def determine_username(username=None):
'''
Checks if the specified username is valid in order to prevent
unauthorized operations.
'''
name = username
# If username is not set then it will be the name
# of process owner.
if not username:
name = get_process_user()
logdata = dict({'username': name})
log('D2', logdata)
if not username_match_uid(name):
if not is_root():
raise Exception('Current process UID does not match specified username')
logdata = dict({'username': name})
log('D15', logdata)
return name
def __init__(self, username, is_machine):
self.storage = registry_factory('registry')
self.username = determine_username(username)
self.is_machine = is_machine
self.process_uname = get_process_user()
self.sid = get_sid(self.storage.get_info('domain'), self.username,
is_machine)
self.machine_appliers = dict({
'control':
control_applier(self.storage),
'polkit':
polkit_applier(self.storage),
'systemd':
systemd_applier(self.storage),
'firefox':
firefox_applier(self.storage, self.sid, self.username),
'chromium':
chromium_applier(self.storage, self.sid, self.username),
'shortcuts':
shortcut_applier(self.storage),
'gsettings':
gsettings_applier(self.storage),
'cups':
cups_applier(self.storage),
'package':
package_applier(self.storage)
})
# User appliers are expected to work with user-writable
# files and settings, mostly in $HOME.
self.user_appliers = dict({
'shortcuts':
shortcut_applier_user(self.storage, self.sid, self.username),
'gsettings':
gsettings_applier_user(self.storage, self.sid, self.username),
'cifs':
cifs_applier_user(self.storage, self.sid, self.username)
})
def __init__(self, username, is_machine):
self.storage = registry_factory('registry')
self.username = determine_username(username)
self.is_machine = is_machine
self.process_uname = get_process_user()
self.sid = get_sid(self.storage.get_info('domain'), self.username, is_machine)
self.machine_appliers = dict()
self.machine_appliers['control'] = control_applier(self.storage)
self.machine_appliers['polkit'] = polkit_applier(self.storage)
self.machine_appliers['systemd'] = systemd_applier(self.storage)
self.machine_appliers['firefox'] = firefox_applier(self.storage, self.sid, self.username)
self.machine_appliers['chromium'] = chromium_applier(self.storage, self.sid, self.username)
self.machine_appliers['shortcuts'] = shortcut_applier(self.storage)
self.machine_appliers['gsettings'] = gsettings_applier(self.storage)
self.machine_appliers['cups'] = cups_applier(self.storage)
self.machine_appliers['firewall'] = firewall_applier(self.storage)
self.machine_appliers['folders'] = folder_applier(self.storage, self.sid)
self.machine_appliers['package'] = package_applier(self.storage)
self.machine_appliers['ntp'] = ntp_applier(self.storage)
self.machine_appliers['envvar'] = envvar_applier(self.storage, self.sid)
# User appliers are expected to work with user-writable
# files and settings, mostly in $HOME.
self.user_appliers = dict()
self.user_appliers['shortcuts'] = shortcut_applier_user(self.storage, self.sid, self.username)
self.user_appliers['folders'] = folder_applier_user(self.storage, self.sid, self.username)
self.user_appliers['gsettings'] = gsettings_applier_user(self.storage, self.sid, self.username)
try:
self.user_appliers['cifs'] = cifs_applier_user(self.storage, self.sid, self.username)
except Exception as exc:
logdata = dict()
logdata['applier_name'] = 'cifs'
logdata['msg'] = str(exc)
log('E25', logdata)
self.user_appliers['package'] = package_applier_user(self.storage, self.sid, self.username)
self.user_appliers['polkit'] = polkit_applier_user(self.storage, self.sid, self.username)
self.user_appliers['envvar'] = envvar_applier_user(self.storage, self.sid, self.username)
def determine_username(username=None):
'''
Checks if the specified username is valid in order to prevent
unauthorized operations.
'''
name = username
# If username is not set then it will be the name
# of process owner.
if not username:
name = get_process_user()
logging.debug(
slogm(
'Username is not specified - will use username of current process'
))
if not username_match_uid(name):
if not is_root():
raise Exception(
'Current process UID does not match specified username')
logging.debug(slogm('Username for frontend is set to {}'.format(name)))
return name