From 75105add68a14627750a98ade5d65a9117125a50 Mon Sep 17 00:00:00 2001 From: Michael McGrath Date: Mon, 3 Mar 2008 14:34:29 -0600 Subject: [PATCH] use already existing methods for enabling db and pam_security --- fas/client/fas.conf | 5 ++ fas/client/fasClient.py | 101 ++++++++++++++++++++++------------------ 2 files changed, 61 insertions(+), 45 deletions(-) diff --git a/fas/client/fas.conf b/fas/client/fas.conf index 160dcc8..2b075b4 100644 --- a/fas/client/fas.conf +++ b/fas/client/fas.conf @@ -1,6 +1,11 @@ [global] url = http://localhost:8088/fas/ temp = /var/db +login = admin +password = admin + +[host] +groups = accounts,fedorabugs [users] # default user info diff --git a/fas/client/fasClient.py b/fas/client/fasClient.py index d8fa719..04832b4 100755 --- a/fas/client/fasClient.py +++ b/fas/client/fasClient.py @@ -95,12 +95,15 @@ FAS_URL = config.get('global', 'url') class MakeShellAccounts(BaseClient): temp = None + groups = None + People = None def mk_tempdir(self): self.temp = tempfile.mkdtemp('-tmp', 'fas-', config.get('global', 'temp')) def rm_tempdir(self): rmtree(self.temp) + def shadow_text(self, people=None): i = 0 @@ -121,18 +124,20 @@ class MakeShellAccounts(BaseClient): def passwd_text(self, people=None): i = 0 file = open(self.temp + '/passwd.txt', 'w') - if not people: + if not self.people: people = self.people_list() - for person in people: - uid = person['id'] - username = person['username'] - human_name = person['human_name'] - home_dir = "%s/%s" % (config.get('users', 'home'), username) - shell = config.get('users', 'shell') - file.write("=%s %s:x:%i:%i:%s:%s:%s\n" % (uid, username, uid, uid, human_name, home_dir, shell)) - file.write("0%i %s:x:%i:%i:%s:%s:%s\n" % (i, username, uid, uid, human_name, home_dir, shell)) - file.write(".%s %s:x:%i:%i:%s:%s:%s\n" % (username, username, uid, uid, human_name, home_dir, shell)) - i = i + 1 + local_groups = config.get('host', 'groups') + for group in local_groups.split(','): + for person in people: + uid = person['id'] + username = person['username'] + human_name = person['human_name'] + home_dir = "%s/%s" % (config.get('users', 'home'), username) + shell = config.get('users', 'shell') + file.write("=%s %s:x:%i:%i:%s:%s:%s\n" % (uid, username, uid, uid, human_name, home_dir, shell)) + file.write("0%i %s:x:%i:%i:%s:%s:%s\n" % (i, username, uid, uid, human_name, home_dir, shell)) + file.write(".%s %s:x:%i:%i:%s:%s:%s\n" % (username, username, uid, uid, human_name, home_dir, shell)) + i = i + 1 file.close() def groups_text(self, groups=None, people=None): @@ -176,18 +181,18 @@ class MakeShellAccounts(BaseClient): def group_list(self, search='*'): params = {'search' : search} - data = self.send_request('group/list', auth=True, input=params) - return data - + self.groups = self.send_request('group/list', auth=True, input=params) + return self.groups + def people_list(self, search='*'): params = {'search' : search} - data = self.send_request('user/list', auth=True, input=params) - return data['people'] + self.people = self.send_request('user/list', auth=True, input=params)['people'] + return self.people def make_group_db(self): self.groups_text() os.system('makedb -o %s/group.db %s/group.txt' % (self.temp, self.temp)) - + def make_passwd_db(self): self.passwd_text() os.system('makedb -o %s/passwd.db %s/passwd.txt' % (self.temp, self.temp)) @@ -216,44 +221,54 @@ class MakeShellAccounts(BaseClient): print "ERROR: Could not write group db - %s" % e def enable(): - old = open('/etc/nsswitch.conf', 'r') - new = open('/tmp/.fas.nsswitch.conf', 'w') + temp = tempfile.mkdtemp('-tmp', 'fas-', config.get('global', 'temp')) + + old = open('/etc/sysconfig/authconfig', 'r') + new = open(temp + '/authconfig', 'w') for line in old: - if line.startswith('passwd') or line.startswith('shadow') or line.startswith('group'): - parts = line.split() - if 'db' in parts: - print "%s already has db enabled" % parts[0].split(':')[0] - else: - line = line.strip('\n') - line += ' db\n' - new.write(line) + if line.startswith("USEDB"): + new.write("USEDB=yes\n") + else: + new.write(line) new.close() + old.close() try: - move('/tmp/.fas.nsswitch.conf', '/etc/nsswitch.conf') + move(temp + '/authconfig', '/etc/sysconfig/authconfig') except IOError, e: - print "ERROR: Could not write nsswitch.conf - %s" % e + print "ERROR: Could not write /etc/sysconfig/authconfig - %s" % e + sys.exit(5) + os.system('/usr/sbin/authconfig --enablepamaccess --updateall') + rmtree(temp) def disable(): - old = open('/etc/nsswitch.conf', 'r') - new = open('/tmp/.fas.nsswitch.conf', 'w') + temp = tempfile.mkdtemp('-tmp', 'fas-', config.get('global', 'temp')) + old = open('/etc/sysconfig/authconfig', 'r') + new = open(temp + '/authconfig', 'w') for line in old: - if line.startswith('passwd') or line.startswith('shadow') or line.startswith('group'): - parts = line.split() - if 'db' in parts: - line = line.replace(' db', '') - else: - print "%s already has db disabled" % parts[0].split(':')[0] - new.write(line) + if line.startswith("USEDB"): + new.write("USEDB=no\n") + else: + new.write(line) + old.close() new.close() try: - move('/tmp/.fas.nsswitch.conf', '/etc/nsswitch.conf') + move(temp + '/authconfig', '/etc/sysconfig/authconfig') except IOError, e: - print "ERROR: Could not write nsswitch.conf - %s" % e + print "ERROR: Could not write /etc/sysconfig/authconfig - %s" % e + sys.exit(5) + os.system('/usr/sbin/authconfig --disablepamaccess --updateall') + rmtree(temp) + if __name__ == '__main__': + if opts.enable: + enable() + if opts.disable: + disable() + if opts.install: try: - fas = MakeShellAccounts(FAS_URL, 'admin', 'admin', False) + fas = MakeShellAccounts(FAS_URL, config.get('global', 'login'), config.get('global', 'password'), False) except AuthError, e: print >> sys.stderr, e sys.exit(1) @@ -268,9 +283,5 @@ if __name__ == '__main__': if not opts.no_shadow: fas.install_shadow_db() fas.rm_tempdir() - if opts.enable: - enable() - if opts.disable: - disable() if not (opts.install or opts.enable or opts.disable): parser.print_help()