def change_permissions_for_local_users(self):
if self.disable_local_users is False:
content = Util.read_file('/etc/passwd')
change_permisson = "chmod -R 700 {}"
for p in pwd.getpwall():
self.logger.info(
"User: '******' will change home directory of username".
format(p.pw_name))
if not sysx.shell_is_interactive(p.pw_shell):
continue
if p.pw_uid == 0:
continue
if p.pw_name in content:
Util.execute(change_permisson.format(p.pw_dir))
add_user_conf_file = "/etc/adduser.conf"
file_dir_mode = open(add_user_conf_file, 'r')
file_data = file_dir_mode.read()
file_data = file_data.replace("DIR_MODE=0755", "DIR_MODE=0700")
file_dir_mode.close()
file_dir_mode = open(add_user_conf_file, 'w')
file_dir_mode.write(file_data)
file_dir_mode.close()
self.logger.info("add user mode changed to 0700 in file {}".format(
add_user_conf_file))
def agreement_update(self, arg):
try:
json_data = json.loads(arg)
transfer_manager = FileTransferManager(json_data['protocol'],
json_data['parameterMap'])
transfer_manager.transporter.connect()
file_name = transfer_manager.transporter.get_file()
transfer_manager.transporter.disconnect()
agreement_content = Util.read_file(
System.Ahenk.received_dir_path() + file_name)
Util.delete_file(System.Ahenk.received_dir_path() + file_name)
# TODO
title = 'Kullanıcı Sözleşmesi'
if agreement_content is not None and agreement_content != '':
old_content = self.db_service.select_one_result(
'contract', 'content',
'id =(select MAX(id) from contract)')
if old_content is None or Util.get_md5_text(
old_content) != Util.get_md5_text(agreement_content):
self.db_service.update(
'contract', self.db_service.get_cols('contract'),
[agreement_content, title, json_data['timestamp']])
except Exception as e:
self.logger.warning(
'A problem occurred while updating agreement. Error Message : {0}'
.format(str(e)))
def disable_local_users(self):
passwd_cmd = 'passwd -l {}'
change_home = 'usermod -m -d {0} {1}'
change_username = '******'
content = Util.read_file('/etc/passwd')
kill_all_process = 'killall -KILL -u {}'
for p in pwd.getpwall():
self.logger.info(
"User: '******' will be disabled and changed username and home directory of username"
.format(p.pw_name))
if not sysx.shell_is_interactive(p.pw_shell):
continue
if p.pw_uid == 0:
continue
if p.pw_name in content:
new_home_dir = p.pw_dir.rstrip('/') + '-local/'
new_username = p.pw_name + '-local'
Util.execute(kill_all_process.format(p.pw_name))
Util.execute(passwd_cmd.format(p.pw_name))
Util.execute(change_username.format(new_username, p.pw_name))
Util.execute(change_home.format(new_home_dir, new_username))
def disable_local_users(self):
passwd_cmd = 'passwd -l {}'
change_home = 'usermod -m -d {0} {1}'
change_username = '******'
content = Util.read_file('/etc/passwd')
kill_all_process = 'killall -KILL -u {}'
change_permisson = "chmod -R 700 {}"
add_user_conf_file = "/etc/adduser.conf"
file_dir_mode = open(add_user_conf_file, 'r')
file_data = file_dir_mode.read()
file_data = file_data.replace("DIR_MODE=0755", "DIR_MODE=0700")
file_dir_mode.close()
file_dir_mode = open(add_user_conf_file, 'w')
file_dir_mode.write(file_data)
file_dir_mode.close()
self.logger.info("add user mode changed to 0700 in file {}".format(
add_user_conf_file))
for p in pwd.getpwall():
self.logger.info(
"User: '******' will be disabled and changed username and home directory of username"
.format(p.pw_name))
if not sysx.shell_is_interactive(p.pw_shell):
continue
if p.pw_uid == 0:
continue
if p.pw_name in content:
new_home_dir = p.pw_dir.rstrip('/') + '-local/'
new_username = p.pw_name + '-local'
Util.execute(kill_all_process.format(p.pw_name))
Util.execute(passwd_cmd.format(p.pw_name))
Util.execute(change_username.format(new_username, p.pw_name))
Util.execute(change_home.format(new_home_dir, new_username))
Util.execute(change_permisson.format(new_home_dir))
def agreement_update(self, arg):
try:
json_data = json.loads(arg)
transfer_manager = FileTransferManager(json_data['protocol'], json_data['parameterMap'])
transfer_manager.transporter.connect()
file_name = transfer_manager.transporter.get_file()
transfer_manager.transporter.disconnect()
agreement_content = Util.read_file(System.Ahenk.received_dir_path() + file_name)
Util.delete_file(System.Ahenk.received_dir_path() + file_name)
# TODO
title = 'Kullanıcı Sözleşmesi'
if agreement_content is not None and agreement_content != '':
old_content = self.db_service.select_one_result('contract', 'content',
'id =(select MAX(id) from contract)')
if old_content is None or Util.get_md5_text(old_content) != Util.get_md5_text(agreement_content):
self.db_service.update('contract', self.db_service.get_cols('contract'),
[agreement_content, title, json_data['timestamp']])
except Exception as e:
self.logger.warning(
'A problem occurred while updating agreement. Error Message : {0}'.format(str(e)))
def set_event(self, *args):
if args is None or len(args) < 1:
print('Lack of arguments')
params = args[0]
data = dict()
if System.Ahenk.is_running() is True:
if len(params) > 1 and params[1] == 'clean':
print('Ahenk stopping')
System.Process.kill_by_pid(int(System.Ahenk.get_pid_number()))
self.clean()
return False
elif len(params) == 5 and params[1] == 'login':
print('{0} logging in'.format(str(params[2])))
data['event'] = params[1]
data['username'] = params[2]
data['desktop'] = params[3]
data['display'] = params[4]
elif len(params) == 3 and params[1] == 'logout':
print('{0} logging out'.format(str(params[2])))
data['event'] = params[1]
data['username'] = params[2]
elif len(params) == 2 and params[1] == 'stop':
data['event'] = 'stop'
elif len(params) == 4 and params[1] == 'load' and params[2] == '-p':
data['event'] = 'load'
data['plugins'] = params[3]
elif len(params) == 4 and params[1] == 'reload' and params[2] == '-p':
data['event'] = 'reload'
data['plugins'] = params[3]
elif len(params) == 4 and params[1] == 'remove' and params[2] == '-p':
data['event'] = 'remove'
data['plugins'] = params[3]
elif len(params) > 5 and params[1] == 'send':
data['event'] = params[1]
response = dict()
response['timestamp'] = str(datetime.datetime.now().strftime("%d-%m-%Y %I:%M"))
response['responseMessage'] = 'This content was sent via ahenk terminal command'
if params[2] == '-t':
response['responseCode'] = MessageCode.TASK_PROCESSED.value
response['type'] = MessageType.TASK_STATUS.value
response['taskId'] = params[3]
if params[4] == '-m':
response['contentType'] = ContentType.APPLICATION_JSON.value
response['responseData'] = params[5]
elif params[4] == '-f':
if os.path.exists(str(params[5])):
response['contentType'] = self.get_relevant_type(str(params[5]))
response['responseData'] = Util.read_file(str(params[5]), 'rb')
else:
print(
'Wrong or missing parameter. Usage: send -t <task_id> -m|-f <message_content>|<file_path>')
return None
if len(params) > 6:
if params[6] == '-e':
response['responseCode'] = MessageCode.TASK_ERROR.value
elif params[6] == '-w':
response['responseCode'] = MessageCode.TASK_WARNING.value
elif params[6] == '-s':
response['responseCode'] = MessageCode.TASK_PROCESSED.value
else:
print(
'Wrong or missing parameter.(-e|-s|-w parameters are optional) Usage: send -t <task_id> -m|-f <message_content>|<file_path> -e|-s|-w')
return None
elif len(params) > 7 and params[2] == '-p':
response['responseCode'] = MessageCode.POLICY_PROCESSED.value
response['type'] = MessageType.POLICY_STATUS.value
response['policyVersion'] = params[3]
if params[4] == '-c':
response['commandExecutionId'] = params[5]
if params[6] == '-m':
response['contentType'] = ContentType.APPLICATION_JSON.value
response['responseData'] = params[7]
elif params[6] == '-f':
if os.path.exists(str(params[7])):
response['contentType'] = self.get_relevant_type(str(params[7]))
response['responseData'] = Util.read_file(str(params[7]), 'rb')
else:
print(
'Wrong or missing parameter. Usage: send -p <policy_version> -c <command_execution_id> -m|-f <message_content>|<file_path>')
return None
if len(params) > 8:
if params[8] == '-e':
response['responseCode'] = MessageCode.POLICY_ERROR.value
elif params[8] == '-w':
response['responseCode'] = MessageCode.POLICY_WARNING.value
elif params[8] == '-s':
response['responseCode'] = MessageCode.POLICY_PROCESSED.value
else:
print(
'Wrong or missing parameter.(-e|-s|-w parameters are optional) Usage: send -p <policy_version> -c <command_execution_id> -m|-f <message_content>|<file_path> -e|-s|-w')
return None
else:
print(
'Wrong or missing parameter. Usage: send -p <policy_version> -c <command_execution_id> -m|-f <message_content>|<file_path> -e|-s|-w')
return None
resp = str(response).replace("\"{", "{")
resp = resp.replace("}\"", "}")
resp = resp.replace("'", "\"")
data['message'] = json.loads(resp)
# data['message'] = ast.literal_eval(str(response))
else:
print('Wrong or missing parameter. Usage : %s start|stop|restart|status|clean|send')
return None
else:
if params[1] == 'clean':
self.clean()
else:
print('Ahenk not running!')
return None
if len(data) > 0:
fifo = Fifo()
thread = threading.Thread(target=fifo.push(str(json.dumps(data)) + '\n'))
thread.start()
return True
def set_event(self, *args):
if args is None or len(args) < 1:
print('Lack of arguments')
params = args[0]
data = dict()
if System.Ahenk.is_running() is True:
if len(params) > 1 and params[1] == 'clean':
print('Ahenk stopping')
System.Process.kill_by_pid(int(System.Ahenk.get_pid_number()))
self.clean()
return False
elif len(params) > 4 and params[1] == 'login':
print('{0} logging in'.format(str(params[2])))
data['event'] = params[1]
data['username'] = params[2]
data['desktop'] = params[3]
data['display'] = params[4]
if len(params) == 6:
data['ip'] = params[5]
elif len(params) == 3 and params[1] == 'logout':
print('{0} logging out'.format(str(params[2])))
data['event'] = params[1]
data['username'] = params[2]
elif len(params) == 4 and params[1] == 'logout':
print('{0} logging out'.format(str(params[2])))
data['event'] = params[1]
data['username'] = params[2]
data['ip'] = params[3]
elif len(params) == 2 and params[1] == 'stop':
data['event'] = 'stop'
elif len(
params) == 4 and params[1] == 'load' and params[2] == '-p':
data['event'] = 'load'
data['plugins'] = params[3]
elif len(params
) == 4 and params[1] == 'reload' and params[2] == '-p':
data['event'] = 'reload'
data['plugins'] = params[3]
elif len(params
) == 4 and params[1] == 'remove' and params[2] == '-p':
data['event'] = 'remove'
data['plugins'] = params[3]
elif len(params) > 5 and params[1] == 'send':
data['event'] = params[1]
response = dict()
response['timestamp'] = str(
datetime.datetime.now().strftime("%d-%m-%Y %I:%M"))
response[
'responseMessage'] = 'This content was sent via ahenk terminal command'
if params[2] == '-t':
response['responseCode'] = MessageCode.TASK_PROCESSED.value
response['type'] = MessageType.TASK_STATUS.value
response['taskId'] = params[3]
if params[4] == '-m':
response[
'contentType'] = ContentType.APPLICATION_JSON.value
response['responseData'] = params[5]
elif params[4] == '-f':
if os.path.exists(str(params[5])):
response['contentType'] = self.get_relevant_type(
str(params[5]))
response['responseData'] = Util.read_file(
str(params[5]), 'rb')
else:
print(
'Wrong or missing parameter. Usage: send -t <task_id> -m|-f <message_content>|<file_path>'
)
return None
if len(params) > 6:
if params[6] == '-e':
response[
'responseCode'] = MessageCode.TASK_ERROR.value
elif params[6] == '-w':
response[
'responseCode'] = MessageCode.TASK_WARNING.value
elif params[6] == '-s':
response[
'responseCode'] = MessageCode.TASK_PROCESSED.value
else:
print(
'Wrong or missing parameter.(-e|-s|-w parameters are optional) Usage: send -t <task_id> -m|-f <message_content>|<file_path> -e|-s|-w'
)
return None
elif len(params) > 7 and params[2] == '-p':
response[
'responseCode'] = MessageCode.POLICY_PROCESSED.value
response['type'] = MessageType.POLICY_STATUS.value
response['policyVersion'] = params[3]
if params[4] == '-c':
response['commandExecutionId'] = params[5]
if params[6] == '-m':
response[
'contentType'] = ContentType.APPLICATION_JSON.value
response['responseData'] = params[7]
elif params[6] == '-f':
if os.path.exists(str(params[7])):
response[
'contentType'] = self.get_relevant_type(
str(params[7]))
response['responseData'] = Util.read_file(
str(params[7]), 'rb')
else:
print(
'Wrong or missing parameter. Usage: send -p <policy_version> -c <command_execution_id> -m|-f <message_content>|<file_path>'
)
return None
if len(params) > 8:
if params[8] == '-e':
response[
'responseCode'] = MessageCode.POLICY_ERROR.value
elif params[8] == '-w':
response[
'responseCode'] = MessageCode.POLICY_WARNING.value
elif params[8] == '-s':
response[
'responseCode'] = MessageCode.POLICY_PROCESSED.value
else:
print(
'Wrong or missing parameter.(-e|-s|-w parameters are optional) Usage: send -p <policy_version> -c <command_execution_id> -m|-f <message_content>|<file_path> -e|-s|-w'
)
return None
else:
print(
'Wrong or missing parameter. Usage: send -p <policy_version> -c <command_execution_id> -m|-f <message_content>|<file_path> -e|-s|-w'
)
return None
resp = str(response).replace("\"{", "{")
resp = resp.replace("}\"", "}")
resp = resp.replace("'", "\"")
data['message'] = json.loads(resp)
# data['message'] = ast.literal_eval(str(response))
else:
print(
'Wrong or missing parameter. Usage : %s start|stop|restart|status|clean|send'
)
return None
else:
if params[1] == 'clean':
self.clean()
else:
print('Ahenk not running!')
return None
if len(data) > 0:
fifo = Fifo()
thread = threading.Thread(
target=fifo.push(str(json.dumps(data)) + '\n'))
thread.start()
return True
class Registration:
def __init__(self):
scope = Scope().get_instance()
self.logger = scope.get_logger()
self.message_manager = scope.get_message_manager()
self.event_manager = scope.get_event_manager()
self.messenger = scope.get_messenger()
self.conf_manager = scope.get_configuration_manager()
self.db_service = scope.get_db_service()
self.util = Util()
self.servicename = 'im.liderahenk.org'
self.local_user_disable = None
#self.event_manager.register_event('REGISTRATION_RESPONSE', self.registration_process)
self.event_manager.register_event('REGISTRATION_SUCCESS',
self.registration_success)
self.event_manager.register_event('REGISTRATION_ERROR',
self.registration_error)
self.ldap_login_cancel = ExecuteCancelSSSDAuthentication()
self.ad_login_cancel = ExecuteCancelSSSDAdAuthentication()
self.ldap_login = ExecuteSSSDAuthentication()
self.ad_login = ExecuteSSSDAdAuthentication()
self.directory_server = None
if self.is_registered():
self.logger.debug('Ahenk already registered')
else:
self.register(True)
def registration_request(self, hostname, username, password):
self.logger.debug('Requesting registration')
# SetupTimer.start(Timer(System.Ahenk.registration_timeout(), timeout_function=self.registration_timeout,checker_func=self.is_registered, kwargs=None))
self.servicename = self.conf_manager.get("CONNECTION", "servicename")
self.host = hostname
self.user_name = username
self.user_password = password
if (username is None and password is None and self.host is None):
self.host = self.conf_manager.get("CONNECTION", "host")
user_name = os.getlogin()
self.logger.debug('User : '******'Makineyi Lider MYS sistemine kaydetmek için bilgileri ilgili alanlara giriniz. LÜTFEN DEVAM EDEN İŞLEMLERİ SONLANDIRDIĞINZA EMİN OLUNUZ !',
'LIDER MYS SISTEMINE KAYIT', self.host)
self.logger.debug('pout : ' + str(pout))
field_values = pout.split(' ')
user_registration_info = list(field_values)
if self.host == '':
self.host = user_registration_info[0]
self.user_name = user_registration_info[1]
self.user_password = user_registration_info[2]
self.directory_server = user_registration_info[3]
else:
self.user_name = user_registration_info[0]
self.user_password = user_registration_info[1]
self.directory_server = user_registration_info[2]
#anon_messenger = AnonymousMessenger(self.message_manager.registration_msg(user_name,user_password), self.host,self.servicename)
#anon_messenger.connect_to_server()
self.logger.debug('Requesting registration')
SetupTimer.start(
Timer(System.Ahenk.registration_timeout(),
timeout_function=self.registration_timeout,
checker_func=self.is_registered,
kwargs=None))
anon_messenger = AnonymousMessenger(
self.message_manager.registration_msg(self.user_name,
self.user_password,
self.directory_server),
self.host, self.servicename)
anon_messenger.connect_to_server()
def ldap_registration_request(self):
self.logger.info('Requesting LDAP registration')
self.messenger.send_Direct_message(
self.message_manager.ldap_registration_msg())
def registration_success(self, reg_reply):
try:
self.local_user_disable = reg_reply['disableLocalUser']
if self.local_user_disable is True:
self.conf_manager.set('MACHINE', 'user_disabled', 'true')
else:
self.conf_manager.set('MACHINE', 'user_disabled', 'false')
self.logger.info('LDAP Registration update starting')
dn = str(reg_reply['agentDn'])
self.logger.info('Current dn:' + dn)
self.logger.info('updating host name and service')
self.update_registration_attrs(dn)
# lightdm configuration by desktop env is XFCE
self.desktop_env = self.util.get_desktop_env()
self.logger.info("Get desktop environment is {0}".format(
self.desktop_env))
if self.desktop_env == "xfce":
# Configure lightdm.service
# check if 99-pardus-xfce.conf exists if not create
pardus_xfce_path = "/usr/share/lightdm/lightdm.conf.d/99-pardus-xfce.conf"
if not self.util.is_exist(pardus_xfce_path):
self.logger.info("99-pardus-xfce.conf does not exist.")
self.util.create_file(pardus_xfce_path)
file_lightdm = open(pardus_xfce_path, 'a')
file_lightdm.write("[Seat:*]\n")
file_lightdm.write("greeter-hide-users=true")
file_lightdm.close()
self.logger.info("lightdm has been configured.")
else:
self.logger.info(
"99-pardus-xfce.conf exists. Delete file and create new one."
)
self.util.delete_file(pardus_xfce_path)
self.util.create_file(pardus_xfce_path)
file_lightdm = open(pardus_xfce_path, 'a')
file_lightdm.write("[Seat:*]")
file_lightdm.write("greeter-hide-users=true")
file_lightdm.close()
self.logger.info("lightdm.conf has been configured.")
if self.desktop_env == "gnome":
pardus_gnome_path = "/etc/gdm3/greeter.dconf-defaults"
if not self.util.is_exist(pardus_gnome_path):
self.logger.info("Gnome conf doesn't exist")
else:
reading_file = open(pardus_gnome_path, "r")
new_file_content = ""
for line in reading_file:
stripped_line = line.strip()
new_line = stripped_line.replace(
"# disable-user-list=true",
"disable-user-list=true")
new_file_content += new_line + "\n"
reading_file.close()
writing_file = open(pardus_gnome_path, "w")
writing_file.write(new_file_content)
writing_file.close()
self.logger.info("gdm.conf has been configured.")
# LDAP registration
if self.directory_server == "LDAP":
self.install_and_config_ldap(reg_reply)
# AD registration
else:
self.install_and_config_ad(reg_reply)
except Exception as e:
self.logger.error('Registration error. Error Message: {0}.'.format(
str(e)))
print(e)
raise
def update_registration_attrs(self, dn=None):
self.logger.debug('Registration configuration is updating...')
self.db_service.update('registration', ['dn', 'registered'], [dn, 1],
' registered = 0')
if self.conf_manager.has_section('CONNECTION'):
self.conf_manager.set(
'CONNECTION', 'uid',
self.db_service.select_one_result('registration', 'jid',
' registered=1'))
self.conf_manager.set(
'CONNECTION', 'password',
self.db_service.select_one_result('registration', 'password',
' registered=1'))
if self.host and self.servicename:
self.conf_manager.set('CONNECTION', 'host', self.host)
self.conf_manager.set('CONNECTION', 'servicename',
self.servicename)
# TODO get file path?
with open('/etc/ahenk/ahenk.conf', 'w') as configfile:
self.conf_manager.write(configfile)
self.logger.debug('Registration configuration file is updated')
def install_and_config_ldap(self, reg_reply):
self.logger.info('ldap install process starting')
server_address = str(reg_reply['ldapServer'])
dn = str(reg_reply['ldapBaseDn'])
version = str(reg_reply['ldapVersion'])
admin_dn = str(reg_reply['ldapUserDn']
) # get user full dn from server.. password same
#admin_password = self.user_password # same user get from server
admin_password = self.db_service.select_one_result(
'registration', 'password', ' registered=1')
self.ldap_login.authenticate(server_address, dn, admin_dn,
admin_password)
if server_address != '' and dn != '' and version != '' and admin_dn != '' and admin_password != '':
self.logger.info("SSSD configuration process starting....")
self.logger.info("SSSD configuration process starting....")
else:
raise Exception(
'LDAP Ayarları yapılırken hata oluştu. Lütfen ağ bağlantınızı kontrol ediniz. Deponuzun güncel olduğundan emin olunuz.'
)
def install_and_config_ad(self, reg_reply):
self.logger.info('AD install process starting')
domain_name = str(reg_reply['adDomainName'])
host_name = str(reg_reply['adHostName'])
ip_address = str(reg_reply['adIpAddress'])
password = str(reg_reply['adAdminPassword'])
ad_username = str(reg_reply['adAdminUserName'])
if domain_name is None or host_name is None or ip_address is None or password is None:
self.logger.error("Registration params is null")
return
self.ad_login.authenticate(domain_name, host_name, ip_address,
password, ad_username)
def registration_error(self, reg_reply):
self.re_register()
def is_registered(self):
try:
if str(System.Ahenk.uid()):
return True
else:
return False
except:
return False
def is_ldap_registered(self):
dn = self.db_service.select_one_result('registration', 'dn',
'registered = 1')
if dn is not None and dn != '':
return True
else:
return False
def register(self, uuid_depend_mac=False):
cols = ['jid', 'password', 'registered', 'params', 'timestamp']
vals = [
str(System.Os.hostname()),
str(self.generate_uuid(uuid_depend_mac)), 0,
str(self.get_registration_params()),
str(datetime.datetime.now().strftime("%d-%m-%Y %I:%M"))
]
self.db_service.delete('registration', ' 1==1 ')
self.db_service.update('registration', cols, vals)
self.logger.debug('Registration parameters were created')
def get_registration_params(self):
parts = []
for part in System.Hardware.Disk.partitions():
parts.append(part[0])
params = {
'ipAddresses':
str(System.Hardware.Network.ip_addresses()).replace('[',
'').replace(
']', ''),
'macAddresses':
str(System.Hardware.Network.mac_addresses()).replace('[',
'').replace(
']', ''),
'hostname':
System.Os.hostname(),
'os.name':
System.Os.name(),
'os.version':
System.Os.version(),
'os.kernel':
System.Os.kernel_release(),
'os.distributionName':
System.Os.distribution_name(),
'os.distributionId':
System.Os.distribution_id(),
'os.distributionVersion':
System.Os.distribution_version(),
'os.architecture':
System.Os.architecture(),
'hardware.cpu.architecture':
System.Hardware.Cpu.architecture(),
'hardware.cpu.logicalCoreCount':
System.Hardware.Cpu.logical_core_count(),
'hardware.cpu.physicalCoreCount':
System.Hardware.Cpu.physical_core_count(),
'hardware.disk.total':
System.Hardware.Disk.total(),
'hardware.disk.used':
System.Hardware.Disk.used(),
'hardware.disk.free':
System.Hardware.Disk.free(),
'hardware.disk.partitions':
str(parts),
'hardware.monitors':
str(System.Hardware.monitors()),
'hardware.screens':
str(System.Hardware.screens()),
'hardware.usbDevices':
str(System.Hardware.usb_devices()),
'hardware.printers':
str(System.Hardware.printers()),
'hardware.systemDefinitions':
str(System.Hardware.system_definitions()),
'hardware.model.version':
str(System.Hardware.machine_model()),
'hardware.memory.total':
System.Hardware.Memory.total(),
'hardware.network.ipAddresses':
str(System.Hardware.Network.ip_addresses()),
'sessions.userNames':
str(System.Sessions.user_name()),
'bios.releaseDate':
System.BIOS.release_date()[1].replace('\n', '')
if System.BIOS.release_date()[0] == 0 else 'n/a',
'bios.version':
System.BIOS.version()[1].replace('\n', '')
if System.BIOS.version()[0] == 0 else 'n/a',
'bios.vendor':
System.BIOS.vendor()[1].replace('\n', '')
if System.BIOS.vendor()[0] == 0 else 'n/a',
'hardware.baseboard.manufacturer':
System.Hardware.BaseBoard.manufacturer()[1].replace('\n', '')
if System.Hardware.BaseBoard.manufacturer()[0] == 0 else 'n/a',
'hardware.baseboard.version':
System.Hardware.BaseBoard.version()[1].replace('\n', '')
if System.Hardware.BaseBoard.version()[0] == 0 else 'n/a',
'hardware.baseboard.assetTag':
System.Hardware.BaseBoard.asset_tag()[1].replace('\n', '')
if System.Hardware.BaseBoard.asset_tag()[0] == 0 else 'n/a',
'hardware.baseboard.productName':
System.Hardware.BaseBoard.product_name()[1].replace('\n', '')
if System.Hardware.BaseBoard.product_name()[0] == 0 else 'n/a',
'hardware.baseboard.serialNumber':
System.Hardware.BaseBoard.serial_number()[1].replace('\n', '')
if System.Hardware.BaseBoard.serial_number()[0] == 0 else 'n/a',
}
return json.dumps(params)
def unregister(self):
self.logger.debug('Ahenk is unregistering...')
self.db_service.delete('registration', ' 1==1 ')
self.logger.debug('Ahenk is unregistered')
def re_register(self):
self.logger.debug('Reregistrating...')
self.unregister()
self.register(False)
def generate_uuid(self, depend_mac=True):
if depend_mac is False:
self.logger.debug('uuid creating randomly')
return uuid.uuid4() # make a random UUID
else:
self.logger.debug('uuid creating according to mac address')
return uuid.uuid3(
uuid.NAMESPACE_DNS, str(get_mac())
) # make a UUID using an MD5 hash of a namespace UUID and a mac address
def generate_password(self):
return uuid.uuid4()
def registration_timeout(self):
self.logger.error(
'Could not reach registration response from Lider. Be sure XMPP server is reachable and it supports anonymous message, Lider is running properly '
'and it is connected to XMPP server! Check your Ahenk configuration file (/etc/ahenk/ahenk.conf)'
)
self.logger.error('Ahenk is shutting down...')
print('Ahenk is shutting down...')
Util.show_message(
os.getlogin(), ':0',
"Lider MYS sistemine ulaşılamadı. Lütfen sunucu adresini kontrol ediniz....",
"HATA")
System.Process.kill_by_pid(int(System.Ahenk.get_pid_number()))
def purge_and_unregister(self):
try:
self.logger.info('Ahenk conf cleaned')
self.logger.info('Ahenk conf cleaning from db')
self.unregister()
directory_type = "LDAP"
if self.util.is_exist("/etc/ahenk/ad_info"):
directory_type = "AD"
if directory_type == "LDAP":
self.ldap_login_cancel.cancel()
else:
self.ad_login_cancel.cancel()
self.logger.info('Cleaning ahenk conf..')
self.clean()
self.logger.info('Ahenk conf cleaned from db')
if self.conf_manager.has_section('MACHINE'):
user_disabled = self.conf_manager.get("MACHINE",
"user_disabled")
self.logger.info('User disabled value=' + str(user_disabled))
if user_disabled != 'false':
self.logger.info('Enable Users')
self.enable_local_users()
else:
self.logger.info('Local users already enabled')
# İf desktop env is XFCE configured lightdm.service
if self.util.get_desktop_env() == "xfce":
pardus_xfce_path = "/usr/share/lightdm/lightdm.conf.d/99-pardus-xfce.conf"
if self.util.is_exist(pardus_xfce_path):
self.logger.info(
"99-pardus-xfce.conf exists. Deleting file.")
self.util.delete_file(pardus_xfce_path)
if self.util.get_desktop_env() == "gnome":
pardus_gnome_path = "/etc/gdm3/greeter.dconf-defaults"
if not self.util.is_exist(pardus_gnome_path):
self.logger.info("Gnome conf doesn't exist")
else:
reading_file = open(pardus_gnome_path, "r")
new_file_content = ""
for line in reading_file:
stripped_line = line.strip()
new_line = stripped_line.replace(
"disable-user-list=true",
"# disable-user-list=true")
new_file_content += new_line + "\n"
reading_file.close()
writing_file = open(pardus_gnome_path, "w")
writing_file.write(new_file_content)
writing_file.close()
self.logger.info("gdm.conf has been configured.")
Util.shutdown()
except Exception as e:
self.logger.error(
"Error while running purge_and_unregister process.. Error Message "
+ str(e))
#System.Process.kill_by_pid(int(System.Ahenk.get_pid_number()))
#sys.exit(2)
def change_configs_after_purge(self):
# pattern for clearing file data from spaces, tabs and newlines
pattern = re.compile(r'\s+')
ldap_back_up_file_path = "/usr/share/ahenk/pam_scripts_original/ldap"
ldap_original_file_path = "/usr/share/pam-configs/ldap"
pam_script_back_up_file_path = "/usr/share/ahenk/pam_scripts_original/pam_script"
pam_script_original_file_path = "/usr/share/pam-configs/pam_script"
if self.util.is_exist(ldap_back_up_file_path):
self.logger.info("Replacing {0} with {1}".format(
ldap_original_file_path, ldap_back_up_file_path))
self.util.copy_file(ldap_back_up_file_path,
ldap_original_file_path)
self.logger.info("Deleting {0}".format(ldap_back_up_file_path))
self.util.delete_file(ldap_back_up_file_path)
if self.util.is_exist(pam_script_back_up_file_path):
self.logger.info("Replacing {0} with {1}".format(
pam_script_original_file_path, pam_script_back_up_file_path))
self.util.copy_file(pam_script_back_up_file_path,
pam_script_original_file_path)
self.logger.info(
"Deleting {0}".format(pam_script_back_up_file_path))
self.util.delete_file(pam_script_back_up_file_path)
(result_code, p_out, p_err) = self.util.execute(
"DEBIAN_FRONTEND=noninteractive pam-auth-update --package")
if result_code == 0:
self.logger.info(
"'DEBIAN_FRONTEND=noninteractive pam-auth-update --package' has run successfully"
)
else:
self.logger.error(
"'DEBIAN_FRONTEND=noninteractive pam-auth-update --package' could not run successfully: "
+ p_err)
# Configure nsswitch.conf
file_ns_switch = open("/etc/nsswitch.conf", 'r')
file_data = file_ns_switch.read()
# cleared file data from spaces, tabs and newlines
text = pattern.sub('', file_data)
did_configuration_change = False
if "passwd:compatldap[NOTFOUND=return]db" in text:
file_data = file_data.replace(
"passwd: compat ldap [NOTFOUND=return] db",
"passwd: compat")
did_configuration_change = True
if "group:compatldap[NOTFOUND=return]db" in text:
file_data = file_data.replace(
"group: compat ldap [NOTFOUND=return] db",
"group: compat")
did_configuration_change = True
if "shadow:compatldap" in text:
file_data = file_data.replace("shadow: compat ldap",
"shadow: compat")
did_configuration_change = True
if "#gshadow:files" in text:
file_data = file_data.replace("#gshadow: files",
"gshadow: files")
did_configuration_change = True
if did_configuration_change:
self.logger.info("nsswitch.conf configuration has been configured")
else:
self.logger.info("nsswitch.conf has already been configured")
file_ns_switch.close()
file_ns_switch = open("/etc/nsswitch.conf", 'w')
file_ns_switch.write(file_data)
file_ns_switch.close()
# Configure ldap-cache
nss_update_cron_job_file_path = "/etc/cron.daily/nss-updatedb"
if self.util.is_exist(nss_update_cron_job_file_path):
self.util.delete_file(nss_update_cron_job_file_path)
self.logger.info(
"{0} is deleted.".format(nss_update_cron_job_file_path))
# Configure lightdm.service
pardus_xfce_path = "/usr/share/lightdm/lightdm.conf.d/99-pardus-xfce.conf"
if self.util.is_exist(pardus_xfce_path):
self.logger.info("99-pardus-xfce.conf exists. Deleting file.")
self.util.delete_file(pardus_xfce_path)
self.util.execute("systemctl restart nscd.service")
self.logger.info("Operation finished")
def clean(self):
print('Ahenk cleaning..')
import configparser
try:
config = configparser.ConfigParser()
config._interpolation = configparser.ExtendedInterpolation()
config.read(System.Ahenk.config_path())
db_path = config.get('BASE', 'dbPath')
if Util.is_exist(System.Ahenk.fifo_file()):
Util.delete_file(System.Ahenk.fifo_file())
if Util.is_exist(db_path):
Util.delete_file(db_path)
if Util.is_exist(System.Ahenk.pid_path()):
Util.delete_file(System.Ahenk.pid_path())
config.set('CONNECTION', 'uid', '')
config.set('CONNECTION', 'password', '')
config.set('MACHINE', 'user_disabled', 'false')
with open(System.Ahenk.config_path(), 'w') as file:
config.write(file)
file.close()
print('Ahenk cleaned.')
except Exception as e:
self.logger.error(
"Error while running clean command. Error Message " + str(e))
print(
'Error while running clean command. Error Message {0}'.format(
str(e)))
def enable_local_users(self):
passwd_cmd = 'passwd -u {}'
change_home = 'usermod -m -d {0} {1}'
change_username = '******'
content = self.util.read_file('/etc/passwd')
for p in pwd.getpwall():
if not sysx.shell_is_interactive(p.pw_shell):
continue
if p.pw_uid == 0:
continue
if p.pw_name in content:
new_home_dir = p.pw_dir.rstrip('-local/') + '/'
new_username = p.pw_name.rstrip('-local')
self.util.execute(passwd_cmd.format(p.pw_name))
self.util.execute(
change_username.format(new_username, p.pw_name))
self.util.execute(
change_home.format(new_home_dir, new_username))
self.logger.debug(
"User: '******' will be enabled and changed username and home directory of username"
.format(p.pw_name))
def disable_local_users(self):
passwd_cmd = 'passwd -l {}'
change_home = 'usermod -m -d {0} {1}'
change_username = '******'
content = Util.read_file('/etc/passwd')
kill_all_process = 'killall -KILL -u {}'
change_permisson = "chmod -R 700 {}"
add_user_conf_file = "/etc/adduser.conf"
file_dir_mode = open(add_user_conf_file, 'r')
file_data = file_dir_mode.read()
file_data = file_data.replace("DIR_MODE=0755", "DIR_MODE=0700")
file_dir_mode.close()
file_dir_mode = open(add_user_conf_file, 'w')
file_dir_mode.write(file_data)
file_dir_mode.close()
self.logger.info("add user mode changed to 0700 in file {}".format(
add_user_conf_file))
for p in pwd.getpwall():
self.logger.info(
"User: '******' will be disabled and changed username and home directory of username"
.format(p.pw_name))
if not sysx.shell_is_interactive(p.pw_shell):
continue
if p.pw_uid == 0:
continue
if p.pw_name in content:
new_home_dir = p.pw_dir.rstrip('/') + '-local/'
new_username = p.pw_name + '-local'
Util.execute(kill_all_process.format(p.pw_name))
Util.execute(passwd_cmd.format(p.pw_name))
Util.execute(change_username.format(new_username, p.pw_name))
Util.execute(change_home.format(new_home_dir, new_username))
Util.execute(change_permisson.format(new_home_dir))
