def _writeKS(ksdata): path = conf.target.system_root + "/root/anaconda-ks.cfg" # Make it so only root can read - could have passwords with util.open_with_perm(path, "w", 0o600) as f: f.write("# Generated by Anaconda {}\n".format(util.get_anaconda_version_string())) f.write(str(ksdata))
def setUserSshKey(self, username, key, **kwargs): root = kwargs.get("root", util.getSysroot()) pwent = self._getpwnam(username, root) if not pwent: raise ValueError("setUserSshKey: user %s does not exist" % username) homedir = root + pwent[5] if not os.path.exists(homedir): log.error("setUserSshKey: home directory for %s does not exist", username) raise ValueError("setUserSshKey: home directory for %s does not exist" % username) uid = pwent[2] gid = pwent[3] sshdir = os.path.join(homedir, ".ssh") if not os.path.isdir(sshdir): os.mkdir(sshdir, 0o700) os.chown(sshdir, int(uid), int(gid)) authfile = os.path.join(sshdir, "authorized_keys") authfile_existed = os.path.exists(authfile) with util.open_with_perm(authfile, "a", 0o600) as f: f.write(key + "\n") # Only change ownership if we created it if not authfile_existed: os.chown(authfile, int(uid), int(gid)) util.execWithRedirect("restorecon", ["-r", sshdir])
def setUserSshKey(self, username, key, **kwargs): root = kwargs.get("root", util.getSysroot()) pwent = self._getpwnam(username, root) if not pwent: raise ValueError("setUserSshKey: user %s does not exist" % username) homedir = root + pwent[5] if not os.path.exists(homedir): log.error("setUserSshKey: home directory for %s does not exist", username) raise ValueError( "setUserSshKey: home directory for %s does not exist" % username) uid = pwent[2] gid = pwent[3] sshdir = os.path.join(homedir, ".ssh") if not os.path.isdir(sshdir): os.mkdir(sshdir, 0o700) os.chown(sshdir, int(uid), int(gid)) authfile = os.path.join(sshdir, "authorized_keys") authfile_existed = os.path.exists(authfile) with util.open_with_perm(authfile, "a", 0o600) as f: f.write(key + "\n") # Only change ownership if we created it if not authfile_existed: os.chown(authfile, int(uid), int(gid)) util.execWithRedirect("restorecon", ["-r", sshdir])
def test_open_with_perm(self): """Test the open_with_perm function""" # Create a directory for test files test_dir = tempfile.mkdtemp() try: # Reset the umask old_umask = os.umask(0) try: # Create a file with mode 0777 util.open_with_perm(test_dir + '/test1', 'w', 0o777) assert os.stat(test_dir + '/test1').st_mode & 0o777 == 0o777 # Create a file with mode 0600 util.open_with_perm(test_dir + '/test2', 'w', 0o600) assert os.stat(test_dir + '/test2').st_mode & 0o777 == 0o600 finally: os.umask(old_umask) finally: shutil.rmtree(test_dir)
def open_with_perm_test(self): """Test the open_with_perm function""" # Create a directory for test files test_dir = tempfile.mkdtemp() try: # Reset the umask old_umask = os.umask(0) try: # Create a file with mode 0777 util.open_with_perm(test_dir + '/test1', 'w', 0o777) self.assertEqual(os.stat(test_dir + '/test1').st_mode & 0o777, 0o777) # Create a file with mode 0600 util.open_with_perm(test_dir + '/test2', 'w', 0o600) self.assertEqual(os.stat(test_dir + '/test2').st_mode & 0o777, 0o600) finally: os.umask(old_umask) finally: shutil.rmtree(test_dir)
def write_password_config(self): if not self.password and not self.encrypted_password: return users_file = "%s%s/%s" % (conf.target.system_root, self.config_dir, self._passwd_file) header = util.open_with_perm(users_file, "w", 0o700) # XXX FIXME: document somewhere that the username is "root" self._encrypt_password() password_line = "GRUB2_PASSWORD="******"%s\n" % password_line) header.close()
def write_password_config(self): if not self.password and not self.encrypted_password: return users_file = "%s%s/%s" % (util.getSysroot(), self.config_dir, self._passwd_file) header = util.open_with_perm(users_file, "w", 0o700) # XXX FIXME: document somewhere that the username is "root" self._encrypt_password() password_line = "GRUB2_PASSWORD="******"%s\n" % password_line) header.close()
def _writeKS(ksdata): path = util.getSysroot() + "/root/anaconda-ks.cfg" # Clear out certain sensitive information that kickstart doesn't have a # way of representing encrypted. for obj in [ksdata.autopart] + ksdata.logvol.dataList() + \ ksdata.partition.dataList() + ksdata.raid.dataList(): obj.passphrase = "" # Make it so only root can read - could have passwords with util.open_with_perm(path, "w", 0o600) as f: f.write(str(ksdata))
def write_config(self): """ Write the bootloader configuration. """ if not self.config_file: raise BootLoaderError("no config file defined for this boot loader") config_path = os.path.normpath(conf.target.system_root + self.config_file) if os.access(config_path, os.R_OK): os.rename(config_path, config_path + ".anacbak") config = util.open_with_perm(config_path, "w", self.config_file_mode) self.write_config_header(config) self.write_config_images(config) config.close() self.write_config_post()
def write_config(self): """ Write the bootloader configuration. """ if not self.config_file: raise BootLoaderError("no config file defined for this boot loader") config_path = os.path.normpath(util.getSysroot() + self.config_file) if os.access(config_path, os.R_OK): os.rename(config_path, config_path + ".anacbak") config = util.open_with_perm(config_path, "w", self.config_file_mode) self.write_config_header(config) self.write_config_images(config) config.close() self.write_config_post()
def _writeKS(ksdata): path = util.getSysroot() + "/root/anaconda-ks.cfg" # Clear out certain sensitive information that kickstart doesn't have a # way of representing encrypted. for obj in ksdata.logvol.dataList() + ksdata.partition.dataList() + ksdata.raid.dataList(): obj.passphrase = "" # TODO: Don't add sensitive information to kickstart generated by modules. auto_part_proxy = STORAGE.get_proxy(AUTO_PARTITIONING) auto_part_proxy.SetPassphrase("") # Make it so only root can read - could have passwords with util.open_with_perm(path, "w", 0o600) as f: f.write(str(ksdata))
def set_user_ssh_key(username, key, root=None): """Set an SSH key for a given username. :param str username: a username :param str key: the SSH key to set :param str root: target system sysroot path """ if root is None: root = util.getSysroot() pwent = _getpwnam(username, root) if not pwent: raise ValueError("set_user_ssh_key: user %s does not exist" % username) homedir = root + pwent[5] if not os.path.exists(homedir): log.error("set_user_ssh_key: home directory for %s does not exist", username) raise ValueError( "set_user_ssh_key: home directory for %s does not exist" % username) uid = pwent[2] gid = pwent[3] sshdir = os.path.join(homedir, ".ssh") if not os.path.isdir(sshdir): os.mkdir(sshdir, 0o700) os.chown(sshdir, int(uid), int(gid)) authfile = os.path.join(sshdir, "authorized_keys") authfile_existed = os.path.exists(authfile) with util.open_with_perm(authfile, "a", 0o600) as f: f.write(key + "\n") # Only change ownership if we created it if not authfile_existed: os.chown(authfile, int(uid), int(gid)) util.execWithRedirect("restorecon", ["-r", sshdir])
def _writeKS(ksdata): path = conf.target.system_root + "/root/anaconda-ks.cfg" # Make it so only root can read - could have passwords with util.open_with_perm(path, "w", 0o600) as f: f.write(str(ksdata))