From 54d42a6c7b770df86e07bf09d9ce7fb5ca3fe176 Mon Sep 17 00:00:00 2001 From: =?UTF-8?q?Tuncay=20=C3=87OLAK?= Date: Tue, 6 Oct 2020 14:00:55 +0300 Subject: [PATCH] Syncing /usr/share/ahenk to src and recreating ahenk.install --- usr/share/ahenk/ahenkd.py | 4 +- .../ahenk/base/command/command_manager.py | 2 + .../ahenk/base/command/command_runner.py | 47 +++++++------- .../ahenk/base/database/ahenk_db_service.py | 35 +++++++++- usr/share/ahenk/base/messaging/messaging.py | 3 +- usr/share/ahenk/base/plugin/plugin.py | 16 +++-- usr/share/ahenk/base/system/system.py | 10 ++- usr/share/ahenk/base/util/util.py | 30 ++++++++- usr/share/ahenk/plugins/browser/policy.py | 7 +- .../ahenk/plugins/conky/execute_conky.py | 41 ++++++++---- .../ahenk/plugins/conky/execute_xmessage.py | 65 +++++++++---------- usr/share/ahenk/plugins/conky/policy.py | 11 ++-- usr/share/ahenk/plugins/conky/safe.py | 4 +- .../ahenk/plugins/login-manager/policy.py | 6 +- usr/share/ahenk/plugins/login-manager/safe.py | 10 +-- .../plugins/login-manager/scripts/check.py | 13 ++-- .../plugins/remote-access/setup-vnc-server.py | 54 +++++---------- usr/share/libpam-script/pam_script_ses_close | 7 ++ usr/share/libpam-script/pam_script_ses_open | 18 ++++- 19 files changed, 234 insertions(+), 149 deletions(-) diff --git a/usr/share/ahenk/ahenkd.py b/usr/share/ahenk/ahenkd.py index 2689662..ebcef46 100644 --- a/usr/share/ahenk/ahenkd.py +++ b/usr/share/ahenk/ahenkd.py @@ -245,7 +245,7 @@ class AhenkDaemon(BaseDaemon): Util.create_file(System.Ahenk.fifo_file()) Util.set_permission(System.Ahenk.fifo_file(), '600') - def set_register_user(self, hostName, username, password,directoryServer): + def set_register_user(self, hostName, username, password): self.register_hostname=hostName self.register_user_name=username self.register_user_password=password @@ -355,7 +355,7 @@ if __name__ == '__main__': ahenk_daemon = AhenkDaemon(System.Ahenk.pid_path()) try: if len(sys.argv) == 2 and (sys.argv[1] in ('start', 'stop', 'restart', 'status')): - ahenk_daemon.set_register_user(None, None, None, None) + ahenk_daemon.set_register_user(None, None, None) if sys.argv[1] == 'start': if System.Ahenk.is_running() is True: print('There is already running Ahenk service. It will be killed.[{0}]'.format( diff --git a/usr/share/ahenk/base/command/command_manager.py b/usr/share/ahenk/base/command/command_manager.py index e0ac778..5f63027 100644 --- a/usr/share/ahenk/base/command/command_manager.py +++ b/usr/share/ahenk/base/command/command_manager.py @@ -45,6 +45,8 @@ class Commander(object): data['desktop'] = params[3] data['display'] = params[4] if len(params) == 6: + data['domain'] = params[5] + if len(params) == 7: data['ip'] = params[5] elif len(params) == 3 and params[1] == 'logout': diff --git a/usr/share/ahenk/base/command/command_runner.py b/usr/share/ahenk/base/command/command_runner.py index e961449..25a1ef6 100644 --- a/usr/share/ahenk/base/command/command_runner.py +++ b/usr/share/ahenk/base/command/command_runner.py @@ -57,6 +57,8 @@ class CommandRunner(object): if event is None: break json_data = json.loads(event) + self.logger.info(event) + except Exception as e: self.logger.error( 'A problem occurred while loading json. Check json format! Error Message: {0}.' @@ -64,7 +66,6 @@ class CommandRunner(object): return if json_data is not None: - self.logger.debug('Signal handled') self.logger.debug('Signal is :{0}'.format(str(json_data['event']))) @@ -77,27 +78,24 @@ class CommandRunner(object): if 'ip' in json_data: ip = json_data['ip'] + domain = None + if 'domain' in json_data: + domain = json_data['domain'] + self.logger.info('login event is handled for user: {0}'.format(username)) + self.logger.info('login parameters of login user, username: {0}, display: {1}, desktop: {2}, domain: {3}'.format(username, display, desktop, domain)) + Util.execute("systemctl restart sssd.service") login_message = self.message_manager.login_msg(username,ip) self.messenger.send_direct_message(login_message) - agreement = Agreement() agreement_choice = None - ## Default policy for users - - self.logger.info("Applying default policies for user {0}".format(username)) - self.default_policy.default_firefox_policy(username) - self.default_policy.disable_update_package_notify(username) - if agreement.check_agreement(username) is not True and System.Ahenk.agreement() == '1': self.logger.debug('User {0} has not accepted agreement.'.format(username)) thread_ask = Process(target=agreement.ask, args=(username, display,)) thread_ask.start() - agreement_timeout = self.conf_manager.get('SESSION', 'agreement_timeout') - timeout = int(agreement_timeout) # sec timer = time.time() while 1: @@ -131,15 +129,19 @@ class CommandRunner(object): if agreement_choice is True or System.Ahenk.agreement() != '1': self.db_service.delete('session', '1=1') - - self.logger.info( - 'Display is {0}, desktop env is {1} for {2}'.format(display, desktop, - username)) + self.logger.info('Display is {0}, desktop env is {1} for {2}'.format(display, desktop, username)) session_columns = self.db_service.get_cols('session') + # ['username', 'display', 'desktop', 'timestamp', 'ip', 'domain'] self.db_service.update('session', session_columns, - [username, display, desktop, str(int(time.time())), ip]) - get_policy_message = self.message_manager.policy_request_msg(username) + [username, display, desktop, str(int(time.time())), ip, domain]) + # Default policy for users --->> START + self.logger.info("Applying default policies for user {0}".format(Util.get_username())) + self.default_policy.default_firefox_policy(Util.get_username()) + self.default_policy.disable_update_package_notify(Util.get_username()) + # Default policy for users --->> STOP + + get_policy_message = self.message_manager.policy_request_msg(username) self.plugin_manager.process_mode('safe', username) self.plugin_manager.process_mode('login', username) @@ -151,29 +153,28 @@ class CommandRunner(object): timeout_function=self.execute_manager.execute_default_policy, checker_func=self.execute_manager.is_policy_executed, kwargs=kward)) - self.logger.info( - 'Requesting updated policies from Lider. If Ahenk could not reach updated ' + self.logger.info('Requesting updated policies from Lider. If Ahenk could not reach updated ' 'policies in {0} sec, booked policies will be executed'.format( System.Ahenk.get_policy_timeout())) self.messenger.send_direct_message(get_policy_message) elif str(json_data['event']) == 'logout': username = json_data['username'] - self.db_service.delete('session', 'username=\'{0}\''.format(username)) self.execute_manager.remove_user_executed_policy_dict(username) + self.plugin_manager.process_mode('logout', username) + self.plugin_manager.process_mode('safe', username) + self.db_service.delete('session', '1=1') # TODO delete all user records while initializing self.logger.info('logout event is handled for user: {0}'.format(username)) ip = None if 'ip' in json_data: ip = json_data['ip'] + logout_message = self.message_manager.logout_msg(username,ip) self.messenger.send_direct_message(logout_message) - self.logger.info('Ahenk polkit file deleting..') self.delete_polkit_user() - - self.plugin_manager.process_mode('logout', username) - self.plugin_manager.process_mode('safe', username) + # self.db_service.delete('session', 'username=\'{0}\''.format(username)) elif str(json_data['event']) == 'send': self.logger.info('Sending message over ahenkd command. Response Message: {0}'.format( diff --git a/usr/share/ahenk/base/database/ahenk_db_service.py b/usr/share/ahenk/base/database/ahenk_db_service.py index fb727f1..b5af420 100644 --- a/usr/share/ahenk/base/database/ahenk_db_service.py +++ b/usr/share/ahenk/base/database/ahenk_db_service.py @@ -51,7 +51,8 @@ class AhenkDbService(object): self.check_and_create_table('agreement', ['id INTEGER PRIMARY KEY AUTOINCREMENT', 'contract_id TEXT', 'username TEXT', 'timestamp TEXT', 'choice TEXT']) - self.check_and_create_table('session', ['id INTEGER PRIMARY KEY AUTOINCREMENT','username TEXT', 'display TEXT', 'desktop TEXT', 'timestamp TEXT', 'ip TEXT']) + self.check_and_create_table('session', ['id INTEGER PRIMARY KEY AUTOINCREMENT', 'username TEXT', 'display TEXT', + 'desktop TEXT', 'timestamp TEXT', 'ip TEXT', 'domain TEXT']) self.check_and_create_table('mail', ['id INTEGER PRIMARY KEY AUTOINCREMENT', 'command TEXT', 'mailstatus INTEGER', 'timestamp TEXT']) @@ -65,7 +66,7 @@ class AhenkDbService(object): elif table_name == 'contract': return ['content', 'title', 'timestamp'] elif table_name == 'session': - return ['username', 'display', 'desktop', 'timestamp', 'ip'] + return ['username', 'display', 'desktop', 'timestamp', 'ip', 'domain'] elif table_name == 'task': return ['id', 'create_date', 'modify_date', 'command_cls_id', 'parameter_map', 'deleted', 'plugin', 'cron_expr', 'file_server'] @@ -83,7 +84,11 @@ class AhenkDbService(object): self.logger.error('Database connection error: {0}'.format(str(e))) def check_and_create_table(self, table_name, cols): - + if table_name == 'session': + if self.get_table_name('session') is not None: + domain = self.get_column_name('session', 'domain') + if domain is None: + self.drop_table('session') try: self.lock.acquire(True) if self.cursor: @@ -196,3 +201,27 @@ class AhenkDbService(object): self.connection.close() except Exception as e: self.logger.error('Closing database connection error: {0}'.format(str(e))) + + def get_column_name(self, table_name, column_name): + try: + self.lock.acquire(True) + if self.cursor: + reader = self.cursor.execute('SELECT * FROM ' + table_name) + cols = [x[0] for x in reader.description] + self.connection.commit() + if column_name in cols: + return column_name + else: + return None + finally: + self.lock.release() + + def get_table_name(self, table_name): + result = self.cursor.execute('SELECT name FROM sqlite_master WHERE type=\'table\';') + tables = [] + for name in result: + tables.append(name[0]) + if table_name in tables: + return table_name + else: + return None diff --git a/usr/share/ahenk/base/messaging/messaging.py b/usr/share/ahenk/base/messaging/messaging.py index 398e0f9..dca6a1a 100644 --- a/usr/share/ahenk/base/messaging/messaging.py +++ b/usr/share/ahenk/base/messaging/messaging.py @@ -176,7 +176,8 @@ class Messaging(object): data['password'] = str(self.conf_manager.get('CONNECTION', 'password')) # unregistration from commandline.. if(usernameForCheck==None and passwordForCheck==None): - user_name = self.db_service.select_one_result('session', 'username') + # user_name = self.db_service.select_one_result('session', 'username') + user_name = Util.get_as_user() display = self.db_service.select_one_result('session', 'display') #user_name = os.getlogin() #display = Util.get_username_display() diff --git a/usr/share/ahenk/base/plugin/plugin.py b/usr/share/ahenk/base/plugin/plugin.py index fc0f01e..eb2436d 100644 --- a/usr/share/ahenk/base/plugin/plugin.py +++ b/usr/share/ahenk/base/plugin/plugin.py @@ -213,10 +213,18 @@ class Plugin(threading.Thread): self.logger.debug('[Plugin] Sending notify to user about profile process') - Util.send_notify("Lider Ahenk", - "{0} eklentisi şu anda bir profil çalıştırıyor.".format(self.getName()), - System.Sessions.display(item_obj.get_username()), - item_obj.get_username()) + # Util.send_notify("Lider Ahenk", + # "{0} eklentisi şu anda bir profil çalıştırıyor.".format(self.getName()), + # System.Sessions.display(item_obj.get_username()), + # item_obj.get_username()) + display = System.Sessions.display(item_obj.get_username()) + if Util.get_desktop_env() == "gnome": + display = Util.get_username_display_gnome(Util.get_username()) + if self.is_user_notify_active == 1: + Util.send_notify("Lider Ahenk", + "{0} eklentisi şu anda bir profil çalıştırıyor.".format(self.getName()), + display, Util.get_as_user()) + self.logger.debug('[Plugin] Handling profile') Scope.get_instance().get_plugin_manager().find_policy_module(item_obj.get_plugin().get_name()).handle_policy(profile_data, self.context) diff --git a/usr/share/ahenk/base/system/system.py b/usr/share/ahenk/base/system/system.py index 5696515..3228235 100644 --- a/usr/share/ahenk/base/system/system.py +++ b/usr/share/ahenk/base/system/system.py @@ -173,7 +173,7 @@ class System: @staticmethod def received_dir_path(): - path = '/tmp/' # move this to properties + path = '/tmp/' # move this to properties if Util.is_exist(path) is False: Util.create_directory(path) Util.set_permission(path, '777') @@ -291,6 +291,9 @@ class System: @staticmethod def display(username): system = System() + if "\\" in username: + user_parser = username.split("\\") + username = user_parser[1] display = system.db_service.select_one_result('session', 'display', " username='{0}'".format(username)) return display @@ -300,9 +303,12 @@ class System: desktop = system.db_service.select_one_result('session', 'desktop', " username='{0}'".format(username)) return desktop - staticmethod + @staticmethod def userip(username): system = System() + if "\\" in username: + user_parser = username.split("\\") + username = user_parser[1] userip = system.db_service.select_one_result('session', 'ip', " username='{0}'".format(username)) return userip diff --git a/usr/share/ahenk/base/util/util.py b/usr/share/ahenk/base/util/util.py index 3e5cb1e..21cd9b0 100644 --- a/usr/share/ahenk/base/util/util.py +++ b/usr/share/ahenk/base/util/util.py @@ -22,6 +22,7 @@ class Util: def __init__(self): super().__init__() + scope = Scope().get_instance() @staticmethod def get_ask_path_file(): @@ -456,7 +457,34 @@ class Util: # return home directory for user. "/home/username" @staticmethod def get_homedir(user): + username = user try: - return expanduser("~{0}".format(user)) + return expanduser("~{0}".format(username)) + except: + raise + + # return username from ahenk.db. if domain is not null return username is DOMAIN\\username + @staticmethod + def get_username(): + user_name = Scope.get_instance().get_db_service().select_one_result('session', 'username', " 1=1 order by id desc ") + domain = Scope.get_instance().get_db_service().select_one_result('session', 'domain', " 1=1 order by id desc ") + if domain: + user_name = "{0}\\{1}".format(domain, user_name) + return user_name + + # as_user is the user that run command. Return as_user for execute method. if domain is not null return as_user is DOMAIN\\\\username + @staticmethod + def get_as_user(): + as_user = Scope.get_instance().get_db_service().select_one_result('session', 'username', " 1=1 order by id desc ") + domain = Scope.get_instance().get_db_service().select_one_result('session', 'domain', " 1=1 order by id desc ") + if domain: + as_user = "{0}\\\\{1}".format(domain, as_user) + return as_user + + # return gid_number of username + @staticmethod + def get_gid_number(username): + try: + return pwd.getpwnam(username).pw_gid except: raise diff --git a/usr/share/ahenk/plugins/browser/policy.py b/usr/share/ahenk/plugins/browser/policy.py index 9d7cfd8..3766a3a 100644 --- a/usr/share/ahenk/plugins/browser/policy.py +++ b/usr/share/ahenk/plugins/browser/policy.py @@ -23,7 +23,8 @@ class Browser(AbstractPlugin): def handle_policy(self): self.logger.info('Browser plugin handling...') try: - username = self.context.get('username') + # username = self.context.get('username') + username = self.get_username() self.logger.info('Username: {}'.format(username)) if username is not None: self.logger.debug('Writing preferences to user profile') @@ -61,7 +62,7 @@ class Browser(AbstractPlugin): self.logger.debug('User preferences were wrote successfully') user_jss.close() - change_owner = 'chown ' + username + ':' + username + ' ' + path + change_owner = 'chown ' + self.get_as_user() + ':' + str(self.get_gid_number(username)) + ' ' + path self.execute(change_owner) self.logger.debug('Preferences file owner is changed') @@ -131,7 +132,7 @@ class Browser(AbstractPlugin): def find_user_preference_paths(self, user_name): paths = [] - homedir = self.get_homedir(user_name) + homedir = self.get_homedir(self.get_username()) self.logger.info("Get home directory is {0} of {1} for firefox policy".format(homedir, user_name)) firefox_path = '{0}/.mozilla/firefox/'.format(homedir) self.logger.info("Firefox path is {0}".format(firefox_path)) diff --git a/usr/share/ahenk/plugins/conky/execute_conky.py b/usr/share/ahenk/plugins/conky/execute_conky.py index 08abebd..7a8a350 100644 --- a/usr/share/ahenk/plugins/conky/execute_conky.py +++ b/usr/share/ahenk/plugins/conky/execute_conky.py @@ -93,21 +93,36 @@ class RunConkyCommand(AbstractPlugin): self.logger.debug('[Conky] Creating directory for conky autorun file at ' + self.conky_config_global_autorun_file) self.create_file(self.conky_config_global_autorun_file) self.write_file(self.conky_config_global_autorun_file, self.conky_autorun_content) - users = self.Sessions.user_name() + # users = self.Sessions.user_name() + user = self.get_username() desktop_env = self.get_desktop_env() self.logger.info("Get desktop environment is {0}".format(desktop_env)) - for user in users: - user_display = self.Sessions.display(user) - if desktop_env == "gnome": - user_display = self.get_username_display_gnome(user) - if user_display is None: - self.logger.debug('[Conky] executing for display none for user '+ str(user)) - self.execute('conky -q', result=False) - else: - self.logger.debug('[Conky] user display ' + str(user_display) +' user '+ str(user)) - conky_cmd = 'su ' + str(user) + ' -c ' + ' "conky --display=' + str(user_display) + ' " ' - self.logger.debug('[Conky] executing command: ' + str(conky_cmd)) - self.execute(conky_cmd, result=False) + # for user in users: + # user_display = self.Sessions.display(user) + # if desktop_env == "gnome": + # user_display = self.get_username_display_gnome(user) + # if user_display is None: + # self.logger.debug('[Conky] executing for display none for user '+ str(user)) + # self.execute('conky -q', result=False) + # else: + # self.logger.debug('[Conky] user display ' + str(user_display) +' user '+ str(user)) + # conky_cmd = 'su ' + str(user) + ' -c ' + ' "conky --display=' + str(user_display) + ' " ' + # self.logger.debug('[Conky] executing command: ' + str(conky_cmd)) + # self.execute(conky_cmd, result=False) + + user_display = self.Sessions.display(user) + if desktop_env == "gnome": + user_display = self.get_username_display_gnome(user) + if user_display is None: + self.logger.debug('[Conky] executing for display none for user ' + str(user)) + self.execute('conky -q', result=False) + else: + self.logger.debug('[Conky] user display ' + str(user_display) + ' user ' + str(user)) + # as_user is the user that run command. + as_user = self.get_as_user() + conky_cmd = 'su ' + str(as_user) + ' -c ' + ' "conky --display=' + str(user_display) + ' " ' + self.logger.debug('[Conky] executing command: ' + str(conky_cmd)) + self.execute(conky_cmd, result=False) #self.execute('conky ', result=False) self.context.create_response(code=self.message_code.TASK_PROCESSED.value, message='Conky başarıyla oluşturuldu.', diff --git a/usr/share/ahenk/plugins/conky/execute_xmessage.py b/usr/share/ahenk/plugins/conky/execute_xmessage.py index 6001fcc..a1ecd8b 100644 --- a/usr/share/ahenk/plugins/conky/execute_xmessage.py +++ b/usr/share/ahenk/plugins/conky/execute_xmessage.py @@ -25,45 +25,42 @@ class RunXMessageCommand(AbstractPlugin): self.custom_message_command_ltsp = "su {0} -c 'export DISPLAY={1} && export XAUTHORITY=~{2}/.Xauthority && python3 /usr/share/ahenk/plugins/conky/ask.py \"LİDER AHENK\\\ BİLDİRİ \" \"{3}\" ' " def execute_xmessage(self, message): - users = self.Sessions.user_name() self.logger.debug('[XMessage] users : ' + str(users)) desktop_env = self.get_desktop_env() self.logger.info("Get desktop environment is {0}".format(desktop_env)) - for user in users: - user_display = self.Sessions.display(user) - user_ip = self.Sessions.userip(user) - if desktop_env == "gnome": - user_display = self.get_username_display_gnome(user) - - if user_display is None: - self.logger.debug('[XMessage] executing for display none for user ' + str(user)) - + # for user in users: + user = self.get_username() + user_display = self.Sessions.display(user) + user_ip = self.Sessions.userip(user) + if desktop_env == "gnome": + user_display = self.get_username_display_gnome(user) + if user_display is None: + self.logger.debug('[XMessage] executing for display none for user ' + str(user)) + else: + self.logger.debug('[XMessage] user display ' + str(user_display) + ' user ' + str(user)) + if user_ip is None: + self.execute(self.custom_message_command.format(self.get_as_user(), user_display, self.get_as_user(), message)) + # t = threading.Thread( + # target=self.execute(self.custom_message_command.format(self.get_as_user(), user_display, self.get_as_user(), message))) + # t.start() else: - self.logger.debug('[XMessage] user display ' + str(user_display) + ' user ' + str(user)) - - if user_ip is None: - t = threading.Thread( - target=self.execute(self.custom_message_command.format(user, user_display, user, message))) - t.start() - - else: - # message format for ltsp - self.logger.debug('user_ip: ' + str(user_ip) + ' user_display: ' + str(user_display)) - message_list = [] - message_parser = message.split(" ") - self.logger.debug('running parser:--->> ' + str(message_parser)) - for msg in message_parser: - message = '\\\ ' + str(msg) - message_list.append(message) - self.logger.debug('message_list:--->> ' + str(message_list)) - message = ''.join(str(x) for x in message_list) - self.logger.debug('message: ' + str(message)) - t = threading.Thread( - target=self.execute(self.custom_message_command_ltsp.format(user, user_display, user, message), - ip=user_ip)) - t.start() + # message format for ltsp + self.logger.debug('user_ip: ' + str(user_ip) + ' user_display: ' + str(user_display)) + message_list = [] + message_parser = message.split(" ") + self.logger.debug('running parser:--->> ' + str(message_parser)) + for msg in message_parser: + message = '\\\ ' + str(msg) + message_list.append(message) + self.logger.debug('message_list:--->> ' + str(message_list)) + message = ''.join(str(x) for x in message_list) + self.logger.debug('message: ' + str(message)) + t = threading.Thread( + target=self.execute(self.custom_message_command_ltsp.format(user, user_display, user, message), + ip=user_ip)) + t.start() self.context.create_response(code=self.message_code.TASK_PROCESSED.value, message='İşlem başarıyla gerçekleştirildi.', @@ -72,7 +69,7 @@ class RunXMessageCommand(AbstractPlugin): def execute_user_message(self, selected_user, message): - users = self.Sessions.user_name(); + users = self.Sessions.user_name() self.logger.debug('[XMessage] users : ' + str(users)) for user in users: diff --git a/usr/share/ahenk/plugins/conky/policy.py b/usr/share/ahenk/plugins/conky/policy.py index cd8ea15..182dad2 100644 --- a/usr/share/ahenk/plugins/conky/policy.py +++ b/usr/share/ahenk/plugins/conky/policy.py @@ -36,7 +36,8 @@ class Conky(AbstractPlugin): # Is user profile if 'username' in self.context.data and self.context.get('username') is not None: self.logger.debug('This is user profile, parameters reinitializing.') - self.username = self.context.get('username') + # self.username = self.context.get('username') + self.username = self.get_username() self.homedir = self.get_homedir(self.username) + '/' self.logger.info("Get home directory of {0}".format(self.homedir)) self.conky_config_file_dir = '{0}.conky/'.format(self.homedir) @@ -65,7 +66,7 @@ class Conky(AbstractPlugin): self.initialize_auto_run() if self.machine_profile is False: - user_display = self.Sessions.display(self.username) + user_display = self.Sessions.display(self.context.get('username')) desktop_env = self.get_desktop_env() num = 0 if desktop_env == "gnome": @@ -78,8 +79,10 @@ class Conky(AbstractPlugin): time.sleep(10) user_display = self.get_username_display_gnome(self.username) self.logger.info("Get desktop environment is {0}".format(desktop_env)) - self.execute(self.command_autorun_conky.format('--display=' + str(user_display), self.conky_config_file_path), as_user=self.username, result=False) - self.execute('chown -hR ' + self.username + ':' + self.username + ' ' + self.conky_config_file_dir) + # + as_user = self.get_as_user() + self.execute(self.command_autorun_conky.format('--display=' + str(user_display), self.conky_config_file_path), as_user=as_user, result=False) + self.execute('chown -hR ' + self.username + ':' + str(self.get_gid_number(self.username)) + ' ' + self.conky_config_file_dir) self.logger.debug('Owner of Conky config file was changed.') else: self.execute(self.command_autorun_conky.format('', self.conky_config_file_path), result=False) diff --git a/usr/share/ahenk/plugins/conky/safe.py b/usr/share/ahenk/plugins/conky/safe.py index f9b3329..afa989b 100644 --- a/usr/share/ahenk/plugins/conky/safe.py +++ b/usr/share/ahenk/plugins/conky/safe.py @@ -8,7 +8,7 @@ class Safe(AbstractPlugin): def __init__(self, context): super(Safe, self).__init__() self.context = context - self.username = str(context.get_username()) + self.username = self.get_username() self.logger = self.get_logger() self.logger.debug('Parameters were initialized.') @@ -17,7 +17,7 @@ class Safe(AbstractPlugin): self.logger.debug('Conky named processes will be killed.') self.execute('killall -9 conky') # delete autostart and conky config file of logout username - self.homedir = self.get_homedir(self.username) + '/' + self.homedir = self.get_homedir(self.get_username()) + '/' self.conky_config_file_dir = '{0}.conky/'.format(self.homedir) self.conky_config_file_path = '{0}conky.conf'.format(self.conky_config_file_dir) if self.is_exist(self.conky_config_file_dir): diff --git a/usr/share/ahenk/plugins/login-manager/policy.py b/usr/share/ahenk/plugins/login-manager/policy.py index f0a5b91..18f154f 100644 --- a/usr/share/ahenk/plugins/login-manager/policy.py +++ b/usr/share/ahenk/plugins/login-manager/policy.py @@ -18,6 +18,7 @@ class LoginManager(AbstractPlugin): self.message_code = self.get_message_code() self.username = self.context.get('username') + # self.username = self.get_username() self.parameters = json.loads(self.data) @@ -35,12 +36,12 @@ class LoginManager(AbstractPlugin): try: config = configparser.RawConfigParser() config.add_section('PERMISSION') - config.set('PERMISSION', 'days', str(self.days)) config.set('PERMISSION', 'start_time', str(self.start_time)) config.set('PERMISSION', 'end_time', str(self.end_time)) config.set('PERMISSION', 'last_date', str(self.last_date)) config.set('PERMISSION', 'duration', str(self.duration)) + config.set('PERMISSION', 'username', str(self.get_as_user())) if not self.is_exist('{0}login-manager/login_files'.format(self.Ahenk.plugins_path())): self.create_directory('{0}login-manager/login_files'.format(self.Ahenk.plugins_path())) @@ -69,14 +70,11 @@ class LoginManager(AbstractPlugin): self.context.create_response(code=self.message_code.POLICY_PROCESSED.value, message='Oturum kontrolü başlatıldı.') - except Exception as e: self.logger.error( 'A problem occured while handling Login-Manager policy: {0}'.format(str(e))) self.context.create_response(code=self.message_code.POLICY_ERROR.value, message='Login-Manager profili uygulanırken bir hata oluştu.') - - def handle_policy(profile_data, context): manage = LoginManager(profile_data, context) manage.handle_policy() diff --git a/usr/share/ahenk/plugins/login-manager/safe.py b/usr/share/ahenk/plugins/login-manager/safe.py index 0e63281..2e7135b 100644 --- a/usr/share/ahenk/plugins/login-manager/safe.py +++ b/usr/share/ahenk/plugins/login-manager/safe.py @@ -15,12 +15,12 @@ class Safe(AbstractPlugin): self.logger.debug('Parameters were initialized.') def handle_safe_mode(self): + user_permission_file = '{0}login-manager/login_files/{1}.permissions'.format(self.Ahenk.plugins_path(), self.username) + login_files = '{0}login-manager/login_files'.format(self.Ahenk.plugins_path()) - user_permission_file = '{0}login-manager/login_files/{1}.permissions'.format(self.Ahenk.plugins_path(), - self.username) - if self.is_exist(user_permission_file): - self.logger.debug('Delete permission file for user \'{0}\'...'.format(self.username)) - self.delete_file(user_permission_file) + if self.is_exist(login_files): + self.logger.debug('Delete login files folder') + self.delete_folder(login_files) machine_permission_file = '{0}login-manager/login_files/None.permissions'.format(self.Ahenk.plugins_path()) if self.is_exist(machine_permission_file): diff --git a/usr/share/ahenk/plugins/login-manager/scripts/check.py b/usr/share/ahenk/plugins/login-manager/scripts/check.py index 38432b3..9ed9bc7 100755 --- a/usr/share/ahenk/plugins/login-manager/scripts/check.py +++ b/usr/share/ahenk/plugins/login-manager/scripts/check.py @@ -11,10 +11,8 @@ import subprocess, time import sys sys.path.append(os.path.abspath(os.path.join(os.path.dirname(__file__), '../../..'))) - from base.util.util import Util - class CheckTime: def __init__(self): super(self.__class__, self).__init__() @@ -26,7 +24,6 @@ class CheckTime: level=logging.DEBUG) self.files = glob.glob('{0}login-manager/login_files/*.permissions'.format(sys.argv[1])) - self.username = 'None' self.days = '' @@ -56,19 +53,19 @@ class CheckTime: for file in self.files: permission_file = str(file).replace('{0}login-manager/login_files/'.format(sys.argv[1]), '') - self.username = permission_file.replace('.permissions', '') + # self.username = permission_file.replace('.permissions', '') config_parser = configparser.ConfigParser() config_parser.read(file) - logging.debug('Getting parameters from permission file for user \'{0}\''.format(self.username)) - self.days = config_parser.get('PERMISSION', 'days') self.start_time = config_parser.get('PERMISSION', 'start_time') self.end_time = config_parser.get('PERMISSION', 'end_time') self.last_date = datetime.datetime.strptime(str(config_parser.get('PERMISSION', 'last_date')), "%Y-%m-%d").date() self.duration = config_parser.get('PERMISSION', 'duration') + self.username = config_parser.get('PERMISSION', 'username') + logging.debug('Getting parameters from permission file for user \'{0}\''.format(self.username)) logging.debug( 'Days: {0}, Start Time: {1}, End Time: {2}, Last Date: {3}, Duration between notify and logout: {4}'.format( @@ -92,8 +89,10 @@ class CheckTime: logging.error(e) def write_to_user_profile(self): - if str(self.today) in self.days: + + logging.debug("---->>> " + str(self.username)) + if str(self.today) in self.days: if not (self.start_minute < self.current_minute < self.end_minute and self.current_date <= self.last_date): logging.debug('User \'{0}\' will log out.'.format(self.username)) process = subprocess.Popen(self.command_logout_user.format(self.username), stdin=None, env=None, diff --git a/usr/share/ahenk/plugins/remote-access/setup-vnc-server.py b/usr/share/ahenk/plugins/remote-access/setup-vnc-server.py index 82c5065..db43d0b 100644 --- a/usr/share/ahenk/plugins/remote-access/setup-vnc-server.py +++ b/usr/share/ahenk/plugins/remote-access/setup-vnc-server.py @@ -48,7 +48,8 @@ class SetupVnc(AbstractPlugin): message='VNC sunucusu çalışırken bir hata oluştu.') def run_vnc_server(self): - user_name = self.db_service.select_one_result('session', 'username', " 1=1 order by id desc ") + # user_name = self.db_service.select_one_result('session', 'username', " 1=1 order by id desc ") + user_name = self.get_username() self.logger.info('get logon username is {0}'.format(user_name)) self.logger.debug('Is VNC server installed?') if self.is_installed('x11vnc') is False: @@ -61,14 +62,16 @@ class SetupVnc(AbstractPlugin): result=False) self.logger.debug('Running VNC proceses were killed') self.logger.debug('Getting display and username...') - display_number = self.get_username_display(user_name) - # if len(arr) < 1: - # raise NameError('Display not found!') - - # params = str(arr[0]).split(' ') + # display_number = self.get_username_display(user_name) + display_number = self.Sessions.display(user_name) + desktop_env = self.get_desktop_env() + if desktop_env == "gnome": + self.get_username_display_gnome(user_name) + self.logger.info("Get display of {0} is {1}".format(user_name, display_number)) homedir = self.get_homedir(user_name) self.logger.info("Get home directory of {0} is {1}".format(user_name, homedir)) - # self.logger.info("--------->>>> " + str(params)) + # this user_name for execute method + user_name = self.get_as_user() self.logger.debug('Username:{0} Display:{1}'.format(user_name, display_number)) if self.is_exist('{0}/.vncahenk{1}'.format(homedir, user_name)) is True: self.delete_folder('{0}/.vncahenk{1}'.format(homedir, user_name)) @@ -82,50 +85,23 @@ class SetupVnc(AbstractPlugin): if self.data['permission'] == "yes": self.send_notify("Liderahenk", "Lider Ahenk Sistem Yoneticisi tarafindan\n5 sn sonra bilgisayarınıza uzak erişim sağlanacaktır.\nBağlantı kapatıldıktan sonra ayrıca bilgilendirilecektir.", - ":0", user_name, timeout=50000) + display_number, user_name, timeout=50000) time.sleep(5) - self.execute('su - {0} -c "x11vnc -accept \'popup\' -gone \'popup\' -rfbport {1} -rfbauth {2}/.vncahenk{0}/x11vncpasswd -o {2}/.vncahenk{3}/vnc.log -display :{4}"'.format( + self.execute('su - {0} -c "x11vnc -accept \'popup\' -gone \'popup\' -rfbport {1} -rfbauth {2}/.vncahenk{0}/x11vncpasswd -o {2}/.vncahenk{3}/vnc.log -display {4}"'.format( user_name, self.port, homedir, user_name, display_number), result=False) elif self.data["permission"] == "no": self.logger.info("Lider Ahenk sistem yöneticisi 5 sn sonra bilgisayarınıza uzak erişim sağlayacaktır. ") self.send_notify("Liderahenk", "Lider Ahenk Sistem Yoneticisi tarafindan\n5 sn sonra bilgisayarınıza uzak erişim sağlanacaktır.\nBağlantı kapatıldıktan sonra ayrıca bilgilendirilecektir.", - ":0", user_name, timeout=50000) + display_number, user_name, timeout=50000) time.sleep(5) - self.execute('su - {0} -c "x11vnc -gone \'popup\' -rfbport {1} -rfbauth {2}/.vncahenk{0}/x11vncpasswd -o {2}/.vncahenk{3}/vnc.log -display :{4}"'.format( + self.execute('su - {0} -c "x11vnc -gone \'popup\' -rfbport {1} -rfbauth {2}/.vncahenk{0}/x11vncpasswd -o {2}/.vncahenk{3}/vnc.log -display {4}"'.format( user_name, self.port, homedir, user_name, display_number), result=False) else: - self.execute('su - {0} -c "x11vnc -rfbport {1} -rfbauth {2}/.vncahenk{0}/x11vncpasswd -o {2}/.vncahenk{3}/vnc.log -display :{4}"'.format( + self.execute('su - {0} -c "x11vnc -rfbport {1} -rfbauth {2}/.vncahenk{0}/x11vncpasswd -o {2}/.vncahenk{3}/vnc.log -display {4}"'.format( user_name, self.port, homedir, user_name, display_number), result=False) self.logger.info("Lider Ahenk sistem yöneticisi tarafından kullanıcı izni ve bildirim gerektirmeksizin uzak erişim sağlanmıştır") - def get_username_display(self, user): - # result_code, p_out, p_err = self.execute("who | awk '{print $1, $5}' | sed 's/(://' | sed 's/)//'", result=True) - # self.logger.debug('Getting display result code:{0}'.format(str(result_code))) - # - # result = [] - # lines = str(p_out).split('\n') - # for line in lines: - # arr = line.split(' ') - # if len(arr) > 1 and str(arr[1]).isnumeric() is True: - # result.append(line) - # return result - - result_code, p_out, p_err = self.execute("who | awk '{print $1, $5}' | sed 's/(://' | sed 's/)//'", result=True) - display_number = None - result = [] - lines = str(p_out).split('\n') - for line in lines: - arr = line.split(' ') - if len(arr) > 1 and str(arr[1]).isnumeric() is True: - result.append(line) - for res in result: - arr = res.split(" ") - username = arr[0] - if username == user: - display_number = arr[1] - return display_number - def create_password(self, pass_range): self.logger.debug('Password created') random_bytes = urandom(pass_range) diff --git a/usr/share/libpam-script/pam_script_ses_close b/usr/share/libpam-script/pam_script_ses_close index 3e7c898..58fc3e8 100755 --- a/usr/share/libpam-script/pam_script_ses_close +++ b/usr/share/libpam-script/pam_script_ses_close @@ -24,6 +24,13 @@ if [ -n $PAM_USER ] && [ $PAM_USER != "root" ]; then if [ -n $PAM_TTY ]; then TTY_DISPLAY="$PAM_TTY" fi + if [[ $PAM_USER = *'\'* ]]; then + IFS='\' read -ra NAMES <<< "$PAM_USER" + log "logout: \ ile geldi" + for i in "${NAMES[@]}"; do + PAM_USER="${NAMES[1]}" + done + fi log "logout: $PAM_USER service: $SERVICE tty: $TTY_DISPLAY" sudo python3 /usr/share/ahenk/ahenkd.py logout $PAM_USER fi diff --git a/usr/share/libpam-script/pam_script_ses_open b/usr/share/libpam-script/pam_script_ses_open index 021ab1c..e90430b 100755 --- a/usr/share/libpam-script/pam_script_ses_open +++ b/usr/share/libpam-script/pam_script_ses_open @@ -24,7 +24,21 @@ if [ -n $PAM_USER ] && [ $PAM_USER != "root" ]; then if [ -n $PAM_TTY ]; then TTY_DISPLAY="$PAM_TTY" fi - log "login: $PAM_USER service: $SERVICE tty: $TTY_DISPLAY" - sudo python3 /usr/share/ahenk/ahenkd.py login $PAM_USER $SERVICE $TTY_DISPLAY + domain="none" + if [[ $PAM_USER = *'\'* ]]; then + IFS='\' read -ra NAMES <<< "$PAM_USER" + log "login: \ ile geldi" + for i in "${NAMES[@]}"; do + domain="${NAMES[0]}" + PAM_USER="${NAMES[1]}" + done + fi + if [[ $domain != "none" ]]; then + log "login: $PAM_USER service: $SERVICE tty: $TTY_DISPLAY domain: $domain" + sudo python3 /usr/share/ahenk/ahenkd.py login $PAM_USER $SERVICE $TTY_DISPLAY $domain + else + log "login: $PAM_USER service: $SERVICE tty: $TTY_DISPLAY domain: none" + sudo python3 /usr/share/ahenk/ahenkd.py login $PAM_USER $SERVICE $TTY_DISPLAY + fi fi fi