def check_sssd_settings(self): # configure sssd for language environment sssd_language_conf = "/etc/default/sssd" sssd_conf_path = "/etc/sssd/sssd.conf" ad_info = "/etc/ahenk/ad_info" registration = Scope.get_instance().get_registration() if registration.is_registered() and Util.is_exist(sssd_language_conf): file_default_sssd = open(sssd_language_conf, 'r') file_data = file_default_sssd.read() file_default_sssd.close() if "LC_ALL=\"tr_CY.UTF-8\"" not in file_data: file_data = file_data + "\n" + "LC_ALL=\"tr_CY.UTF-8\"" self.logger.info("added language environment for sssd") file_default_sssd = open(sssd_language_conf, 'w') file_default_sssd.write(file_data) file_default_sssd.close() Util.execute("systemctl restart sssd.service") if registration.is_registered() and Util.is_exist(sssd_conf_path) and Util.is_exist(ad_info): sssd_conf_data = Util.read_file_by_line(sssd_conf_path) isExist = False for line in sssd_conf_data: if "ad_domain" in line: isExist = True if isExist: sssd_conf_temp = open(sssd_conf_path, 'w') for line in sssd_conf_data: if "ad_domain" in line: line = line.replace("ad_domain", "ad_server") sssd_conf_temp.write(line) sssd_conf_temp.close() Util.execute("systemctl restart sssd.service") self.logger.info("replaced ad_domain parameter with ad_server") sssd_conf_temp.close()
class ExecuteCancelSSSDAdAuthentication: def __init__(self): scope = Scope().get_instance() self.logger = scope.get_logger() self.util = Util() self.ad_info_path = "/etc/ahenk/ad_info" def cancel(self): try: # Deleting packages require for AD entegration self.util.execute( "apt purge realmd sssd sssd-tools adcli krb5-user packagekit samba-common samba-common-bin samba-libs -y" ) self.util.execute("apt autoremove -y") # Read information about AD if self.util.is_exist(self.ad_info_path): file_data = self.util.read_file_by_line(self.ad_info_path) self.ip_address = file_data[0].strip("\n") self.host_name = file_data[1].strip("\n") self.logger.info(self.ip_address) self.logger.info(self.host_name) self.logger.info("Information read successfully from ad_info.") else: self.logger.error("ad_info file not found") if self.util.is_exist("/etc/sssd"): # self.util.delete_folder("/etc/sssd") self.logger.info("SSSD is deleted") else: self.logger.info("SSSD is not exist") # Re-Configure dhclient.conf deleting AD IP address dhclient_conf_path = "/etc/dhcp/dhclient.conf" file_dhclient = open(dhclient_conf_path, 'r') file_data = file_dhclient.read() if "prepend domain-name-servers {};".format( self.ip_address) in file_data: file_data = file_data.replace( ("prepend domain-name-servers {};".format( self.ip_address)), "#prepend domain-name-servers 127.0.0.1;") self.logger.info("dhclient is reconfigured") else: self.logger.error("dhclient is'not reconfigured") file_dhclient.close() file_dhclient = open(dhclient_conf_path, 'w') file_dhclient.write(file_data) file_dhclient.close() # Configure hosts for deleting AD "IP address" and "AD hostname" hosts_conf_path = "/etc/hosts" file_hosts = open(hosts_conf_path, 'r') file_data = file_hosts.read() if ("{0} {1}".format(self.ip_address, self.host_name)) in file_data: file_data = file_data.replace( ("{0} {1}".format(self.ip_address, self.host_name)), " ") self.logger.info("hosts is configured") else: self.logger.error("hosts is not configured") file_hosts.close() file_hosts = open(hosts_conf_path, 'w') file_hosts.write(file_data) file_hosts.close() # Configure common-session for deleting home directories for AD users common_session_conf_path = "/etc/pam.d/common-session" file_common_session = open(common_session_conf_path, 'r') file_data = file_common_session.read() if "session optional pam_mkhomedir.so skel=/etc/skel umask=077" in file_data: file_data = file_data.replace( "session optional pam_mkhomedir.so skel=/etc/skel umask=077", " ") self.logger.info("common-session is configured") else: self.logger.error("common session is not configured") file_common_session.close() file_common_session = open(common_session_conf_path, 'w') file_common_session.write(file_data) file_common_session.close() # Configure resolv.conf for deleting AD IP address resolv_conf_path = "/etc/resolv.conf" file_resolv = open(resolv_conf_path, 'r') file_data = file_resolv.read() if ("nameserver {0}".format(self.ip_address)) in file_data: file_data = file_data.replace( ("nameserver {0}".format(self.ip_address)), "") self.logger.info("resolv.conf is configured") else: self.logger.error("resolv is not configured") file_resolv.close() file_resolv = open(resolv_conf_path, 'w') file_resolv.write(file_data) file_resolv.close() # Deleting ad_info file if self.util.is_exist(self.ad_info_path): self.util.delete_file(self.ad_info_path) self.logger.info("Deleted ad_info file") else: self.logger.error("ad_info file not found") # Configure lightdm.service pardus_xfce_path = "/usr/share/lightdm/lightdm.conf.d/99-pardus-xfce.conf" if self.util.is_exist(pardus_xfce_path): self.logger.info("99-pardus-xfce.conf exists. Deleting file.") self.util.delete_file(pardus_xfce_path) self.util.execute("systemctl restart nscd.service") else: self.logger.info("99-pardus-xfce.conf not found") self.logger.info("AD Login iptal etme işlemi başarı ile sağlandı.") return True except Exception as e: self.logger.error(str(e)) self.logger.info( "AD Login İptal etme işlemi esnasında hata oluştu.") return False
class ExecuteSSSDAdAuthentication: def __init__(self): scope = Scope().get_instance() self.logger = scope.get_logger() self.util = Util() self.system = System() def authenticate(self, domain_name, host_name, ip_address, password, ad_username, dynamic_dns_update): try: # Installation of required packages (result_code, p_out, p_err) = self.util.execute( "sudo apt-get -y install realmd") if (result_code == 0): self.logger.info("İndirmeler Başarılı") else: self.logger.error("İndirmeler Başarısız : " + str(p_err)) # Split datas that Lider send self.logger.info(host_name) self.logger.info(ip_address) ip_address_split = ip_address.split(",") host_name_split = host_name.split(",") ip_address = ip_address_split[0] host_name = host_name_split[0] # Execute the commands that require for leave (result_code, p_out, p_err) = self.util.execute("realm leave") if (result_code == 0): self.logger.info("Realm Leave komutu başarılı") else: self.logger.error("Realm Leave komutu başarısız : " + str(p_err)) # Create and Configure ad_info file (result_code, p_out, p_err) = self.util.execute("touch /etc/ahenk/ad_info") if (result_code == 0): self.logger.info("AD INFO başarılı bir şekilde oluşturuldu") # Configure ad_info for deregisteration info default_ad_info_path = "/etc/ahenk/ad_info" file_default_ad_info = open(default_ad_info_path, 'r') file_data = file_default_ad_info.read() file_data = file_data + ("{}".format(ip_address_split)) + "\n" + ( "{}".format(host_name_split)) + "\n" + ( "{}".format(domain_name)) + "\n" + ("{}".format(ad_username)) self.logger.info("/etc/ahenk/ad_info bilgiler girildi.") file_default_ad_info.close() file_default_ad_info = open(default_ad_info_path, 'w') file_default_ad_info.write(file_data) file_default_ad_info.close() else: self.logger.error("ad_info oluşturma komutu başarısız : " + str(p_err)) self.logger.info("Authenticate starting....") # Configure /etc/dhcp/dhclient.conf dhclient_conf_path = "/etc/dhcp/dhclient.conf" dhc_conf = self.util.read_file_by_line(dhclient_conf_path, "r") dhc_conf_temp = open(dhclient_conf_path, 'w') for lines in dhc_conf: if (lines == "#prepend domain-name-servers 127.0.0.1;\n"): lines = lines.replace(lines, ("prepend domain-name-servers {};\n".format(ip_address))) dhc_conf_temp.write(lines) dhc_conf_temp.close() file_default_dhcp = open(dhclient_conf_path, 'r') file_data = file_default_dhcp.read() if ("prepend domain-name-servers {};\n".format(ip_address)) not in file_data: file_data = file_data + "\n" + ("prepend domain-name-servers {};".format(ip_address)) file_default_dhcp.close() file_default_dhcp = open(dhclient_conf_path, 'w') file_default_dhcp.write(file_data) file_default_dhcp.close() # Configure /etc/resolv.conf resolve_conf_path = "/etc/resolv.conf" resolve_conf = self.util.read_file_by_line(resolve_conf_path, "r") resolve_conf_temp = open(resolve_conf_path, 'w') for lines in resolve_conf: if (lines == ("nameserver {}\n".format(ip_address))): continue lines = lines.replace(lines, ("#" + lines)) resolve_conf_temp.write(lines) resolve_conf_temp.close() file_default_resolve = open(resolve_conf_path, 'r') file_data = file_default_resolve.read() if ("nameserver {}\n".format(ip_address)) not in file_data: file_data = file_data + "\n" + ("nameserver {}\n".format(ip_address)) self.logger.info("/etc/resolv.conf is configured") file_default_resolve.close() file_default_resolve = open(resolve_conf_path, 'w') file_default_resolve.write(file_data) file_default_resolve.close() # Configure /etc/hosts host_path = "/etc/hosts" file_default_hosts = open(host_path, 'r') file_data = file_default_hosts.read() for ips, hostnames in zip(ip_address_split, host_name_split): file_data = file_data + "\n" + ips + " " + hostnames + " " + domain_name file_default_hosts.close() file_default_hosts = open(host_path, 'w') file_default_hosts.write(file_data) file_default_hosts.close() # Execute the script that required for "samba-common" and "krb5" (result_code, p_out, p_err) = self.util.execute( "/bin/bash /usr/share/ahenk/base/registration/scripts/ad.sh {0} {1}".format(domain_name.upper(), host_name)) if (result_code == 0): self.logger.info("Script başarılı bir şekilde çalıştırıldı.") else: self.logger.error("Script başarısız oldu : " + str(p_err)) # Installation of required packages (result_code, p_out, p_err) = self.util.execute( "sudo apt-get -y install sssd sssd-tools adcli packagekit samba-common-bin samba-libs") if (result_code == 0): self.logger.info("İndirmeler Başarılı") else: self.logger.error("İndirmeler Başarısız : " + str(p_err)) # Configure pam.d/common-session pamd_common_session_path = "/etc/pam.d/common-session" file_default_pam = open(pamd_common_session_path, 'r') file_data = file_default_pam.read() if "session optional pam_mkhomedir.so skel=/etc/skel umask=077" not in file_data: file_data = file_data + "\n" + "session optional pam_mkhomedir.so skel=/etc/skel umask=077" self.logger.info("/etc/pam.d/common-session is configured") file_default_pam.close() file_default_pam = open(pamd_common_session_path, 'w') file_default_pam.write(file_data) file_default_pam.close() self.discover_try_counter2 = 0 try: while (True): self.discover_try_counter2 = self.discover_try_counter2 + 1 if (self.discover_try_counter2 == 5): break else: (result_code, p_out, p_err) = self.util.execute("realm discover {}".format(domain_name.upper())) if (result_code == 0): self.logger.info("Realm Discover komutu başarılı") break else: self.logger.error("Realm Discover komutu başarısız : ") time.sleep(2) except Exception as e: self.logger.error(e) self.logger.info("Active Directory Discover işlemi esnasında hata oluştu.") self.join_try_counter = 0 try: while (True): self.join_try_counter = self.join_try_counter + 1 if (self.join_try_counter == 5): break else: (result_code, p_out, p_err) = self.util.execute( "echo \"{0}\" | realm join --user={1} {2}".format(password, ad_username, domain_name.upper())) if (result_code == 0): self.logger.info("Realm Join komutu başarılı") break else: self.logger.error("Realm Join komutu başarısız : ") time.sleep(2) except Exception as e: self.logger.error(e) self.logger.info("Active Directory Join işlemi esnasında hata oluştu.") # DynamicDNSUpdate in Active Directory if dynamic_dns_update == True: self.logger.info("dynamicDNSUpdate is Activated") # Installation of required packages (result_code, p_out, p_err) = self.util.execute( "sudo apt-get -y install dnsutils") if (result_code == 0): self.logger.info("İndirmeler Başarılı") else: self.logger.error("İndirmeler Başarısız : " + str(p_err)) # Configure sssd template sssd_config_template_path = "/usr/share/ahenk/base/registration/config-files/sssd_ad_dns.conf" sssd_config_folder_path = "/etc/sssd" sssd_config_file_path = "/etc/sssd/sssd.conf" if not self.util.is_exist(sssd_config_folder_path): self.util.create_directory(sssd_config_folder_path) self.logger.info("{0} folder is created".format(sssd_config_folder_path)) if self.util.is_exist(sssd_config_file_path): self.util.delete_file(sssd_config_file_path) self.logger.info("delete sssd org conf") self.util.copy_file(sssd_config_template_path, sssd_config_folder_path) self.logger.info( "{0} config file is copied under {1}".format(sssd_config_template_path, sssd_config_folder_path)) self.util.rename_file("/etc/sssd/sssd_ad_dns.conf", "/etc/sssd/sssd.conf") # Configure sssd.conf file_sssd = open(sssd_config_file_path, 'r') file_data = file_sssd.read() file_data = file_data.replace("###domains###", "domains = {}".format(domain_name)) file_data = file_data.replace("###[domain/###", "[domain/{}]".format(domain_name)) file_data = file_data.replace("###ad_domain###", "ad_domain = {}".format(domain_name)) file_data = file_data.replace("###krb5_realm###", "krb5_realm = {}".format(domain_name.upper())) file_data = file_data.replace("###ad_hostname###", "ad_hostname = {0}.{1}".format(self.system.Os.hostname(), domain_name.lower())) file_sssd.close() file_sssd = open(sssd_config_file_path, 'w') file_sssd.write(file_data) file_sssd.close() # Arrangement of chmod as 600 for sssd.conf (result_code, p_out, p_err) = self.util.execute("chmod 600 {}".format(sssd_config_file_path)) if (result_code == 0): self.logger.info("Chmod komutu başarılı bir şekilde çalıştırıldı") else: self.logger.error("Chmod komutu başarısız : " + str(p_err)) else: self.logger.info("dynamicDNSUpdate is NOT Activated") # Configure sssd template sssd_config_template_path = "/usr/share/ahenk/base/registration/config-files/sssd_ad.conf" sssd_config_folder_path = "/etc/sssd" sssd_config_file_path = "/etc/sssd/sssd.conf" if not self.util.is_exist(sssd_config_folder_path): self.util.create_directory(sssd_config_folder_path) self.logger.info("{0} folder is created".format(sssd_config_folder_path)) if self.util.is_exist(sssd_config_file_path): self.util.delete_file(sssd_config_file_path) self.logger.info("delete sssd org conf") self.util.copy_file(sssd_config_template_path, sssd_config_folder_path) self.logger.info( "{0} config file is copied under {1}".format(sssd_config_template_path, sssd_config_folder_path)) self.util.rename_file("/etc/sssd/sssd_ad.conf", "/etc/sssd/sssd.conf") # Configure sssd.conf file_sssd = open(sssd_config_file_path, 'r') file_data = file_sssd.read() file_data = file_data.replace("###domains###", "domains = {}".format(domain_name)) file_data = file_data.replace("###[domain/###", "[domain/{}]".format(domain_name)) file_data = file_data.replace("###ad_domain###", "ad_domain = {}".format(domain_name)) file_data = file_data.replace("###krb5_realm###", "krb5_realm = {}".format(domain_name.upper())) file_sssd.close() file_sssd = open(sssd_config_file_path, 'w') file_sssd.write(file_data) file_sssd.close() # Arrangement of chmod as 600 for sssd.conf (result_code, p_out, p_err) = self.util.execute("chmod 600 {}".format(sssd_config_file_path)) if (result_code == 0): self.logger.info("Chmod komutu başarılı bir şekilde çalıştırıldı") else: self.logger.error("Chmod komutu başarısız : " + str(p_err)) # Configure krb5 template krb5_config_template_path = "/usr/share/ahenk/base/registration/config-files/krb5_ad.conf" krb5_config_folder_path = "/etc" krb5_config_file_path = "/etc/krb5.conf" if not self.util.is_exist(krb5_config_folder_path): self.util.create_directory(krb5_config_folder_path) self.logger.info("{0} folder is created".format(krb5_config_folder_path)) if self.util.is_exist(krb5_config_file_path): self.util.delete_file(krb5_config_file_path) self.logger.info("delete krb5 org conf") self.util.copy_file(krb5_config_template_path, krb5_config_folder_path) self.logger.info( "{0} config file is copied under {1}".format(krb5_config_template_path, krb5_config_folder_path)) self.util.rename_file("/etc/krb5_ad.conf", "/etc/krb5.conf") # Configure krb5_ad.conf file_krb5 = open(krb5_config_file_path, 'r') file_data = file_krb5.read() file_data = file_data.replace("###default_realm###", "default_realm = {}".format(domain_name.upper())) file_krb5.close() file_krb5 = open(krb5_config_file_path, 'w') file_krb5.write(file_data) file_krb5.close() # Arrangement of chmod as 644 for krb5_ad.conf (result_code, p_out, p_err) = self.util.execute("chmod 644 {}".format(krb5_config_file_path)) if (result_code == 0): self.logger.info("Chmod komutu başarılı bir şekilde çalıştırıldı") else: self.logger.error("Chmod komutu başarısız : " + str(p_err)) # Configure sssd for language environment default_sssd_path = "/etc/default/sssd" file_default_sssd = open(default_sssd_path, 'r') file_data = file_default_sssd.read() if not self.util.is_exist(default_sssd_path): self.util.create_directory(default_sssd_path) self.logger.info("{0} folder is created".format(default_sssd_path)) if self.util.is_exist(default_sssd_path): self.util.delete_file(default_sssd_path) self.logger.info("delete sssd org conf") if "LC_ALL=\"tr_CY.UTF-8\"" not in file_data: file_data = file_data + "\n" + "LC_ALL=\"tr_CY.UTF-8\"" self.logger.info("/etc/default/sssd is configured") file_default_sssd.close() file_default_sssd = open(default_sssd_path, 'w') file_default_sssd.write(file_data) file_default_sssd.close() self.util.execute("systemctl restart nscd.service") self.logger.info("AD Login operation has been completed.") self.logger.info("AD Login işlemi başarı ile sağlandı.") return True except Exception as e: self.logger.error(str(e)) self.logger.info("AD Login işlemi esnasında hata oluştu.") return False
class ExecuteCancelSSSDAdAuthentication: def __init__(self): scope = Scope().get_instance() self.logger = scope.get_logger() self.util = Util() self.system = System() self.ad_info_path = "/etc/ahenk/ad_info" def cancel(self): try: # Read information about AD if self.util.is_exist(self.ad_info_path): file_data = self.util.read_file_by_line(self.ad_info_path) self.ip_list = file_data[0].strip("\n").replace("[", "").replace( "]", "") self.host_list = file_data[1].strip("\n").replace("[", "").replace( "]", "") self.domain_name = file_data[2].strip("\n") self.ip_address = self.ip_list.split(", ") self.host_name = self.host_list.split(", ") self.ip_address[0] = self.ip_address[0].replace("'", "") self.host_name[0] = self.host_name[0].replace("'", "") self.logger.info(self.ip_address) self.logger.info(self.host_name) self.logger.info(self.domain_name) self.logger.info(self.ip_list) self.logger.info(self.host_list) self.logger.info("Information read successfully from ad_info.") else: self.logger.error("ad_info file not found") # Leave old domain (result_code, p_out, p_err) = self.util.execute("realm leave ") if (result_code == 0): self.logger.info("Realm Leave komutu başarılı") else: self.logger.error("Realm Leave komutu başarısız : " + str(p_err)) # Re-Configure dhclient.conf deleting AD IP address dhclient_conf_path = "/etc/dhcp/dhclient.conf" file_dhclient = open(dhclient_conf_path, 'r') file_data = file_dhclient.read() if "prepend domain-name-servers {};".format( self.ip_address[0]) in file_data: file_data = file_data.replace( ("prepend domain-name-servers {};".format( self.ip_address[0])), "#prepend domain-name-servers 127.0.0.1;") self.logger.info("dhclient is reconfigured") else: self.logger.error("dhclient is'not reconfigured") file_dhclient.close() file_dhclient = open(dhclient_conf_path, 'w') file_dhclient.write(file_data) file_dhclient.close() # Configure hosts for deleting AD "IP address" and "AD hostname" hosts_conf_path = "/etc/hosts" file_hosts = open(hosts_conf_path, 'r') file_data = file_hosts.read() for ip, host in zip(self.ip_address, self.host_name): ip = ip.replace("'", "") host = host.replace("'", "") if ("{0} {1} {2}".format(ip, host, self.domain_name)) in file_data: file_data = file_data.replace(("{0} {1} {2}".format( ip, host, self.domain_name)), " ") file_hosts.close() file_hosts = open(hosts_conf_path, 'w') file_hosts.write(file_data) file_hosts.close() # Configure common-session for deleting home directories for AD users common_session_conf_path = "/etc/pam.d/common-session" file_common_session = open(common_session_conf_path, 'r') file_data = file_common_session.read() if "session optional pam_mkhomedir.so skel=/etc/skel umask=077" in file_data: file_data = file_data.replace( "session optional pam_mkhomedir.so skel=/etc/skel umask=077", " ") self.logger.info("common-session is configured") else: self.logger.error("common session is not configured") file_common_session.close() file_common_session = open(common_session_conf_path, 'w') file_common_session.write(file_data) file_common_session.close() # Configure resolv.conf for deleting AD IP address resolv_conf_path = "/etc/resolv.conf" file_resolv = open(resolv_conf_path, 'r') file_data = file_resolv.read() if ("nameserver {0}".format(self.ip_address[0])) in file_data: file_data = file_data.replace( ("nameserver {0}".format(self.ip_address[0])), "") self.logger.info("resolv.conf is configured") else: self.logger.error("resolv is not configured") file_resolv.close() file_resolv = open(resolv_conf_path, 'w') file_resolv.write(file_data) file_resolv.close() # Deleting ad_info file if self.util.is_exist(self.ad_info_path): self.util.delete_file(self.ad_info_path) self.logger.info("Deleted ad_info file") else: self.logger.error("ad_info file not found") self.logger.info("AD Login iptal etme işlemi başarı ile sağlandı.") return True except Exception as e: self.logger.error(str(e)) self.logger.info( "AD Login İptal etme işlemi esnasında hata oluştu.") return False