def create_pulseaudio_autostart(self): pulseaudio_des_path = "/etc/xdg/autostart/ahenk.pulseaudio.start.desktop" pulseaudio_src_path = "/usr/share/ahenk/base/default_policy/config-files/ahenk.pulseaudio.start.desktop" pulseaudio_old_file = "/etc/xdg/autostart/ahenk.pulseaudio.desktop" if Util.is_exist(pulseaudio_old_file): Util.delete_file(pulseaudio_old_file) if not Util.is_exist(pulseaudio_des_path): Util.copy_file(pulseaudio_src_path, pulseaudio_des_path) self.logger.info("Copy pulseaudio autostart file") else: self.logger.info("Pulseaudio autostart file already exist")
class ExecuteSSSDAuthentication: def __init__(self): scope = Scope().get_instance() self.logger = scope.get_logger() self.util = Util() def authenticate(self, server_address, dn, admin_dn, admin_password): try: ldap_pwdlockout_dn = "ou=PasswordPolicies" + "," + dn # pattern for clearing file data from spaces, tabs and newlines pattern = re.compile(r'\s+') sssd_config_template_path = "/usr/share/ahenk/base/registration/config-files/sssd.conf" sssd_config_folder_path = "/etc/sssd" sssd_config_file_path = "/etc/sssd/sssd.conf" sssd_language_conf = "/etc/default/sssd" common_session_conf_path = "/etc/pam.d/common-session" # copy configuration file to /etc/sssd/sssd.conf before package installation # create sssd folder in /etc if not self.util.is_exist(sssd_config_folder_path): self.util.create_directory(sssd_config_folder_path) self.logger.info( "{0} folder is created".format(sssd_config_folder_path)) # Copy sssd.conf template under /etc/sssd self.util.copy_file(sssd_config_template_path, sssd_config_folder_path) self.logger.info("{0} config file is copied under {1}".format( sssd_config_template_path, sssd_config_folder_path)) # Configure sssd.conf file_sssd = open(sssd_config_file_path, 'r') file_data = file_sssd.read() file_data = file_data.replace( "###ldap_pwdlockout_dn###", "ldap_pwdlockout_dn = " + ldap_pwdlockout_dn) file_data = file_data.replace( "###ldap_uri###", "ldap_uri = " + "ldap://" + server_address + "/") file_data = file_data.replace("###ldap_default_bind_dn###", "ldap_default_bind_dn = " + admin_dn) file_data = file_data.replace( "###ldap_default_authtok###", "ldap_default_authtok = " + admin_password) file_data = file_data.replace("###ldap_search_base###", "ldap_search_base = " + dn) file_data = file_data.replace("###ldap_user_search_base###", "ldap_user_search_base = " + dn) file_data = file_data.replace("###ldap_group_search_base###", "ldap_group_search_base = " + dn) file_data = file_data.replace( "###ldap_sudo_search_base###", "ldap_sudo_search_base = ou=Role,ou=Groups," + dn) file_sssd.close() file_sssd = open(sssd_config_file_path, 'w') file_sssd.write(file_data) file_sssd.close() # Install libpam-sss sssd-common for sssd authentication (result_code, p_out, p_err) = self.util.execute( "sudo apt install libpam-sss sssd-common -y") if result_code != 0: self.logger.error("SSSD packages couldn't be downloaded.") return False (result_code, p_out, p_err) = self.util.execute( "chmod 600 {}".format(sssd_config_file_path)) if (result_code == 0): self.logger.info( "Chmod komutu başarılı bir şekilde çalıştırıldı") else: self.logger.error("Chmod komutu başarısız : " + str(p_err)) # configure common-session for creating home directories for ldap users file_common_session = open(common_session_conf_path, 'r') file_data = file_common_session.read() if "session optional pam_mkhomedir.so skel=/etc/skel umask=077" not in file_data: file_data = file_data + "\n" + "session optional pam_mkhomedir.so skel=/etc/skel umask=077" self.logger.info("common-session is configured") file_common_session.close() file_common_session = open(common_session_conf_path, 'w') file_common_session.write(file_data) file_common_session.close() # configure sssd for language environment file_default_sssd = open(sssd_language_conf, 'r') file_data = file_default_sssd.read() if "LC_ALL=\"tr_CY.UTF-8\"" not in file_data: file_data = file_data + "\n" + "LC_ALL=\"tr_CY.UTF-8\"" self.logger.info("/etc/default/sssd is configured") file_default_sssd.close() file_default_sssd = open(sssd_language_conf, 'w') file_default_sssd.write(file_data) file_default_sssd.close() self.logger.info("Restarting sssd service.") self.util.execute("systemctl restart sssd.service") # Configure nsswitch.conf file_ns_switch = open("/etc/nsswitch.conf", 'r') file_data = file_ns_switch.read() # cleared file data from spaces, tabs and newlines text = pattern.sub('', file_data) is_configuration_done_before = False if "passwd:compatsss" not in text and "passwd:compat" in text: file_data = file_data.replace("passwd: compat", "passwd: compat sss") is_configuration_done_before = True if "passwd:filessystemdsss" not in text and "passwd:filessystemd" in text: file_data = file_data.replace( "passwd: files systemd", "passwd: files systemd sss") is_configuration_done_before = True if "group:compatsss" not in text and "group:compat" in text: file_data = file_data.replace("group: compat", "group: compat sss") is_configuration_done_before = True if "group:filessystemdsss" not in text and "group:filessystemd" in text: file_data = file_data.replace( "group: files systemd", "group: files systemd sss") is_configuration_done_before = True if "shadow:compatsss" not in text and "shadow:compat" in text: file_data = file_data.replace("shadow: compat", "shadow: compat sss") is_configuration_done_before = True if "shadow:filessss" not in text and "shadow:files" in text: file_data = file_data.replace("shadow: files", "shadow: files sss") is_configuration_done_before = True if "services:dbfilessss" not in text: file_data = file_data.replace("services: db files", "services: db files sss") is_configuration_done_before = True if "netgroup:nissss" not in text: file_data = file_data.replace("netgroup: nis", "netgroup: nis sss") is_configuration_done_before = True if "sudoers:filessss" not in text and "sudoers:files" in text: file_data = file_data.replace("sudoers: files", "sudoers: files sss") is_configuration_done_before = True elif "sudoers:filessss" in text: is_configuration_done_before = False else: file_data = file_data + "sudoers: files sss" if is_configuration_done_before: self.logger.info( "nsswitch.conf configuration has been completed") else: self.logger.info("nsswitch.conf is already configured") file_ns_switch.close() file_ns_switch = open("/etc/nsswitch.conf", 'w') file_ns_switch.write(file_data) file_ns_switch.close() self.util.execute("systemctl restart nscd.service") # self.util.execute("pam-auth-update --force") self.logger.info("LDAP Login operation has been completed.") self.logger.info("LDAP Login işlemi başarı ile sağlandı.") return True except Exception as e: self.logger.error(str(e)) self.logger.info("LDAP Login işlemi esnasında hata oluştu.") return False
class ExecuteCancelLDAPLogin: def __init__(self): scope = Scope().get_instance() self.logger = scope.get_logger() self.util = Util() def cancel(self): self.logger.info('Purge ldap packages') self.util.execute("apt-get install sudo -y") self.util.execute( "apt purge libpam-ldap libnss-ldap ldap-utils sudo-ldap nss-updatedb libnss-db libpam-ccreds -y" ) self.util.execute("apt autoremove -y") self.logger.info('purging successfull') # pattern for clearing file data from spaces, tabs and newlines pattern = re.compile(r'\s+') ldap_back_up_file_path = "/usr/share/ahenk/pam_scripts_original/ldap" ldap_original_file_path = "/usr/share/pam-configs/ldap" pam_script_back_up_file_path = "/usr/share/ahenk/pam_scripts_original/pam_script" pam_script_original_file_path = "/usr/share/pam-configs/pam_script" if self.util.is_exist(ldap_back_up_file_path): self.logger.info("Replacing {0} with {1}".format( ldap_original_file_path, ldap_back_up_file_path)) self.util.copy_file(ldap_back_up_file_path, ldap_original_file_path) self.logger.info("Deleting {0}".format(ldap_back_up_file_path)) self.util.delete_file(ldap_back_up_file_path) if self.util.is_exist(pam_script_back_up_file_path): self.logger.info("Replacing {0} with {1}".format( pam_script_original_file_path, pam_script_back_up_file_path)) self.util.copy_file(pam_script_back_up_file_path, pam_script_original_file_path) self.logger.info( "Deleting {0}".format(pam_script_back_up_file_path)) self.util.delete_file(pam_script_back_up_file_path) (result_code, p_out, p_err) = self.util.execute( "DEBIAN_FRONTEND=noninteractive pam-auth-update --package") if result_code == 0: self.logger.info( "'DEBIAN_FRONTEND=noninteractive pam-auth-update --package' has run successfully" ) else: self.logger.error( "'DEBIAN_FRONTEND=noninteractive pam-auth-update --package' could not run successfully: " + p_err) # Configure nsswitch.conf file_ns_switch = open("/etc/nsswitch.conf", 'r') file_data = file_ns_switch.read() # cleared file data from spaces, tabs and newlines text = pattern.sub('', file_data) did_configuration_change = False if "passwd:compatldap[NOTFOUND=return]db" in text: file_data = file_data.replace( "passwd: compat ldap [NOTFOUND=return] db", "passwd: compat") did_configuration_change = True if "group:compatldap[NOTFOUND=return]db" in text: file_data = file_data.replace( "group: compat ldap [NOTFOUND=return] db", "group: compat") did_configuration_change = True if "shadow:compatldap" in text: file_data = file_data.replace("shadow: compat ldap", "shadow: compat") did_configuration_change = True if "#gshadow:files" in text: file_data = file_data.replace("#gshadow: files", "gshadow: files") did_configuration_change = True if did_configuration_change: self.logger.info("nsswitch.conf configuration has been configured") else: self.logger.info("nsswitch.conf has already been configured") file_ns_switch.close() file_ns_switch = open("/etc/nsswitch.conf", 'w') file_ns_switch.write(file_data) file_ns_switch.close() # Configure ldap-cache nss_update_cron_job_file_path = "/etc/cron.daily/nss-updatedb" if self.util.is_exist(nss_update_cron_job_file_path): self.util.delete_file(nss_update_cron_job_file_path) self.logger.info( "{0} is deleted.".format(nss_update_cron_job_file_path)) # Configure lightdm.service pardus_xfce_path = "/usr/share/lightdm/lightdm.conf.d/99-pardus-xfce.conf" if self.util.is_exist(pardus_xfce_path): self.logger.info("99-pardus-xfce.conf exists. Deleting file.") self.util.delete_file(pardus_xfce_path) self.util.execute("systemctl restart nscd.service") self.logger.info("Operation finished")
class DefaultPolicy: def __init__(self): scope = Scope().get_instance() self.logger = scope.get_logger() self.util = Util() ## default firefox policy for user def default_firefox_policy(self, username): exec_command = None firefox_path = None if self.util.is_exist("/usr/lib/firefox-esr/"): firefox_path = "/usr/lib/firefox-esr/" exec_command = "firefox-esr" elif self.util.is_exist('/opt/firefox-esr/'): firefox_path = "/opt/firefox-esr/" exec_command = "firefox-esr" elif self.util.is_exist('/usr/lib/iceweasel/'): firefox_path = "/usr/lib/iceweasel/" exec_command = "iceweasel" elif self.util.is_exist('/opt/firefox/'): firefox_path = "/opt/firefox/" exec_command = "firefox" else: self.logger.error('Firefox installation path not found') self.logger.info( "if mozilla profile is not created run firefox to create profile for user: "******"Get home directory is {0} of {1} for firefox default policy". format(homedir, username)) if not Util.is_exist("{0}/.mozilla/".format(homedir)): self.logger.info( "firefox profile does not exist. Check autostart file.") if not Util.is_exist("{0}/.config/autostart/".format(homedir)): self.logger.info( ".config/autostart folder does not exist. Creating folder." ) Util.create_directory("{0}/.config/autostart/".format(homedir)) else: self.logger.info(".config/autostart folder exists.") self.logger.info( "Checking if {0}-autostart-for-profile.desktop autorun file exists." .format(exec_command)) if not Util.is_exist( "{0}/.config/autostart/{1}-autostart-for-profile.desktop". format(homedir, exec_command)): self.logger.info( "{0}-autostart-for-profile.desktop autorun file does not exists. Creating file." .format(exec_command)) Util.create_file( "{0}/.config/autostart/{1}-autostart-for-profile.desktop". format(homedir, exec_command)) content = "[Desktop Entry]\n\n" \ "Type=Application\n\n" \ "Exec={0}{1} www.liderahenk.org".format(firefox_path, exec_command) Util.write_file( "{0}/.config/autostart/{1}-autostart-for-profile.desktop". format(homedir, exec_command), content) self.logger.info( "Autorun config is written to {0}-autostart-for-profile.desktop." .format(exec_command)) gid = self.util.file_group(homedir) cmd = "chown -R {0}:{1} {2}/.config/autostart".format( username, gid, homedir) self.util.execute(cmd) self.logger.info( "Set permissons for {0}/.config/autostart directory". format(homedir)) else: self.logger.info( "{0}-autostart-for-profile.desktop exists".format( exec_command)) else: self.logger.info( ".mozilla firefox profile path exists. Delete autorun file.") Util.delete_file( "{0}/.config/autostart/{1}-autostart-for-profile.desktop". format(homedir, exec_command)) ## disabled update package notify for user def disable_update_package_notify(self, username): homedir = self.util.get_homedir(username) self.logger.info( "Get home directory is {0} of {1} for disable update package notify" .format(homedir, username)) xfce4_notify_template_path = "/usr/share/ahenk/base/default_policy/config-files/xfce4-notifyd.xml" fileName = "{0}/.config/xfce4/xfconf/xfce-perchannel-xml/xfce4-notifyd.xml".format( homedir) if not self.util.is_exist(fileName): ## if configuration file does not exist will be create /home/{username}/.config/xfce4/xfconf/xfce-perchannel-xml/ self.logger.info("Configuration file does not exist") self.util.create_directory( "{0}/.config/xfce4/xfconf/xfce-perchannel-xml/".format( homedir)) self.logger.info( "Created directory {0}/.config/xfce4/xfconf/xfce-perchannel-xml/" .format(homedir)) self.util.copy_file( xfce4_notify_template_path, "{0}/.config/xfce4/xfconf/xfce-perchannel-xml/".format( homedir)) self.logger.info("Copy xfce4-notifyd.xml template file") gid = self.util.file_group(homedir) cmd = "chown -R {0}:{1} {2}/.config".format(username, gid, homedir) self.util.execute(cmd) self.logger.info( "Set permissons for {0}/.config directory".format(homedir)) self.notifyd_xml_parser(username, homedir) else: self.logger.info("Configuration file exist") self.notifyd_xml_parser(username, homedir) pk_update_icon_file = "/etc/xdg/autostart/pk-update-icon.desktop" if self.util.is_exist(pk_update_icon_file): self.logger.info("{0} file exists".format(pk_update_icon_file)) self.util.rename_file(pk_update_icon_file, pk_update_icon_file + ".ahenk") self.logger.info( "Renamed from {0} to {0}.ahenk".format(pk_update_icon_file)) self.logger.info("Disabled autostart for pk-update-icon") else: self.logger.info("File not found") self.logger.info( "Disable notifications if there is a package update notification for user: "******"{0}/.config/xfce4/xfconf/xfce-perchannel-xml/xfce4-notifyd.xml".format( homedir) tree = ET.parse(fileName) root = tree.getroot() app_name_for_blocking = "pk-update-icon" element = root.find("./property/[@name='applications']") if element is None: self.logger.info("applications element could not be found.") else: element = root.find( "./property/property[@name='muted_applications']") if element is None: self.logger.info( "muted_applications element could not be found.") self.logger.info( "adding muted_applications element to applications tag.") element = root.find("./property/[@name='applications']") new_element = ET.SubElement(element, 'property') new_element.attrib["name"] = 'muted_applications' new_element.attrib["type"] = 'array' tree.write(fileName) else: self.logger.info("muted_applications tag exists.") self.logger.info("checking if '" + app_name_for_blocking + "' exists in muted_applications tag.") element = root.find( "./property/property[@name='muted_applications']/value[@value='{0}']" .format(app_name_for_blocking)) if element is None: self.logger.info( "'" + app_name_for_blocking + "' is not found in muted_applications element.") self.logger.info("'" + app_name_for_blocking + "' will be added to muted_applications tag.") element = root.find( "./property/property[@name='muted_applications']") new_element = ET.SubElement(element, 'value') new_element.attrib["type"] = 'string' new_element.attrib["value"] = app_name_for_blocking tree.write(fileName) else: self.logger.info( "'" + app_name_for_blocking + "' is already added to muted_applications tag.")
class ExecuteLDAPLogin: def __init__(self): scope = Scope().get_instance() self.logger = scope.get_logger() self.util = Util() def login(self, server_address, dn, version, admin_dn, admin_password): try: self.logger.info("----------------> server_address: " + server_address) self.logger.info("----------------> dn: " + dn) self.logger.info("----------------> version: " + version) self.logger.info("----------------> admin_dn: " + admin_dn) self.logger.info("----------------> admin_password: "******"/bin/bash /usr/share/ahenk/base/registration/scripts/test.sh") (result_code, p_out, p_err) = self.util.execute( "/bin/bash /usr/share/ahenk/base/registration/scripts/ldap-login.sh {0} {1} {2} {3} {4}" .format(server_address, "\'" + dn + "\'", "\'" + admin_dn + "\'", "\'" + admin_password + "\'", version)) if result_code == 0: self.logger.info("Script has run successfully") else: self.logger.error("Script could not run successfully: " + p_err) # pattern for clearing file data from spaces, tabs and newlines pattern = re.compile(r'\s+') pam_scripts_original_directory_path = "/usr/share/ahenk/pam_scripts_original" ldap_back_up_file_path = "/usr/share/ahenk/pam_scripts_original/ldap" ldap_original_file_path = "/usr/share/pam-configs/ldap" ldap_configured_file_path = "/usr/share/ahenk/plugins/ldap-login/config-files/ldap" pam_script_back_up_file_path = "/usr/share/ahenk/pam_scripts_original/pam_script" pam_script_original_file_path = "/usr/share/pam-configs/pam_script" pam_script_configured_file_path = "/usr/share/ahenk/plugins/ldap-login/config-files/pam_script" # create pam_scripts_original directory if not exists if not self.util.is_exist(pam_scripts_original_directory_path): self.logger.info("Creating {0} directory.".format( pam_scripts_original_directory_path)) self.util.create_directory(pam_scripts_original_directory_path) if self.util.is_exist(ldap_back_up_file_path): self.logger.info("Changing {0} with {1}.".format( ldap_original_file_path, ldap_configured_file_path)) self.util.copy_file(ldap_configured_file_path, ldap_original_file_path) else: self.logger.info( "Backing up {0}".format(ldap_original_file_path)) self.util.copy_file(ldap_original_file_path, ldap_back_up_file_path) self.logger.info("{0} file is replaced with {1}.".format( ldap_original_file_path, ldap_configured_file_path)) self.util.copy_file(ldap_configured_file_path, ldap_original_file_path) if self.util.is_exist(pam_script_back_up_file_path): self.util.copy_file(pam_script_configured_file_path, pam_script_original_file_path) self.logger.info("{0} is replaced with {1}.".format( pam_script_original_file_path, pam_script_configured_file_path)) else: self.logger.info( "Backing up {0}".format(pam_script_original_file_path)) self.util.copy_file(pam_script_original_file_path, pam_script_back_up_file_path) self.logger.info("{0} file is replaced with {1}".format( pam_script_original_file_path, pam_script_configured_file_path)) self.util.copy_file(pam_script_configured_file_path, pam_script_original_file_path) (result_code, p_out, p_err) = self.util.execute( "DEBIAN_FRONTEND=noninteractive pam-auth-update --package") if result_code == 0: self.logger.info( "'DEBIAN_FRONTEND=noninteractive pam-auth-update --package' has run successfully" ) else: self.logger.error( "'DEBIAN_FRONTEND=noninteractive pam-auth-update --package' could not run successfully: " + p_err) # Configure nsswitch.conf file_ns_switch = open("/etc/nsswitch.conf", 'r') file_data = file_ns_switch.read() # cleared file data from spaces, tabs and newlines text = pattern.sub('', file_data) is_configuration_done_before = False if ("passwd:compatldap" not in text): file_data = file_data.replace("passwd: compat", "passwd: compat ldap") is_configuration_done_before = True if ("group:compatldap" not in text): file_data = file_data.replace("group: compat", "group: compat ldap") is_configuration_done_before = True if ("shadow:compatldap" not in text): file_data = file_data.replace("shadow: compat", "shadow: compat ldap") is_configuration_done_before = True if is_configuration_done_before: self.logger.info( "nsswitch.conf configuration has been completed") else: self.logger.info("nsswitch.conf is already configured") file_ns_switch.close() file_ns_switch = open("/etc/nsswitch.conf", 'w') file_ns_switch.write(file_data) file_ns_switch.close() # configure ldap-cache self.logger.info("Starting to ldap-cache configurations.") result_code, p_out, p_err = self.util.execute( "apt-get install nss-updatedb -y") if result_code != 0: self.logger.error( "Error occured while downloading nss-updatedb.") else: self.logger.info( "nss-updatedb downloaded successfully. Configuring /etc/nsswitch.conf." ) file_ns_switch = open("/etc/nsswitch.conf", 'r') file_data = file_ns_switch.read() # cleared file data from spaces, tabs and newlines text = pattern.sub('', file_data) did_configuration_change = False if "passwd:compatldap[NOTFOUND=return]db" not in text: file_data = file_data.replace( "passwd: compat ldap", "passwd: compat ldap [NOTFOUND=return] db") did_configuration_change = True if "group:compatldap[NOTFOUND=return]db" not in text: file_data = file_data.replace( "group: compat ldap", "group: compat ldap [NOTFOUND=return] db") did_configuration_change = True if "gshadow:files" in text and "#gshadow:files" not in text: file_data = file_data.replace("gshadow: files", "#gshadow: files") did_configuration_change = True if did_configuration_change: self.logger.info( "nsswitch.conf configuration has been configured for ldap cache." ) else: self.logger.info( "nsswitch.conf has already been configured for ldap cache." ) file_ns_switch.close() file_ns_switch = open("/etc/nsswitch.conf", 'w') file_ns_switch.write(file_data) file_ns_switch.close() self.util.execute("nss_updatedb ldap") # create cron job for ldap cache content = "#!/bin/bash\n" \ "nss-updatedb ldap" nss_update_cron_job_file_path = "/etc/cron.daily/nss-updatedb" if self.util.is_exist(nss_update_cron_job_file_path): self.logger.info( "{0} exists. File will be deleted and creating new one.". format(nss_update_cron_job_file_path)) self.util.delete_file(nss_update_cron_job_file_path) self.util.create_file(nss_update_cron_job_file_path) self.util.write_file(nss_update_cron_job_file_path, content, 'w+') self.util.execute("chmod +x " + nss_update_cron_job_file_path) else: self.logger.info( "{0} doesnt exist. File will be created and content will be written." .format(nss_update_cron_job_file_path)) self.util.create_file(nss_update_cron_job_file_path) self.util.write_file(nss_update_cron_job_file_path, content, 'w+') self.util.execute("chmod +x " + nss_update_cron_job_file_path) # configure /etc/libnss-ldap.conf libnss_ldap_file_path = "/etc/libnss-ldap.conf" content = "bind_policy hard" \ "\nnss_reconnect_tries 1" \ "\nnss_reconnect_sleeptime 1" \ "\nnss_reconnect_maxsleeptime 8" \ "\nnss_reconnect_maxconntries 2" if self.util.is_exist(libnss_ldap_file_path): self.logger.info("{0} exists.".format(libnss_ldap_file_path)) self.util.execute("sed -i '/bind_policy hard/c\\' " + libnss_ldap_file_path) self.util.execute("sed -i '/nss_reconnect_tries 1/c\\' " + libnss_ldap_file_path) self.util.execute("sed -i '/nss_reconnect_sleeptime 1/c\\' " + libnss_ldap_file_path) self.util.execute( "sed -i '/nss_reconnect_maxsleeptime 8/c\\' " + libnss_ldap_file_path) self.util.execute( "sed -i '/nss_reconnect_maxconntries 2/c\\' " + libnss_ldap_file_path) self.util.write_file(libnss_ldap_file_path, content, 'a+') self.logger.info("Configuration has been made to {0}.".format( libnss_ldap_file_path)) result_code, p_out, p_err = self.util.execute( "apt-get install libnss-db libpam-ccreds -y") if result_code != 0: self.logger.error( "Error occured while downloading libnss-db libpam-ccreds.") else: self.logger.error("libnss-db libpam-ccreds are downloaded.") # configure sudo-ldap sudo_ldap_conf_file_path = "/etc/sudo-ldap.conf" content = "sudoers_base ou=Roles," + dn \ + "\nBASE " + dn \ + "\nURI ldap://" + server_address # clean if config is already written self.util.execute("sed -i '/BASE /c\\' " + sudo_ldap_conf_file_path) self.util.execute("sed -i '/sudoers_base /c\\' " + sudo_ldap_conf_file_path) self.util.execute("sed -i '/URI /c\\' " + sudo_ldap_conf_file_path) if self.util.is_exist(sudo_ldap_conf_file_path): self.logger.info( "{0} exists.".format(sudo_ldap_conf_file_path)) self.util.write_file(sudo_ldap_conf_file_path, content, 'a+') self.logger.info( "Content is written to {0} successfully.".format( sudo_ldap_conf_file_path)) # Configure lightdm.service # check if 99-pardus-xfce.conf exists if not create pardus_xfce_path = "/usr/share/lightdm/lightdm.conf.d/99-pardus-xfce.conf" if not self.util.is_exist(pardus_xfce_path): self.logger.info("99-pardus-xfce.conf does not exist.") self.util.create_file(pardus_xfce_path) file_lightdm = open(pardus_xfce_path, 'a') file_lightdm.write("[Seat:*]\n") file_lightdm.write("greeter-hide-users=true") file_lightdm.close() self.logger.info("lightdm has been configured.") else: self.logger.info( "99-pardus-xfce.conf exists. Delete file and create new one." ) self.util.delete_file(pardus_xfce_path) self.util.create_file(pardus_xfce_path) file_lightdm = open(pardus_xfce_path, 'a') file_lightdm.write("[Seat:*]") file_lightdm.write("greeter-hide-users=true") file_lightdm.close() self.logger.info("lightdm.conf has been configured.") self.util.execute("systemctl restart nscd.service") self.util.execute("pam-auth-update --force") self.logger.info("LDAP Login operation has been completed.") self.logger.info("LDAP Login işlemi başarı ile sağlandı.") except Exception as e: self.logger.error(str(e)) self.logger.info("LDAP Login işlemi esnasında hata oluştu.") raise Exception( 'LDAP Ayarları yapılırken hata oluştu. Lütfen ağ bağlantınızı kontrol ediniz. Deponuzun güncel olduğundan emin olunuz.' )
class ExecuteSSSDAdAuthentication: def __init__(self): scope = Scope().get_instance() self.logger = scope.get_logger() self.util = Util() self.system = System() def authenticate(self, domain_name, host_name, ip_address, password, ad_username, dynamic_dns_update): try: # Installation of required packages (result_code, p_out, p_err) = self.util.execute( "sudo apt-get -y install realmd") if (result_code == 0): self.logger.info("İndirmeler Başarılı") else: self.logger.error("İndirmeler Başarısız : " + str(p_err)) # Split datas that Lider send self.logger.info(host_name) self.logger.info(ip_address) ip_address_split = ip_address.split(",") host_name_split = host_name.split(",") ip_address = ip_address_split[0] host_name = host_name_split[0] # Execute the commands that require for leave (result_code, p_out, p_err) = self.util.execute("realm leave") if (result_code == 0): self.logger.info("Realm Leave komutu başarılı") else: self.logger.error("Realm Leave komutu başarısız : " + str(p_err)) # Create and Configure ad_info file (result_code, p_out, p_err) = self.util.execute("touch /etc/ahenk/ad_info") if (result_code == 0): self.logger.info("AD INFO başarılı bir şekilde oluşturuldu") # Configure ad_info for deregisteration info default_ad_info_path = "/etc/ahenk/ad_info" file_default_ad_info = open(default_ad_info_path, 'r') file_data = file_default_ad_info.read() file_data = file_data + ("{}".format(ip_address_split)) + "\n" + ( "{}".format(host_name_split)) + "\n" + ( "{}".format(domain_name)) + "\n" + ("{}".format(ad_username)) self.logger.info("/etc/ahenk/ad_info bilgiler girildi.") file_default_ad_info.close() file_default_ad_info = open(default_ad_info_path, 'w') file_default_ad_info.write(file_data) file_default_ad_info.close() else: self.logger.error("ad_info oluşturma komutu başarısız : " + str(p_err)) self.logger.info("Authenticate starting....") # Configure /etc/dhcp/dhclient.conf dhclient_conf_path = "/etc/dhcp/dhclient.conf" dhc_conf = self.util.read_file_by_line(dhclient_conf_path, "r") dhc_conf_temp = open(dhclient_conf_path, 'w') for lines in dhc_conf: if (lines == "#prepend domain-name-servers 127.0.0.1;\n"): lines = lines.replace(lines, ("prepend domain-name-servers {};\n".format(ip_address))) dhc_conf_temp.write(lines) dhc_conf_temp.close() file_default_dhcp = open(dhclient_conf_path, 'r') file_data = file_default_dhcp.read() if ("prepend domain-name-servers {};\n".format(ip_address)) not in file_data: file_data = file_data + "\n" + ("prepend domain-name-servers {};".format(ip_address)) file_default_dhcp.close() file_default_dhcp = open(dhclient_conf_path, 'w') file_default_dhcp.write(file_data) file_default_dhcp.close() # Configure /etc/resolv.conf resolve_conf_path = "/etc/resolv.conf" resolve_conf = self.util.read_file_by_line(resolve_conf_path, "r") resolve_conf_temp = open(resolve_conf_path, 'w') for lines in resolve_conf: if (lines == ("nameserver {}\n".format(ip_address))): continue lines = lines.replace(lines, ("#" + lines)) resolve_conf_temp.write(lines) resolve_conf_temp.close() file_default_resolve = open(resolve_conf_path, 'r') file_data = file_default_resolve.read() if ("nameserver {}\n".format(ip_address)) not in file_data: file_data = file_data + "\n" + ("nameserver {}\n".format(ip_address)) self.logger.info("/etc/resolv.conf is configured") file_default_resolve.close() file_default_resolve = open(resolve_conf_path, 'w') file_default_resolve.write(file_data) file_default_resolve.close() # Configure /etc/hosts host_path = "/etc/hosts" file_default_hosts = open(host_path, 'r') file_data = file_default_hosts.read() for ips, hostnames in zip(ip_address_split, host_name_split): file_data = file_data + "\n" + ips + " " + hostnames + " " + domain_name file_default_hosts.close() file_default_hosts = open(host_path, 'w') file_default_hosts.write(file_data) file_default_hosts.close() # Execute the script that required for "samba-common" and "krb5" (result_code, p_out, p_err) = self.util.execute( "/bin/bash /usr/share/ahenk/base/registration/scripts/ad.sh {0} {1}".format(domain_name.upper(), host_name)) if (result_code == 0): self.logger.info("Script başarılı bir şekilde çalıştırıldı.") else: self.logger.error("Script başarısız oldu : " + str(p_err)) # Installation of required packages (result_code, p_out, p_err) = self.util.execute( "sudo apt-get -y install sssd sssd-tools adcli packagekit samba-common-bin samba-libs") if (result_code == 0): self.logger.info("İndirmeler Başarılı") else: self.logger.error("İndirmeler Başarısız : " + str(p_err)) # Configure pam.d/common-session pamd_common_session_path = "/etc/pam.d/common-session" file_default_pam = open(pamd_common_session_path, 'r') file_data = file_default_pam.read() if "session optional pam_mkhomedir.so skel=/etc/skel umask=077" not in file_data: file_data = file_data + "\n" + "session optional pam_mkhomedir.so skel=/etc/skel umask=077" self.logger.info("/etc/pam.d/common-session is configured") file_default_pam.close() file_default_pam = open(pamd_common_session_path, 'w') file_default_pam.write(file_data) file_default_pam.close() self.discover_try_counter2 = 0 try: while (True): self.discover_try_counter2 = self.discover_try_counter2 + 1 if (self.discover_try_counter2 == 5): break else: (result_code, p_out, p_err) = self.util.execute("realm discover {}".format(domain_name.upper())) if (result_code == 0): self.logger.info("Realm Discover komutu başarılı") break else: self.logger.error("Realm Discover komutu başarısız : ") time.sleep(2) except Exception as e: self.logger.error(e) self.logger.info("Active Directory Discover işlemi esnasında hata oluştu.") self.join_try_counter = 0 try: while (True): self.join_try_counter = self.join_try_counter + 1 if (self.join_try_counter == 5): break else: (result_code, p_out, p_err) = self.util.execute( "echo \"{0}\" | realm join --user={1} {2}".format(password, ad_username, domain_name.upper())) if (result_code == 0): self.logger.info("Realm Join komutu başarılı") break else: self.logger.error("Realm Join komutu başarısız : ") time.sleep(2) except Exception as e: self.logger.error(e) self.logger.info("Active Directory Join işlemi esnasında hata oluştu.") # DynamicDNSUpdate in Active Directory if dynamic_dns_update == True: self.logger.info("dynamicDNSUpdate is Activated") # Installation of required packages (result_code, p_out, p_err) = self.util.execute( "sudo apt-get -y install dnsutils") if (result_code == 0): self.logger.info("İndirmeler Başarılı") else: self.logger.error("İndirmeler Başarısız : " + str(p_err)) # Configure sssd template sssd_config_template_path = "/usr/share/ahenk/base/registration/config-files/sssd_ad_dns.conf" sssd_config_folder_path = "/etc/sssd" sssd_config_file_path = "/etc/sssd/sssd.conf" if not self.util.is_exist(sssd_config_folder_path): self.util.create_directory(sssd_config_folder_path) self.logger.info("{0} folder is created".format(sssd_config_folder_path)) if self.util.is_exist(sssd_config_file_path): self.util.delete_file(sssd_config_file_path) self.logger.info("delete sssd org conf") self.util.copy_file(sssd_config_template_path, sssd_config_folder_path) self.logger.info( "{0} config file is copied under {1}".format(sssd_config_template_path, sssd_config_folder_path)) self.util.rename_file("/etc/sssd/sssd_ad_dns.conf", "/etc/sssd/sssd.conf") # Configure sssd.conf file_sssd = open(sssd_config_file_path, 'r') file_data = file_sssd.read() file_data = file_data.replace("###domains###", "domains = {}".format(domain_name)) file_data = file_data.replace("###[domain/###", "[domain/{}]".format(domain_name)) file_data = file_data.replace("###ad_domain###", "ad_domain = {}".format(domain_name)) file_data = file_data.replace("###krb5_realm###", "krb5_realm = {}".format(domain_name.upper())) file_data = file_data.replace("###ad_hostname###", "ad_hostname = {0}.{1}".format(self.system.Os.hostname(), domain_name.lower())) file_sssd.close() file_sssd = open(sssd_config_file_path, 'w') file_sssd.write(file_data) file_sssd.close() # Arrangement of chmod as 600 for sssd.conf (result_code, p_out, p_err) = self.util.execute("chmod 600 {}".format(sssd_config_file_path)) if (result_code == 0): self.logger.info("Chmod komutu başarılı bir şekilde çalıştırıldı") else: self.logger.error("Chmod komutu başarısız : " + str(p_err)) else: self.logger.info("dynamicDNSUpdate is NOT Activated") # Configure sssd template sssd_config_template_path = "/usr/share/ahenk/base/registration/config-files/sssd_ad.conf" sssd_config_folder_path = "/etc/sssd" sssd_config_file_path = "/etc/sssd/sssd.conf" if not self.util.is_exist(sssd_config_folder_path): self.util.create_directory(sssd_config_folder_path) self.logger.info("{0} folder is created".format(sssd_config_folder_path)) if self.util.is_exist(sssd_config_file_path): self.util.delete_file(sssd_config_file_path) self.logger.info("delete sssd org conf") self.util.copy_file(sssd_config_template_path, sssd_config_folder_path) self.logger.info( "{0} config file is copied under {1}".format(sssd_config_template_path, sssd_config_folder_path)) self.util.rename_file("/etc/sssd/sssd_ad.conf", "/etc/sssd/sssd.conf") # Configure sssd.conf file_sssd = open(sssd_config_file_path, 'r') file_data = file_sssd.read() file_data = file_data.replace("###domains###", "domains = {}".format(domain_name)) file_data = file_data.replace("###[domain/###", "[domain/{}]".format(domain_name)) file_data = file_data.replace("###ad_domain###", "ad_domain = {}".format(domain_name)) file_data = file_data.replace("###krb5_realm###", "krb5_realm = {}".format(domain_name.upper())) file_sssd.close() file_sssd = open(sssd_config_file_path, 'w') file_sssd.write(file_data) file_sssd.close() # Arrangement of chmod as 600 for sssd.conf (result_code, p_out, p_err) = self.util.execute("chmod 600 {}".format(sssd_config_file_path)) if (result_code == 0): self.logger.info("Chmod komutu başarılı bir şekilde çalıştırıldı") else: self.logger.error("Chmod komutu başarısız : " + str(p_err)) # Configure krb5 template krb5_config_template_path = "/usr/share/ahenk/base/registration/config-files/krb5_ad.conf" krb5_config_folder_path = "/etc" krb5_config_file_path = "/etc/krb5.conf" if not self.util.is_exist(krb5_config_folder_path): self.util.create_directory(krb5_config_folder_path) self.logger.info("{0} folder is created".format(krb5_config_folder_path)) if self.util.is_exist(krb5_config_file_path): self.util.delete_file(krb5_config_file_path) self.logger.info("delete krb5 org conf") self.util.copy_file(krb5_config_template_path, krb5_config_folder_path) self.logger.info( "{0} config file is copied under {1}".format(krb5_config_template_path, krb5_config_folder_path)) self.util.rename_file("/etc/krb5_ad.conf", "/etc/krb5.conf") # Configure krb5_ad.conf file_krb5 = open(krb5_config_file_path, 'r') file_data = file_krb5.read() file_data = file_data.replace("###default_realm###", "default_realm = {}".format(domain_name.upper())) file_krb5.close() file_krb5 = open(krb5_config_file_path, 'w') file_krb5.write(file_data) file_krb5.close() # Arrangement of chmod as 644 for krb5_ad.conf (result_code, p_out, p_err) = self.util.execute("chmod 644 {}".format(krb5_config_file_path)) if (result_code == 0): self.logger.info("Chmod komutu başarılı bir şekilde çalıştırıldı") else: self.logger.error("Chmod komutu başarısız : " + str(p_err)) # Configure sssd for language environment default_sssd_path = "/etc/default/sssd" file_default_sssd = open(default_sssd_path, 'r') file_data = file_default_sssd.read() if not self.util.is_exist(default_sssd_path): self.util.create_directory(default_sssd_path) self.logger.info("{0} folder is created".format(default_sssd_path)) if self.util.is_exist(default_sssd_path): self.util.delete_file(default_sssd_path) self.logger.info("delete sssd org conf") if "LC_ALL=\"tr_CY.UTF-8\"" not in file_data: file_data = file_data + "\n" + "LC_ALL=\"tr_CY.UTF-8\"" self.logger.info("/etc/default/sssd is configured") file_default_sssd.close() file_default_sssd = open(default_sssd_path, 'w') file_default_sssd.write(file_data) file_default_sssd.close() self.util.execute("systemctl restart nscd.service") self.logger.info("AD Login operation has been completed.") self.logger.info("AD Login işlemi başarı ile sağlandı.") return True except Exception as e: self.logger.error(str(e)) self.logger.info("AD Login işlemi esnasında hata oluştu.") return False
class Registration: def __init__(self): scope = Scope().get_instance() self.logger = scope.get_logger() self.message_manager = scope.get_message_manager() self.event_manager = scope.get_event_manager() self.messenger = scope.get_messenger() self.conf_manager = scope.get_configuration_manager() self.db_service = scope.get_db_service() self.util = Util() self.servicename = 'im.liderahenk.org' self.local_user_disable = None #self.event_manager.register_event('REGISTRATION_RESPONSE', self.registration_process) self.event_manager.register_event('REGISTRATION_SUCCESS', self.registration_success) self.event_manager.register_event('REGISTRATION_ERROR', self.registration_error) self.ldap_login_cancel = ExecuteCancelSSSDAuthentication() self.ad_login_cancel = ExecuteCancelSSSDAdAuthentication() self.ldap_login = ExecuteSSSDAuthentication() self.ad_login = ExecuteSSSDAdAuthentication() self.directory_server = None if self.is_registered(): self.logger.debug('Ahenk already registered') else: self.register(True) def registration_request(self, hostname, username, password): self.logger.debug('Requesting registration') # SetupTimer.start(Timer(System.Ahenk.registration_timeout(), timeout_function=self.registration_timeout,checker_func=self.is_registered, kwargs=None)) self.servicename = self.conf_manager.get("CONNECTION", "servicename") self.host = hostname self.user_name = username self.user_password = password if (username is None and password is None and self.host is None): self.host = self.conf_manager.get("CONNECTION", "host") user_name = os.getlogin() self.logger.debug('User : '******'Makineyi Lider MYS sistemine kaydetmek için bilgileri ilgili alanlara giriniz. LÜTFEN DEVAM EDEN İŞLEMLERİ SONLANDIRDIĞINZA EMİN OLUNUZ !', 'LIDER MYS SISTEMINE KAYIT', self.host) self.logger.debug('pout : ' + str(pout)) field_values = pout.split(' ') user_registration_info = list(field_values) if self.host == '': self.host = user_registration_info[0] self.user_name = user_registration_info[1] self.user_password = user_registration_info[2] self.directory_server = user_registration_info[3] else: self.user_name = user_registration_info[0] self.user_password = user_registration_info[1] self.directory_server = user_registration_info[2] #anon_messenger = AnonymousMessenger(self.message_manager.registration_msg(user_name,user_password), self.host,self.servicename) #anon_messenger.connect_to_server() self.logger.debug('Requesting registration') SetupTimer.start( Timer(System.Ahenk.registration_timeout(), timeout_function=self.registration_timeout, checker_func=self.is_registered, kwargs=None)) anon_messenger = AnonymousMessenger( self.message_manager.registration_msg(self.user_name, self.user_password, self.directory_server), self.host, self.servicename) anon_messenger.connect_to_server() def ldap_registration_request(self): self.logger.info('Requesting LDAP registration') self.messenger.send_Direct_message( self.message_manager.ldap_registration_msg()) def registration_success(self, reg_reply): try: self.local_user_disable = reg_reply['disableLocalUser'] if self.local_user_disable is True: self.conf_manager.set('MACHINE', 'user_disabled', 'true') else: self.conf_manager.set('MACHINE', 'user_disabled', 'false') self.logger.info('LDAP Registration update starting') dn = str(reg_reply['agentDn']) self.logger.info('Current dn:' + dn) self.logger.info('updating host name and service') self.update_registration_attrs(dn) # lightdm configuration by desktop env is XFCE self.desktop_env = self.util.get_desktop_env() self.logger.info("Get desktop environment is {0}".format( self.desktop_env)) if self.desktop_env == "xfce": # Configure lightdm.service # check if 99-pardus-xfce.conf exists if not create pardus_xfce_path = "/usr/share/lightdm/lightdm.conf.d/99-pardus-xfce.conf" if not self.util.is_exist(pardus_xfce_path): self.logger.info("99-pardus-xfce.conf does not exist.") self.util.create_file(pardus_xfce_path) file_lightdm = open(pardus_xfce_path, 'a') file_lightdm.write("[Seat:*]\n") file_lightdm.write("greeter-hide-users=true") file_lightdm.close() self.logger.info("lightdm has been configured.") else: self.logger.info( "99-pardus-xfce.conf exists. Delete file and create new one." ) self.util.delete_file(pardus_xfce_path) self.util.create_file(pardus_xfce_path) file_lightdm = open(pardus_xfce_path, 'a') file_lightdm.write("[Seat:*]") file_lightdm.write("greeter-hide-users=true") file_lightdm.close() self.logger.info("lightdm.conf has been configured.") if self.desktop_env == "gnome": pardus_gnome_path = "/etc/gdm3/greeter.dconf-defaults" if not self.util.is_exist(pardus_gnome_path): self.logger.info("Gnome conf doesn't exist") else: reading_file = open(pardus_gnome_path, "r") new_file_content = "" for line in reading_file: stripped_line = line.strip() new_line = stripped_line.replace( "# disable-user-list=true", "disable-user-list=true") new_file_content += new_line + "\n" reading_file.close() writing_file = open(pardus_gnome_path, "w") writing_file.write(new_file_content) writing_file.close() self.logger.info("gdm.conf has been configured.") # LDAP registration if self.directory_server == "LDAP": self.install_and_config_ldap(reg_reply) # AD registration else: self.install_and_config_ad(reg_reply) except Exception as e: self.logger.error('Registration error. Error Message: {0}.'.format( str(e))) print(e) raise def update_registration_attrs(self, dn=None): self.logger.debug('Registration configuration is updating...') self.db_service.update('registration', ['dn', 'registered'], [dn, 1], ' registered = 0') if self.conf_manager.has_section('CONNECTION'): self.conf_manager.set( 'CONNECTION', 'uid', self.db_service.select_one_result('registration', 'jid', ' registered=1')) self.conf_manager.set( 'CONNECTION', 'password', self.db_service.select_one_result('registration', 'password', ' registered=1')) if self.host and self.servicename: self.conf_manager.set('CONNECTION', 'host', self.host) self.conf_manager.set('CONNECTION', 'servicename', self.servicename) # TODO get file path? with open('/etc/ahenk/ahenk.conf', 'w') as configfile: self.conf_manager.write(configfile) self.logger.debug('Registration configuration file is updated') def install_and_config_ldap(self, reg_reply): self.logger.info('ldap install process starting') server_address = str(reg_reply['ldapServer']) dn = str(reg_reply['ldapBaseDn']) version = str(reg_reply['ldapVersion']) admin_dn = str(reg_reply['ldapUserDn'] ) # get user full dn from server.. password same #admin_password = self.user_password # same user get from server admin_password = self.db_service.select_one_result( 'registration', 'password', ' registered=1') self.ldap_login.authenticate(server_address, dn, admin_dn, admin_password) if server_address != '' and dn != '' and version != '' and admin_dn != '' and admin_password != '': self.logger.info("SSSD configuration process starting....") self.logger.info("SSSD configuration process starting....") else: raise Exception( 'LDAP Ayarları yapılırken hata oluştu. Lütfen ağ bağlantınızı kontrol ediniz. Deponuzun güncel olduğundan emin olunuz.' ) def install_and_config_ad(self, reg_reply): self.logger.info('AD install process starting') domain_name = str(reg_reply['adDomainName']) host_name = str(reg_reply['adHostName']) ip_address = str(reg_reply['adIpAddress']) password = str(reg_reply['adAdminPassword']) ad_username = str(reg_reply['adAdminUserName']) if domain_name is None or host_name is None or ip_address is None or password is None: self.logger.error("Registration params is null") return self.ad_login.authenticate(domain_name, host_name, ip_address, password, ad_username) def registration_error(self, reg_reply): self.re_register() def is_registered(self): try: if str(System.Ahenk.uid()): return True else: return False except: return False def is_ldap_registered(self): dn = self.db_service.select_one_result('registration', 'dn', 'registered = 1') if dn is not None and dn != '': return True else: return False def register(self, uuid_depend_mac=False): cols = ['jid', 'password', 'registered', 'params', 'timestamp'] vals = [ str(System.Os.hostname()), str(self.generate_uuid(uuid_depend_mac)), 0, str(self.get_registration_params()), str(datetime.datetime.now().strftime("%d-%m-%Y %I:%M")) ] self.db_service.delete('registration', ' 1==1 ') self.db_service.update('registration', cols, vals) self.logger.debug('Registration parameters were created') def get_registration_params(self): parts = [] for part in System.Hardware.Disk.partitions(): parts.append(part[0]) params = { 'ipAddresses': str(System.Hardware.Network.ip_addresses()).replace('[', '').replace( ']', ''), 'macAddresses': str(System.Hardware.Network.mac_addresses()).replace('[', '').replace( ']', ''), 'hostname': System.Os.hostname(), 'os.name': System.Os.name(), 'os.version': System.Os.version(), 'os.kernel': System.Os.kernel_release(), 'os.distributionName': System.Os.distribution_name(), 'os.distributionId': System.Os.distribution_id(), 'os.distributionVersion': System.Os.distribution_version(), 'os.architecture': System.Os.architecture(), 'hardware.cpu.architecture': System.Hardware.Cpu.architecture(), 'hardware.cpu.logicalCoreCount': System.Hardware.Cpu.logical_core_count(), 'hardware.cpu.physicalCoreCount': System.Hardware.Cpu.physical_core_count(), 'hardware.disk.total': System.Hardware.Disk.total(), 'hardware.disk.used': System.Hardware.Disk.used(), 'hardware.disk.free': System.Hardware.Disk.free(), 'hardware.disk.partitions': str(parts), 'hardware.monitors': str(System.Hardware.monitors()), 'hardware.screens': str(System.Hardware.screens()), 'hardware.usbDevices': str(System.Hardware.usb_devices()), 'hardware.printers': str(System.Hardware.printers()), 'hardware.systemDefinitions': str(System.Hardware.system_definitions()), 'hardware.model.version': str(System.Hardware.machine_model()), 'hardware.memory.total': System.Hardware.Memory.total(), 'hardware.network.ipAddresses': str(System.Hardware.Network.ip_addresses()), 'sessions.userNames': str(System.Sessions.user_name()), 'bios.releaseDate': System.BIOS.release_date()[1].replace('\n', '') if System.BIOS.release_date()[0] == 0 else 'n/a', 'bios.version': System.BIOS.version()[1].replace('\n', '') if System.BIOS.version()[0] == 0 else 'n/a', 'bios.vendor': System.BIOS.vendor()[1].replace('\n', '') if System.BIOS.vendor()[0] == 0 else 'n/a', 'hardware.baseboard.manufacturer': System.Hardware.BaseBoard.manufacturer()[1].replace('\n', '') if System.Hardware.BaseBoard.manufacturer()[0] == 0 else 'n/a', 'hardware.baseboard.version': System.Hardware.BaseBoard.version()[1].replace('\n', '') if System.Hardware.BaseBoard.version()[0] == 0 else 'n/a', 'hardware.baseboard.assetTag': System.Hardware.BaseBoard.asset_tag()[1].replace('\n', '') if System.Hardware.BaseBoard.asset_tag()[0] == 0 else 'n/a', 'hardware.baseboard.productName': System.Hardware.BaseBoard.product_name()[1].replace('\n', '') if System.Hardware.BaseBoard.product_name()[0] == 0 else 'n/a', 'hardware.baseboard.serialNumber': System.Hardware.BaseBoard.serial_number()[1].replace('\n', '') if System.Hardware.BaseBoard.serial_number()[0] == 0 else 'n/a', } return json.dumps(params) def unregister(self): self.logger.debug('Ahenk is unregistering...') self.db_service.delete('registration', ' 1==1 ') self.logger.debug('Ahenk is unregistered') def re_register(self): self.logger.debug('Reregistrating...') self.unregister() self.register(False) def generate_uuid(self, depend_mac=True): if depend_mac is False: self.logger.debug('uuid creating randomly') return uuid.uuid4() # make a random UUID else: self.logger.debug('uuid creating according to mac address') return uuid.uuid3( uuid.NAMESPACE_DNS, str(get_mac()) ) # make a UUID using an MD5 hash of a namespace UUID and a mac address def generate_password(self): return uuid.uuid4() def registration_timeout(self): self.logger.error( 'Could not reach registration response from Lider. Be sure XMPP server is reachable and it supports anonymous message, Lider is running properly ' 'and it is connected to XMPP server! Check your Ahenk configuration file (/etc/ahenk/ahenk.conf)' ) self.logger.error('Ahenk is shutting down...') print('Ahenk is shutting down...') Util.show_message( os.getlogin(), ':0', "Lider MYS sistemine ulaşılamadı. Lütfen sunucu adresini kontrol ediniz....", "HATA") System.Process.kill_by_pid(int(System.Ahenk.get_pid_number())) def purge_and_unregister(self): try: self.logger.info('Ahenk conf cleaned') self.logger.info('Ahenk conf cleaning from db') self.unregister() directory_type = "LDAP" if self.util.is_exist("/etc/ahenk/ad_info"): directory_type = "AD" if directory_type == "LDAP": self.ldap_login_cancel.cancel() else: self.ad_login_cancel.cancel() self.logger.info('Cleaning ahenk conf..') self.clean() self.logger.info('Ahenk conf cleaned from db') if self.conf_manager.has_section('MACHINE'): user_disabled = self.conf_manager.get("MACHINE", "user_disabled") self.logger.info('User disabled value=' + str(user_disabled)) if user_disabled != 'false': self.logger.info('Enable Users') self.enable_local_users() else: self.logger.info('Local users already enabled') # İf desktop env is XFCE configured lightdm.service if self.util.get_desktop_env() == "xfce": pardus_xfce_path = "/usr/share/lightdm/lightdm.conf.d/99-pardus-xfce.conf" if self.util.is_exist(pardus_xfce_path): self.logger.info( "99-pardus-xfce.conf exists. Deleting file.") self.util.delete_file(pardus_xfce_path) if self.util.get_desktop_env() == "gnome": pardus_gnome_path = "/etc/gdm3/greeter.dconf-defaults" if not self.util.is_exist(pardus_gnome_path): self.logger.info("Gnome conf doesn't exist") else: reading_file = open(pardus_gnome_path, "r") new_file_content = "" for line in reading_file: stripped_line = line.strip() new_line = stripped_line.replace( "disable-user-list=true", "# disable-user-list=true") new_file_content += new_line + "\n" reading_file.close() writing_file = open(pardus_gnome_path, "w") writing_file.write(new_file_content) writing_file.close() self.logger.info("gdm.conf has been configured.") Util.shutdown() except Exception as e: self.logger.error( "Error while running purge_and_unregister process.. Error Message " + str(e)) #System.Process.kill_by_pid(int(System.Ahenk.get_pid_number())) #sys.exit(2) def change_configs_after_purge(self): # pattern for clearing file data from spaces, tabs and newlines pattern = re.compile(r'\s+') ldap_back_up_file_path = "/usr/share/ahenk/pam_scripts_original/ldap" ldap_original_file_path = "/usr/share/pam-configs/ldap" pam_script_back_up_file_path = "/usr/share/ahenk/pam_scripts_original/pam_script" pam_script_original_file_path = "/usr/share/pam-configs/pam_script" if self.util.is_exist(ldap_back_up_file_path): self.logger.info("Replacing {0} with {1}".format( ldap_original_file_path, ldap_back_up_file_path)) self.util.copy_file(ldap_back_up_file_path, ldap_original_file_path) self.logger.info("Deleting {0}".format(ldap_back_up_file_path)) self.util.delete_file(ldap_back_up_file_path) if self.util.is_exist(pam_script_back_up_file_path): self.logger.info("Replacing {0} with {1}".format( pam_script_original_file_path, pam_script_back_up_file_path)) self.util.copy_file(pam_script_back_up_file_path, pam_script_original_file_path) self.logger.info( "Deleting {0}".format(pam_script_back_up_file_path)) self.util.delete_file(pam_script_back_up_file_path) (result_code, p_out, p_err) = self.util.execute( "DEBIAN_FRONTEND=noninteractive pam-auth-update --package") if result_code == 0: self.logger.info( "'DEBIAN_FRONTEND=noninteractive pam-auth-update --package' has run successfully" ) else: self.logger.error( "'DEBIAN_FRONTEND=noninteractive pam-auth-update --package' could not run successfully: " + p_err) # Configure nsswitch.conf file_ns_switch = open("/etc/nsswitch.conf", 'r') file_data = file_ns_switch.read() # cleared file data from spaces, tabs and newlines text = pattern.sub('', file_data) did_configuration_change = False if "passwd:compatldap[NOTFOUND=return]db" in text: file_data = file_data.replace( "passwd: compat ldap [NOTFOUND=return] db", "passwd: compat") did_configuration_change = True if "group:compatldap[NOTFOUND=return]db" in text: file_data = file_data.replace( "group: compat ldap [NOTFOUND=return] db", "group: compat") did_configuration_change = True if "shadow:compatldap" in text: file_data = file_data.replace("shadow: compat ldap", "shadow: compat") did_configuration_change = True if "#gshadow:files" in text: file_data = file_data.replace("#gshadow: files", "gshadow: files") did_configuration_change = True if did_configuration_change: self.logger.info("nsswitch.conf configuration has been configured") else: self.logger.info("nsswitch.conf has already been configured") file_ns_switch.close() file_ns_switch = open("/etc/nsswitch.conf", 'w') file_ns_switch.write(file_data) file_ns_switch.close() # Configure ldap-cache nss_update_cron_job_file_path = "/etc/cron.daily/nss-updatedb" if self.util.is_exist(nss_update_cron_job_file_path): self.util.delete_file(nss_update_cron_job_file_path) self.logger.info( "{0} is deleted.".format(nss_update_cron_job_file_path)) # Configure lightdm.service pardus_xfce_path = "/usr/share/lightdm/lightdm.conf.d/99-pardus-xfce.conf" if self.util.is_exist(pardus_xfce_path): self.logger.info("99-pardus-xfce.conf exists. Deleting file.") self.util.delete_file(pardus_xfce_path) self.util.execute("systemctl restart nscd.service") self.logger.info("Operation finished") def clean(self): print('Ahenk cleaning..') import configparser try: config = configparser.ConfigParser() config._interpolation = configparser.ExtendedInterpolation() config.read(System.Ahenk.config_path()) db_path = config.get('BASE', 'dbPath') if Util.is_exist(System.Ahenk.fifo_file()): Util.delete_file(System.Ahenk.fifo_file()) if Util.is_exist(db_path): Util.delete_file(db_path) if Util.is_exist(System.Ahenk.pid_path()): Util.delete_file(System.Ahenk.pid_path()) config.set('CONNECTION', 'uid', '') config.set('CONNECTION', 'password', '') config.set('MACHINE', 'user_disabled', 'false') with open(System.Ahenk.config_path(), 'w') as file: config.write(file) file.close() print('Ahenk cleaned.') except Exception as e: self.logger.error( "Error while running clean command. Error Message " + str(e)) print( 'Error while running clean command. Error Message {0}'.format( str(e))) def enable_local_users(self): passwd_cmd = 'passwd -u {}' change_home = 'usermod -m -d {0} {1}' change_username = '******' content = self.util.read_file('/etc/passwd') for p in pwd.getpwall(): if not sysx.shell_is_interactive(p.pw_shell): continue if p.pw_uid == 0: continue if p.pw_name in content: new_home_dir = p.pw_dir.rstrip('-local/') + '/' new_username = p.pw_name.rstrip('-local') self.util.execute(passwd_cmd.format(p.pw_name)) self.util.execute( change_username.format(new_username, p.pw_name)) self.util.execute( change_home.format(new_home_dir, new_username)) self.logger.debug( "User: '******' will be enabled and changed username and home directory of username" .format(p.pw_name)) def disable_local_users(self): passwd_cmd = 'passwd -l {}' change_home = 'usermod -m -d {0} {1}' change_username = '******' content = Util.read_file('/etc/passwd') kill_all_process = 'killall -KILL -u {}' change_permisson = "chmod -R 700 {}" add_user_conf_file = "/etc/adduser.conf" file_dir_mode = open(add_user_conf_file, 'r') file_data = file_dir_mode.read() file_data = file_data.replace("DIR_MODE=0755", "DIR_MODE=0700") file_dir_mode.close() file_dir_mode = open(add_user_conf_file, 'w') file_dir_mode.write(file_data) file_dir_mode.close() self.logger.info("add user mode changed to 0700 in file {}".format( add_user_conf_file)) for p in pwd.getpwall(): self.logger.info( "User: '******' will be disabled and changed username and home directory of username" .format(p.pw_name)) if not sysx.shell_is_interactive(p.pw_shell): continue if p.pw_uid == 0: continue if p.pw_name in content: new_home_dir = p.pw_dir.rstrip('/') + '-local/' new_username = p.pw_name + '-local' Util.execute(kill_all_process.format(p.pw_name)) Util.execute(passwd_cmd.format(p.pw_name)) Util.execute(change_username.format(new_username, p.pw_name)) Util.execute(change_home.format(new_home_dir, new_username)) Util.execute(change_permisson.format(new_home_dir))