def delete_account(self, user):
"""
Delete the 'user'.
Clear utmp first, to avoid error.
Removes the /etc/sudoers.d/waagent file.
"""
userentry = None
try:
userentry = pwd.getpwnam(user)
except (EnvironmentError, KeyError):
pass
if userentry is None:
logger.error("DeleteAccount: " + user + " not found.")
return
uidmin = None
try:
if os.path.isfile("/etc/login.defs"):
uidmin = int(
ext_utils.get_line_starting_with("UID_MIN", "/etc/login.defs").split()[1])
except (ValueError, KeyError, AttributeError, EnvironmentError):
pass
if uidmin is None:
uidmin = 100
if userentry[2] < uidmin:
logger.error(
"DeleteAccount: " + user + " is a system user. Will not delete account.")
return
# empty contents of utmp to prevent error if we are the 'user' deleted
ext_utils.run_command_and_write_stdout_to_file(['echo'], '/var/run/utmp')
ext_utils.run(['rmuser', '-y', user], chk_err=False)
try:
os.remove(self.sudoers_dir_base + "/sudoers.d/waagent")
except EnvironmentError:
pass
return
def delete_account(self, user):
"""
Delete the 'user'.
Clear utmp first, to avoid error.
Removes the /etc/sudoers.d/waagent file.
"""
user_entry = None
try:
user_entry = pwd.getpwnam(user)
except (KeyError, EnvironmentError):
pass
if user_entry is None:
logger.error("DeleteAccount: " + user + " not found.")
return
uid_min = None
try:
uid_min = int(ext_utils.get_line_starting_with("UID_MIN", "/etc/login.defs").split()[1])
except (ValueError, KeyError, AttributeError, EnvironmentError):
pass
if uid_min is None:
uid_min = 100
if user_entry[2] < uid_min:
logger.error(
"DeleteAccount: " + user + " is a system user. Will not delete account.")
return
ext_utils.run(['rm', '-f', '/var/run/utmp']) # Delete utmp to prevent error if we are the 'user' deleted
ext_utils.run(['userdel', '-f', '-r', user])
try:
os.remove("/etc/sudoers.d/waagent")
except EnvironmentError:
pass
return
def get_my_distro(config):
if 'FreeBSD' in platform.system():
return FreeBSDDistro(config)
if os.path.isfile(constants.os_release):
os_name = ext_utils.get_line_starting_with("NAME", constants.os_release)
elif os.path.isfile(constants.system_release):
os_name = ext_utils.get_file_contents(constants.system_release)
else:
return GenericDistro(config)
if os_name is not None:
if re.search("fedora", os_name, re.IGNORECASE):
# Fedora
return FedoraDistro(config)
if re.search("red\s?hat", os_name, re.IGNORECASE):
# Red Hat
return RedhatDistro(config)
if re.search("centos", os_name, re.IGNORECASE):
# CentOS
return CentOSDistro(config)
if re.search("coreos", os_name, re.IGNORECASE):
# CoreOs
return CoreOSDistro(config)
if re.search("freebsd", os_name, re.IGNORECASE):
# FreeBSD
return FreeBSDDistro(config)
return GenericDistro(config)
def create_account(self, user, password, expiration, thumbprint):
"""
Create a user account, with 'user', 'password', 'expiration', ssh keys
and sudo permissions.
Returns None if successful, error string on failure.
"""
userentry = None
try:
userentry = pwd.getpwnam(user)
except (EnvironmentError, KeyError):
pass
uidmin = None
try:
uidmin = int(ext_utils.get_line_starting_with("UID_MIN", "/etc/login.defs").split()[1])
except (ValueError, KeyError, AttributeError, EnvironmentError):
pass
if uidmin is None:
uidmin = 100
if userentry is not None and userentry[2] < uidmin and userentry[2] != self.CORE_UID:
logger.error(
"CreateAccount: " + user + " is a system user. Will not set password.")
return "Failed to set password for system user: "******" (0x06)."
if userentry is None:
command = ['useradd', '--create-home', '--password', '*', user]
if expiration is not None:
command += ['--expiredate', expiration.split('.')[0]]
if ext_utils.run(command):
logger.error("Failed to create user account: " + user)
return "Failed to create user account: " + user + " (0x07)."
else:
logger.log("CreateAccount: " + user + " already exists. Will update password.")
if password is not None:
self.change_password(user, password)
try:
if password is None:
ext_utils.set_file_contents("/etc/sudoers.d/waagent", user + " ALL = (ALL) NOPASSWD: ALL\n")
else:
ext_utils.set_file_contents("/etc/sudoers.d/waagent", user + " ALL = (ALL) ALL\n")
os.chmod("/etc/sudoers.d/waagent", 0o440)
except EnvironmentError:
logger.error("CreateAccount: Failed to configure sudo access for user.")
return "Failed to configure sudo privileges (0x08)."
home = self.get_home()
if thumbprint is not None:
ssh_dir = home + "/" + user + "/.ssh"
ext_utils.create_dir(ssh_dir, user, 0o700)
pub = ssh_dir + "/id_rsa.pub"
prv = ssh_dir + "/id_rsa"
ext_utils.run_command_and_write_stdout_to_file(['ssh-keygen', '-y', '-f', thumbprint + '.prv'], pub)
ext_utils.set_file_contents(prv, ext_utils.get_file_contents(thumbprint + ".prv"))
for f in [pub, prv]:
os.chmod(f, 0o600)
ext_utils.change_owner(f, user)
ext_utils.set_file_contents(ssh_dir + "/authorized_keys", ext_utils.get_file_contents(pub))
ext_utils.change_owner(ssh_dir + "/authorized_keys", user)
logger.log("Created user account: " + user)
return None
def get_home(self):
"""
Attempt to guess the $HOME location.
Return the path string.
"""
home = None
try:
home = ext_utils.get_line_starting_with("HOME", "/etc/default/useradd").split('=')[1].strip()
except (ValueError, KeyError, AttributeError, EnvironmentError):
pass
if (home is None) or (not home.startswith("/")):
home = "/home"
return home
def _get_default_ssh_config_filename():
if os.path.isfile(constants.os_release):
os_name = ext_utils.get_line_starting_with("NAME", constants.os_release)
elif os.path.isfile(constants.system_release):
os_name = ext_utils.get_file_contents(constants.system_release)
else:
return "default"
if os_name is not None:
# the default ssh config files are present in
# /var/lib/waagent/Microsoft.OSTCExtensions.VMAccessForLinux-<version>/resources/
if re.search("centos", os_name, re.IGNORECASE):
return "centos_default"
if re.search("debian", os_name, re.IGNORECASE):
return "debian_default"
if re.search("fedora", os_name, re.IGNORECASE):
return "fedora_default"
if re.search("red\s?hat", os_name, re.IGNORECASE):
return "redhat_default"
if re.search("suse", os_name, re.IGNORECASE):
return "SuSE_default"
if re.search("ubuntu", os_name, re.IGNORECASE):
return "ubuntu_default"
return "default"
