def addRole(self, role_name, group_names_list): role_name = validators.os.validGroupName(role_name) group_names_list = [ validators.os.validGroupName(item) for item in group_names_list ] rid = grp.getgrnam(role_name).gr_gid if len(gids) == 0: logger.verbose( "{mod}: Ignored an attempt to create an empty NSS role \"%s\" (rid=%d)" % (role_name, rid)) return 1 logger.verbose( "{mod}: Request to add NSS role \"%s\" (rid=%d) with groups \"%s\"" % (role_name, rid, str(group_names_list))) editor = tools.editors.PlainEditor(delimiter=":", spaces_list=[], quotes_list=[]) editor.open(config.value(SERVICE_NAME, "role_conf")) editor.setValue( str(rid), ",".join([grp.getgrnam(item).gr_gid for item in group_names_list])) editor.save() editor.close() return 0
def removeGroup(self, group_name): group_name = validators.os.validGroupName(group_name) gid = grp.getgrnam(group_name).gr_gid rid = grp.getgrnam(self.__role_name).gr_gid logger.verbose( "{mod}: Request to remove group \"%s\" from NSS role \"%s\"" % (group_name, self.__role_name)) editor = tools.editors.PlainEditor(delimiter=":", spaces_list=[], quotes_list=[]) editor.open(config.value(SERVICE_NAME, "role_conf")) role_gids_list = editor.value(str(rid)) if len(role_gids_list) > 0 and len(role_gids_list[-1]) > 0: gids_list = role_gids_list[-1].split(",") if str(gid) in gids_list: gids_list.remove(str(gid)) editor.setValue(str(rid), ",".join(gids_list)) editor.save() editor.close() return 0 else: logger.verbose( "{mod}: Group \"%s\" is not included in role \"%s\"" % (group_name, self.__role_name)) editor.close() return 1 editor.close() return 1
def closeService(self): role_config_subdir_path = os.path.dirname( config.value(SERVICE_NAME, "role_conf")) self.__watch_manager.rm_watch( self.__watch_manager.get_wd(role_config_subdir_path)) self.stop() logger.verbose("{mod}: Stop polling inotify events for \"%s\"" % (role_config_subdir_path))
def _apply(self, is_machine, who, session_id) : op = "apply" target_name = str(who) target_type = "machine" if is_machine else "user" logger.verbose("{mod}: Apply %s`s GPOs for %s" % (target_type, target_name)) proc_args_list = [config.value(SERVICE_NAME, "gpoa"), op, target_type, target_name] mk_long_run("apply_{target}_{id}".format(target='machine' if is_machine else 'user', id=who), session_id, proc_args_list) return 0
def setPasswd(self, passwd): logger.verbose( "{mod}: Request to change password for local user \"%s\"" % (self.__user_name)) return tools.process.execProcess( config.value(SERVICE_NAME, "chpasswd_bin"), proc_input="%s:%s\n" % (self.__user_name, passwd), fatal_flag=False, confidential_input_flag=True)[2]
def addUser(self, user_name): user_name = validators.os.validUserName(user_name) logger.verbose("{mod}: Request to add user \"%s\" to NSS role \"%s\"" % (user_name, self.__role_name)) proc_args_list = [ config.value(SERVICE_NAME, "usermod_bin"), "-a", "-G", self.__role_name, user_name ] return tools.process.execProcess(proc_args_list, fatal_flag=False)[2]
def setLock(self, lock_flag): (lock_arg, lock_str) = (("-L", "lock") if lock_flag else ("-U", "unlock")) logger.verbose("{mod}: Request to %s local user \"%s\"" % (lock_str, self.__user_name)) proc_args_list = [ config.value(SERVICE_NAME, "usermod_bin"), lock_arg, self.__user_name ] return tools.process.execProcess(proc_args_list, fatal_flag=False)[2]
def setGid(self, gid): if gid < 0: raise validators.ValidatorError("Incorrect GID %d" % (gid)) logger.verbose( "{mod}: Request to change gid for local user \"%s\", new gid=%d" % (self.__user_name, gid)) proc_args_list = [ config.value(SERVICE_NAME, "usermod_bin"), "-g", str(gid), self.__user_name ] return tools.process.execProcess(proc_args_list, fatal_flag=False)[2]
def setHomePath(self, path): if re.match(r"^[./\w\d]*$", path) == None: raise validators.ValidatorError( "Incorrect symbols in string \"%s\"" % (path)) logger.verbose( "{mod}: Request to change home for local user \"%s\", new home=\"%s\"" % (self.__user_name, path)) proc_args_list = [ config.value(SERVICE_NAME, "usermod_bin"), "-d", path, self.__user_name ] return tools.process.execProcess(proc_args_list, fatal_flag=False)[2]
def removeUser(self, user_name, remove_data_flag): user_name = validators.os.validUserName(user_name) (remove_data_arg, remove_data_str) = (("-r", " and its data") if remove_data_flag else ("", "")) logger.verbose("{mod}: Request to remove local user \"%s\"%s" % (user_name, remove_data_str)) proc_args_list = [ config.value(SERVICE_NAME, "userdel_bin"), remove_data_arg, user_name ] return tools.process.execProcess(proc_args_list, fatal_flag=False)[2]
def addUser(self, user_name, uid, gid): user_name = validators.os.validUserName(user_name) (uid_args_list, uid_str) = ((["-u", str(uid)], str(uid)) if uid >= 0 else ([], "auto")) (gid_args_list, gid_str) = ((["-g", str(gid)], str(gid)) if gid >= 0 else ([], "auto")) logger.verbose( "{mod}: Request to add local user \"%s\" with uid=%s and gid=%s" % (user_name, uid_str, gid_str)) proc_args_list = [config.value(SERVICE_NAME, "useradd_bin") ] + uid_args_list + gid_args_list + [user_name] return tools.process.execProcess(proc_args_list, fatal_flag=False)[2]
def setComment(self, text): if re.match(r"^[@<>./\w\d \t]*$", text) == None: raise validators.ValidatorError( "Incorrect symbols in string \"%s\"" % (text)) logger.verbose( "{mod}: Request to change comment for local user \"%s\", new comment=\"%s\"" % (self.__user_name, text)) proc_args_list = [ config.value(SERVICE_NAME, "usermod_bin"), "-c", text, self.__user_name ] return tools.process.execProcess(proc_args_list, fatal_flag=False)[2]
def removeUser(self, user_name): user_name = validators.os.validUserName(user_name) users_list = grp.getgrnam(self.__role_name).gr_mem users_list.remove(self.__role_name) users = ",".join(users_list) logger.verbose( "{mod}: Request to remove user \"%s\" from NSS role \"%s\"" % (user_name, self.__role_name)) proc_args_list = [ config.value(SERVICE_NAME, "usermod_bin"), "-G", users, user_name ] return tools.process.execProcess(proc_args_list, fatal_flag=False)[2]
def removeRole(self, role_name): role_name = validators.os.validGroupName(role_name) rid = grp.getgrnam(role_name).gr_gid logger.verbose("{mod}: Request to remove NSS role \"%s\" (rid=%d)" % (role_name, rid)) editor = tools.editors.PlainEditor(delimiter=":", spaces_list=[], quotes_list=[]) editor.open(config.value(SERVICE_NAME, "role_conf")) editor.setValue(str(rid), None) editor.save() editor.close() return 0
def reload(self) : for proc_list_item in os.listdir("/proc") : try : proc_pid = int(proc_list_item) except : continue cmdline_file_path = os.path.join("/proc", proc_list_item, "cmdline") cmdline_file = open(cmdline_file_path) cmdline_list = cmdline_file.read().split("\0") try : cmdline_file.close() except : pass if len(cmdline_list) >= 1 and os.path.basename(cmdline_list[0]) == "dnsmasq" : os.kill(proc_pid, signal.SIGHUP) logger.verbose("{mod}: Sended signal to dnsmasq with pid \"%d\" for re-read configs" % (proc_pid)) return raise NoDnsmasqProcess("Dnsmasq process is not found")
def initService(self): shared.Functions.addShared(LOCAL_USERS_SHARED_NAME) shared.Functions.addSharedObject(LOCAL_USERS_OBJECT_NAME, self.__local_users) logger.verbose("{mod}: First local users request...") local_users_shared = shared.Functions.shared(LOCAL_USERS_SHARED_NAME) user_count = 0 for user_name in self.localUsers(): dbus_user_name = re.sub(r"[^\w\d_]", "_", user_name) local_users_shared.addSharedObject( dbus_user_name, LocalUser(user_name, tools.dbus.joinPath(SERVICE_NAME, dbus_user_name), self)) user_count += 1 logger.verbose("{mod}: Added %d local users" % (user_count)) passwd_config_subdir_path = os.path.dirname( config.value(SERVICE_NAME, "passwd_conf")) self.__watch_manager.add_watch( passwd_config_subdir_path, pyinotify.IN_DELETE | pyinotify.IN_CREATE | pyinotify.IN_MOVED_TO, rec=True) self.start() logger.verbose("{mod}: Start polling inotify events for \"%s\"" % (passwd_config_subdir_path))
def initService(self): shared.Functions.addShared(NSS_ROLES_SHARED_NAME) shared.Functions.addSharedObject(NSS_ROLES_OBJECT_NAME, self.__nss_roles) logger.verbose("{mod}: First NSS roles request...") nss_roles_shared = shared.Functions.shared(NSS_ROLES_SHARED_NAME) role_count = 0 for role_name in self.nssRoles(): dbus_role_name = re.sub(r"[^\w\d_]", "_", role_name) nss_roles_shared.addSharedObject( dbus_role_name, NssRole(role_name, tools.dbus.joinPath(SERVICE_NAME, dbus_role_name), self)) role_count += 1 logger.verbose("{mod}: Added %d NSS roles" % (role_count)) role_config_subdir_path = os.path.dirname( config.value(SERVICE_NAME, "role_conf")) self.__watch_manager.add_watch( role_config_subdir_path, pyinotify.IN_DELETE | pyinotify.IN_CREATE | pyinotify.IN_MOVED_TO, rec=True) self.start() logger.verbose("{mod}: Start polling inotify events for \"%s\"" % (role_config_subdir_path))
def inotifyEvent(self, event): if event.dir or not event.pathname in ( config.value(SERVICE_NAME, "passwd_conf"), config.value(SERVICE_NAME, "shadow_conf"), config.value(SERVICE_NAME, "login_defs_conf")): return user_names_list = self.localUsers() dbus_user_names_list = [ re.sub(r"[^\w\d_]", "_", item) for item in user_names_list ] local_users_shared = shared.Functions.shared(LOCAL_USERS_SHARED_NAME) for count in xrange(len(user_names_list)): if not local_users_shared.hasSharedObject( dbus_user_names_list[count]): local_users_shared.addSharedObject( dbus_user_names_list[count], LocalUser( user_names_list[count], tools.dbus.joinPath(SERVICE_NAME, dbus_user_names_list[count]), self)) logger.verbose("{mod}: Added local user \"%s\"" % (user_names_list[count])) for dbus_user_name in local_users_shared.sharedObjects().keys(): if not dbus_user_name in dbus_user_names_list: user_name = local_users_shared.sharedObject( dbus_user_name).realName() local_users_shared.sharedObject( dbus_user_name).removeFromConnection() local_users_shared.removeSharedObject(dbus_user_name) logger.verbose("{mod}: Removed local user \"%s\"" % (user_name)) self.__local_users.usersChanged()
def inotifyEvent(self, event): if event.dir or not event.pathname in (config.value( SERVICE_NAME, "role_conf"), config.value(SERVICE_NAME, "group_conf")): return role_names_list = self.nssRoles() dbus_role_names_list = [ re.sub(r"[^\w\d_]", "_", item) for item in role_names_list ] nss_roles_shared = shared.Functions.shared(NSS_ROLES_SHARED_NAME) for count in xrange(len(roles_names_list)): if not nss_roles_shared.hasSharedObject( dbus_role_names_list[count]): nss_roles_shared.addSharedObject( dbus_role_names_list[count], NssRole( role_names_list[count], tools.dbus.joinPath(SERVICE_NAME, dbus_role_names_list[count]), self)) logger.verbose("{mod}: Added NSS role \"%s\"" % (role_names_list[count])) for dbus_role_name in nss_roles_shared.sharedObjects().keys(): if not dbus_role_name in dbus_role_names_list: role_name = nss_roles_shared.sharedObject( dbus_role_name).realName() nss_roles_shared.sharedObject( dbus_role_name).removeFromConnection() nss_roles_shared.removeSharedObject(dbus_role_name) logger.verbose("{mod}: Removed NSS role \"%s\"" % (role_name)) self.__nss_roles.rolesChanged()
def initService(self) : shared.Functions.addShared(DISKS_SMART_SHARED_NAME) shared.Functions.addSharedObject(DISKS_SMART_SHARED_NAME, self.__disks_smart) logger.verbose("{mod}: First devices request...") disks_smart_shared = shared.Functions.shared(DISKS_SMART_SHARED_NAME) disks_filter_regexp = re.compile(config.value(SERVICE_NAME, "disks_filter")) devices_count = 0 for device in self.__udev_client.query_by_subsystem("block") : device_name = device.get_name() device_file_path = device.get_device_file() if disks_filter_regexp.match(device_name) and self.smartAvailable(device_file_path) : disks_smart_shared.addSharedObject(device_name, Disk(device_file_path, tools.dbus.joinPath(DISKS_SMART_SHARED_NAME, device_name), self)) devices_count += 1 logger.verbose("{mod}: Added %d devices" % (devices_count)) self.__udev_client.connect("uevent", self.udevEvent) logger.verbose("{mod}: Start polling udev events for \"block\"")
def disable(self, name): logger.verbose("{mod}: Request to disable service \"%s\"" % name) self._systemd_manager.DisableUnitFiles([name + '.service'], False, True)
def reload(self, name) : logger.verbose("{mod}: Request to reload service \"%s\"" % name) self._systemd_manager.ReloadUnit(name + '.service', 'replace')
def closeService(self) : self.__udev_client.disconnect_by_func(self.udevEvent) logger.verbose("{mod}: Stop polling udev events for \"block\"")
def stop(self, name) : logger.verbose("{mod}: Request to stop service \"%s\"" % name) self._systemd_manager.StopUnit(name + '.service', 'replace')