced with {1}.".format( pam_script_original_file_path, pam_script_configured_file_path)) else: self.logger.info( "Backing up {0}".format(pam_script_original_file_path)) self.util.copy_file(pam_script_original_file_path, pam_script_back_up_file_path) self.logger.info("{0} file is replaced with {1}".format( pam_script_original_file_path, pam_script_configured_file_path)) self.util.copy_file(pam_script_configured_file_path, pam_script_original_file_path) (result_code, p_out, p_err) = self.util.execute( "DEBIAN_FRONTEND=noninteractive pam-auth-update --package") if result_code == 0: self.logger.info( "'DEBIAN_FRONTEND=noninteractive pam-auth-update --package' has run successfully" ) else: self.logger.error( "'DEBIAN_FRONTEND=noninteractive pam-auth-update --package' could not run successfully: " + p_err) # Configure nsswitch.conf file_ns_switch = open("/etc/nsswitch.conf", 'r') file_data = file_ns_switch.read() # cleared file data from spaces, tabs and newlines text = pattern.sub('', file_data) is_configuration_done_before = False if ("passwd:compatldap" not in text): file_data = file_data.replace("passwd: compat", "passwd: compat ldap") is_configuration_done_before = True if ("group:compatldap" not in text): file_data = file_data.replace("group: compat", "group: compat ldap") is_configuration_done_before = True if ("shadow:compatldap" not in text): file_data = file_data.replace("shadow: compat", "shadow: compat ldap") is_configuration_done_before = True if is_configuration_done_before: self.logger.info( "nsswitch.conf configuration has been completed") else: self.logger.info("nsswitch.conf is already configured") file_ns_switch.close() file_ns_switch = open("/etc/nsswitch.conf", 'w') file_ns_switch.write(file_data) file_ns_switch.close() # configure ldap-cache self.logger.info("Starting to ldap-cache configurations.") result_code, p_out, p_err = self.util.execute( "apt-get install nss-updatedb -y") if result_code != 0: self.logger.error( "Error occured while downloading nss-updatedb.") else: self.logger.info( "nss-updatedb downloaded successfully. Configuring /etc/nsswitch.conf." ) file_ns_switch = open("/etc/nsswitch.conf", 'r') file_data = file_ns_switch.read() # cleared file data from spaces, tabs and newlines text = pattern.sub('', file_data) did_configuration_change = False if "passwd:compatldap[NOTFOUND=return]db" not in text: file_data = file_data.replace( "passwd: compat ldap", "passwd: compat ldap [NOTFOUND=return] db") did_configuration_change = True if "group:compatldap[NOTFOUND=return]db" not in text: file_data = file_data.replace( "group: compat ldap", "group: compat ldap [NOTFOUND=return] db") did_configuration_change = True if "gshadow:files" in text and "#gshadow:files" not in text: file_data = file_data.replace("gshadow: files", "#gshadow: files") did_configuration_change = True if did_configuration_change: self.logger.info( "nsswitch.conf configuration has been configured for ldap cache." ) else: self.logger.info( "nsswitch.conf has already been configured for ldap cache." ) file_ns_switch.close() file_ns_switch = open("/etc/nsswitch.conf", 'w') file_ns_switch.write(file_data) file_ns_switch.close() self.util.execute("nss_updatedb ldap") # create cron job for ldap cache content = "#!/bin/bash\n" \ "nss-updatedb ldap" nss_update_cron_job_file_path = "/etc/cron.daily/nss-updatedb" if self.util.is_exist(nss_update_cron_job_file_path): self.logger.info( "{0} exists. File will be deleted and creating new one.". format(nss_update_cron_job_file_path)) self.util.delete_file(nss_update_cron_job_file_path) self.util.create_file(nss_update_cron_job_file_path) self.util.write_file(nss_update_cron_job_file_path, content, 'w+') self.util.execute("chmod +x " + nss_update_cron_job_file_path) else: self.logger.info( "{0} doesnt exist. File will be created and content will be written." .format(nss_update_cron_job_file_path)) self.util.create_file(nss_update_cron_job_file_path) self.util.write_file(nss_update_cron_job_file_path, content, 'w+') self.util.execute("chmod +x " + nss_update_cron_job_file_path) # configure /etc/libnss-ldap.conf libnss_ldap_file_path = "/etc/libnss-ldap.conf" content = "bind_policy hard" \ "\nnss_reconnect_tries 1" \ "\nnss_reconnect_sleeptime 1" \ "\nnss_reconnect_maxsleeptime 8" \ "\nnss_reconnect_maxconntries 2" if self.util.is_exist(libnss_ldap_file_path): self.logger.info("{0} exists.".format(libnss_ldap_file_path)) self.util.execute("sed -i '/bind_policy hard/c\\' " + libnss_ldap_file_path) self.util.execute("sed -i '/nss_reconnect_tries 1/c\\' " + libnss_ldap_file_path) self.util.execute("sed -i '/nss_reconnect_sleeptime 1/c\\' " + libnss_ldap_file_path) self.util.execute( "sed -i '/nss_reconnect_maxsleeptime 8/c\\' " + libnss_ldap_file_path) self.util.execute( "sed -i '/nss_reconnect_maxconntries 2/c\\' " + libnss_ldap_file_path) self.util.write_file(libnss_ldap_file_path, content, 'a+') self.logger.info("Configuration has been made to {0}.".format( libnss_ldap_file_path)) result_code, p_out, p_err = self.util.execute( "apt-get install libnss-db libpam-ccreds -y") if result_code != 0: self.logger.error( "Error occured while downloading libnss-db libpam-ccreds.") else: self.logger.error("libnss-db libpam-ccreds are downloaded.") # configure sudo-ldap sudo_ldap_conf_file_path = "/etc/sudo-ldap.conf" content = "sudoers_base ou=Roles," + dn \ + "\nBASE " + dn \ + "\nURI ldap://" + server_address # clean if config is already written self.util.execute("sed -i '/BASE /c\\' " + sudo_ldap_conf_file_path) self.util.execute("sed -i '/sudoers_base /c\\' " + sudo_ldap_conf_file_path) self.util.execute("sed -i '/URI /c\\' " + sudo_ldap_conf_file_path) if self.util.is_exist(sudo_ldap_conf_file_path): self.logger.info( "{0} exists.".format(sudo_ldap_conf_file_path)) self.util.write_file(sudo_ldap_conf_file_path, content, 'a+') self.logger.info( "Content is written to {0} successfully.".format( sudo_ldap_conf_file_path)) # Configure lightdm.service # check if 99-pardus-xfce.conf exists if not create pardus_xfce_path = "/usr/share/lightdm/lightdm.conf.d/99-pardus-xfce.conf" if not self.util.is_exist(pardus_xfce_path): self.logger.info("99-pardus-xfce.conf does not exist.") self.util.create_file(pardus_xfce_path) file_lightdm = open(pardus_xfce_path, 'a') file_lightdm.write("[Seat:*]\n") file_lightdm.write("greeter-hide-users=true") file_lightdm.close() self.logger.info("lightdm has been configured.") else: self.logger.info( "99-pardus-xfce.conf exists. Delete file and create new one." ) self.util.delete_file(pardus_xfce_path) self.util.create_file(pardus_xfce_path) file_lightdm = open(pardus_xfce_path, 'a') file_lightdm.write("[Seat:*]") file_lightdm.write("greeter-hide-users=true") file_lightdm.close() self.logger.info("lightdm.conf has been configured.") self.util.execute("systemctl restart nscd.service") self.util.execute("pam-auth-update --force") self.logger.info("LDAP Login operation has been completed.") self.logger.info("LDAP Login işlemi başarı ile sağlandı.") except Exception as e: self.logger.error(str(e)) self.logger.info("LDAP Login işlemi esnasında hata oluştu.") raise Exception( 'LDAP Ayarları yapılırken hata oluştu. Lütfen ağ bağlantınızı kontrol ediniz. Deponuzun güncel olduğundan emin olunuz.' )