Liderahenk/Ahenk
1
0
Fork 0
mirror of https://github.com/Pardus-LiderAhenk/ahenk synced 2024-11-21 23:12:15 +03:00
Code Issues Projects Releases Packages Wiki Activity

added debian folder and updated src

Browse source
This commit is contained in:
Tuncay ÇOLAK 2020-04-06 18:10:41 +03:00
parent 251be4f047
commit c316314924
276 changed files with 18159 additions and 262 deletions
Show stats Download patch file Download diff file Expand all files Collapse all files

3
config/ahenk.conf
View file

@ -14,7 +14,7 @@ port = 5222
use_tls = false use_tls = false
receiverjid = lider_sunucu receiverjid = lider_sunucu
receiverresource = receiverresource =
servicename = servicename = im.liderahenk.org
receivefileparam = /tmp/ receivefileparam = /tmp/
[SESSION] [SESSION]
@ -26,4 +26,3 @@ get_policy_timeout = 30
type = default type = default
agreement = 2 agreement = 2
user_disabled = false user_disabled = false

300
debian/ahenk.install vendored Normal file
View file

@ -0,0 +1,300 @@
etc/logrotate.d/ahenk
etc/logrotate.d
etc/init.d/ahenk
etc/init.d
etc/ahenk/ahenk.conf
etc/ahenk/log.conf
etc/ahenk
etc
usr/share/libpam-script/pam_script_ses_open
usr/share/libpam-script/pam_script_ses_close
usr/share/libpam-script
usr/share/ahenk/base/util/util.py
usr/share/ahenk/base/util
usr/share/ahenk/base/model/profile.py
usr/share/ahenk/base/model/profile_bean.py
usr/share/ahenk/base/model/task.py
usr/share/ahenk/base/model/enum/message_type.py
usr/share/ahenk/base/model/enum/content_type.py
usr/share/ahenk/base/model/enum/__init__.py
usr/share/ahenk/base/model/enum/message_code.py
usr/share/ahenk/base/model/enum
usr/share/ahenk/base/model/task_bean.py
usr/share/ahenk/base/model/plugin.py
usr/share/ahenk/base/model/__init__.py
usr/share/ahenk/base/model/message_factory.py
usr/share/ahenk/base/model/policy.py
usr/share/ahenk/base/model/response.py
usr/share/ahenk/base/model/modes/logout_mode.py
usr/share/ahenk/base/model/modes/safe_mode.py
usr/share/ahenk/base/model/modes/__init__.py
usr/share/ahenk/base/model/modes/init_mode.py
usr/share/ahenk/base/model/modes/shutdown_mode.py
usr/share/ahenk/base/model/modes/login_mode.py
usr/share/ahenk/base/model/modes
usr/share/ahenk/base/model/plugin_bean.py
usr/share/ahenk/base/model/policy_bean.py
usr/share/ahenk/base/model
usr/share/ahenk/base/timer/timer.py
usr/share/ahenk/base/timer/setup_timer.py
usr/share/ahenk/base/timer
usr/share/ahenk/base/config/config_manager.py
usr/share/ahenk/base/config/__init__.py
usr/share/ahenk/base/config
usr/share/ahenk/base/default_policy/config-files/xfce4-notifyd.xml
usr/share/ahenk/base/default_policy/config-files
usr/share/ahenk/base/default_policy/default_policy.py
usr/share/ahenk/base/default_policy/__init__.py
usr/share/ahenk/base/default_policy
usr/share/ahenk/base/deamon/__init__.py
usr/share/ahenk/base/deamon/base_daemon.py
usr/share/ahenk/base/deamon
usr/share/ahenk/base/mail/mail_manager.py
usr/share/ahenk/base/mail
usr/share/ahenk/base/messaging/__init__.py
usr/share/ahenk/base/messaging/anonymous_messenger.py
usr/share/ahenk/base/messaging/messaging.py
usr/share/ahenk/base/messaging/message_response_queue.py
usr/share/ahenk/base/messaging/messenger.py
usr/share/ahenk/base/messaging
usr/share/ahenk/base/task/task_in_queue.py
usr/share/ahenk/base/task/__init__.py
usr/share/ahenk/base/task/task_job.py
usr/share/ahenk/base/task/task_manager.py
usr/share/ahenk/base/task
usr/share/ahenk/base/command/command_runner.py
usr/share/ahenk/base/command/command_manager.py
usr/share/ahenk/base/command/fifo.py
usr/share/ahenk/base/command
usr/share/ahenk/base/__init__.py
usr/share/ahenk/base/event/event_base.py
usr/share/ahenk/base/event/event_manager.py
usr/share/ahenk/base/event
usr/share/ahenk/base/agreement/confirm.py
usr/share/ahenk/base/agreement/agreement.py
usr/share/ahenk/base/agreement/ahenkmessage.py
usr/share/ahenk/base/agreement/ask.py
usr/share/ahenk/base/agreement/unregistrationmessage.py
usr/share/ahenk/base/agreement
usr/share/ahenk/base/plugin/abstract_plugin.py
usr/share/ahenk/base/plugin/plugin_queue.py
usr/share/ahenk/base/plugin/plugin_manager_factory.py
usr/share/ahenk/base/plugin/plugin.py
usr/share/ahenk/base/plugin/__init__.py
usr/share/ahenk/base/plugin/plugin_manager.py
usr/share/ahenk/base/plugin/file_handler.py
usr/share/ahenk/base/plugin/plugin_install_listener.py
usr/share/ahenk/base/plugin
usr/share/ahenk/base/file/ssh_file_transfer.py
usr/share/ahenk/base/file/http_file_transfer.py
usr/share/ahenk/base/file/file_transfer_manager.py
usr/share/ahenk/base/file
usr/share/ahenk/base/scope.py
usr/share/ahenk/base/execution/__init__.py
usr/share/ahenk/base/execution/execution_manager.py
usr/share/ahenk/base/execution
usr/share/ahenk/base/database/ahenk_db_service.py
usr/share/ahenk/base/database
usr/share/ahenk/base/logger/__init__.py
usr/share/ahenk/base/logger/ahenk_logger.py
usr/share/ahenk/base/logger
usr/share/ahenk/base/scheduler/scheduler_factory.py
usr/share/ahenk/base/scheduler/base_scheduler.py
usr/share/ahenk/base/scheduler/__init__.py
usr/share/ahenk/base/scheduler/custom/schedule_job.py
usr/share/ahenk/base/scheduler/custom/all_match.py
usr/share/ahenk/base/scheduler/custom/__init__.py
usr/share/ahenk/base/scheduler/custom/scheduledb.py
usr/share/ahenk/base/scheduler/custom/custom_scheduler.py
usr/share/ahenk/base/scheduler/custom
usr/share/ahenk/base/scheduler
usr/share/ahenk/base/registration/test.py
usr/share/ahenk/base/registration/execute_cancel_sssd_ad_authentication.py
usr/share/ahenk/base/registration/config-files/ldap
usr/share/ahenk/base/registration/config-files/pam_script
usr/share/ahenk/base/registration/config-files/krb5.conf
usr/share/ahenk/base/registration/config-files/sssd_ad.conf
usr/share/ahenk/base/registration/config-files/sssd.conf
usr/share/ahenk/base/registration/config-files
usr/share/ahenk/base/registration/execute_ldap_login.py
usr/share/ahenk/base/registration/execute_sssd_authentication.py
usr/share/ahenk/base/registration/__init__.py
usr/share/ahenk/base/registration/execute_sssd_ad_authentication.py
usr/share/ahenk/base/registration/registration.py
usr/share/ahenk/base/registration/execute_cancel_ldap_login.py
usr/share/ahenk/base/registration/scripts/ldap-login.sh
usr/share/ahenk/base/registration/scripts/ad.sh
usr/share/ahenk/base/registration/scripts
usr/share/ahenk/base/registration/execute_cancel_sssd_authentication.py
usr/share/ahenk/base/registration
usr/share/ahenk/base/system/system.py
usr/share/ahenk/base/system
usr/share/ahenk/base
usr/share/ahenk/__init__.py
usr/share/ahenk/ahenkd.py
usr/share/ahenk/helper/__init__.py
usr/share/ahenk/helper/system.py
usr/share/ahenk/helper
usr/share/ahenk/plugins/network-manager/delete_network.py
usr/share/ahenk/plugins/network-manager/delete_domain.py
usr/share/ahenk/plugins/network-manager/allow_port.py
usr/share/ahenk/plugins/network-manager/add_host.py
usr/share/ahenk/plugins/network-manager/add_network.py
usr/share/ahenk/plugins/network-manager/main.py
usr/share/ahenk/plugins/network-manager/get_network_information.py
usr/share/ahenk/plugins/network-manager/delete_dns.py
usr/share/ahenk/plugins/network-manager/add_dns.py
usr/share/ahenk/plugins/network-manager/block_port.py
usr/share/ahenk/plugins/network-manager/delete_host.py
usr/share/ahenk/plugins/network-manager/add_domain.py
usr/share/ahenk/plugins/network-manager/change_hostname.py
usr/share/ahenk/plugins/network-manager
usr/share/ahenk/plugins/ldap/init.py
usr/share/ahenk/plugins/ldap/safe.py
usr/share/ahenk/plugins/ldap/login.py
usr/share/ahenk/plugins/ldap/main.py
usr/share/ahenk/plugins/ldap/move_agent.py
usr/share/ahenk/plugins/ldap/delete_agent.py
usr/share/ahenk/plugins/ldap/policy.py
usr/share/ahenk/plugins/ldap/task_command_id.py
usr/share/ahenk/plugins/ldap/rename_entry.py
usr/share/ahenk/plugins/ldap/shutdown.py
usr/share/ahenk/plugins/ldap/logout.py
usr/share/ahenk/plugins/ldap
usr/share/ahenk/plugins/service/service_management.py
usr/share/ahenk/plugins/service/init.py
usr/share/ahenk/plugins/service/service_list.py
usr/share/ahenk/plugins/service/main.py
usr/share/ahenk/plugins/service/get_services.py
usr/share/ahenk/plugins/service
usr/share/ahenk/plugins/resource-usage/main.py
usr/share/ahenk/plugins/resource-usage/resource_info_alert.py
usr/share/ahenk/plugins/resource-usage/send_mail.py
usr/share/ahenk/plugins/resource-usage/resource_info_fetcher.py
usr/share/ahenk/plugins/resource-usage/shutdown.py
usr/share/ahenk/plugins/resource-usage
usr/share/ahenk/plugins/sudoers/safe.py
usr/share/ahenk/plugins/sudoers/main.py
usr/share/ahenk/plugins/sudoers/policy.py
usr/share/ahenk/plugins/sudoers
usr/share/ahenk/plugins/rsyslog/main.py
usr/share/ahenk/plugins/rsyslog/policy.py
usr/share/ahenk/plugins/rsyslog
usr/share/ahenk/plugins/disk-quota/init.py
usr/share/ahenk/plugins/disk-quota/safe.py
usr/share/ahenk/plugins/disk-quota/main.py
usr/share/ahenk/plugins/disk-quota/policy.py
usr/share/ahenk/plugins/disk-quota/get_quota.py
usr/share/ahenk/plugins/disk-quota/line.py
usr/share/ahenk/plugins/disk-quota/fstab.py
usr/share/ahenk/plugins/disk-quota/api/disk_quota.py
usr/share/ahenk/plugins/disk-quota/api/disk_quota_ltsp.py
usr/share/ahenk/plugins/disk-quota/api
usr/share/ahenk/plugins/disk-quota
usr/share/ahenk/plugins/network-inventory/main.py
usr/share/ahenk/plugins/network-inventory/multiple-file-transfer.py
usr/share/ahenk/plugins/network-inventory/scannetwork.py
usr/share/ahenk/plugins/network-inventory/installahenk.py
usr/share/ahenk/plugins/network-inventory
usr/share/ahenk/plugins/conky/main.py
usr/share/ahenk/plugins/conky/policy.py
usr/share/ahenk/plugins/conky/execute_conky.py
usr/share/ahenk/plugins/conky/execute_xmessage.py
usr/share/ahenk/plugins/conky/ask.py
usr/share/ahenk/plugins/conky
usr/share/ahenk/plugins/local-user/panelconf/xfce4-panel.xml
usr/share/ahenk/plugins/local-user/panelconf
usr/share/ahenk/plugins/local-user/init.py
usr/share/ahenk/plugins/local-user/main.py
usr/share/ahenk/plugins/local-user/delete_user.py
usr/share/ahenk/plugins/local-user/get_groups.py
usr/share/ahenk/plugins/local-user/add_user.py
usr/share/ahenk/plugins/local-user/edit_user.py
usr/share/ahenk/plugins/local-user/scripts/find_locked_users.sh
usr/share/ahenk/plugins/local-user/scripts/remove_locked_users.sh
usr/share/ahenk/plugins/local-user/scripts
usr/share/ahenk/plugins/local-user/get_users.py
usr/share/ahenk/plugins/local-user
usr/share/ahenk/plugins/file-management/main.py
usr/share/ahenk/plugins/file-management/write_to_file.py
usr/share/ahenk/plugins/file-management/get_file_content.py
usr/share/ahenk/plugins/file-management
usr/share/ahenk/plugins/ldap-login/init.py
usr/share/ahenk/plugins/ldap-login/main.py
usr/share/ahenk/plugins/ldap-login/execute_ldap_login.py
usr/share/ahenk/plugins/ldap-login/execute_cancel_ldap_login.py
usr/share/ahenk/plugins/ldap-login/execute_ad_login.py
usr/share/ahenk/plugins/ldap-login
usr/share/ahenk/plugins/browser/main.py
usr/share/ahenk/plugins/browser/policy.py
usr/share/ahenk/plugins/browser
usr/share/ahenk/plugins/usb/manage-usb.py
usr/share/ahenk/plugins/usb/init.py
usr/share/ahenk/plugins/usb/main.py
usr/share/ahenk/plugins/usb/policy.py
usr/share/ahenk/plugins/usb/scripts/ENABLED_webcam.sh
usr/share/ahenk/plugins/usb/scripts/DISABLED_usbhid.sh
usr/share/ahenk/plugins/usb/scripts/DISABLED_webcam.sh
usr/share/ahenk/plugins/usb/scripts/ENABLED_printer.sh
usr/share/ahenk/plugins/usb/scripts/ENABLED_usbhid.sh
usr/share/ahenk/plugins/usb/scripts/DISABLED_printer.sh
usr/share/ahenk/plugins/usb/scripts/ENABLED_usbstorage.sh
usr/share/ahenk/plugins/usb/scripts/DISABLED_usbstorage.sh
usr/share/ahenk/plugins/usb/scripts
usr/share/ahenk/plugins/usb/logout.py
usr/share/ahenk/plugins/usb
usr/share/ahenk/plugins/remote-access/main.py
usr/share/ahenk/plugins/remote-access/setup-vnc-server.py
usr/share/ahenk/plugins/remote-access
usr/share/ahenk/plugins/package-manager/init.py
usr/share/ahenk/plugins/package-manager/get_execution_info.py
usr/share/ahenk/plugins/package-manager/repositories.py
usr/share/ahenk/plugins/package-manager/main.py
usr/share/ahenk/plugins/package-manager/package_sources.py
usr/share/ahenk/plugins/package-manager/show_package_archive.py
usr/share/ahenk/plugins/package-manager/installed_packages.py
usr/share/ahenk/plugins/package-manager/package_management.py
usr/share/ahenk/plugins/package-manager/package_archive.py
usr/share/ahenk/plugins/package-manager/scripts/sourcelist.sh
usr/share/ahenk/plugins/package-manager/scripts
usr/share/ahenk/plugins/package-manager/check_package.py
usr/share/ahenk/plugins/package-manager/packages.py
usr/share/ahenk/plugins/package-manager
usr/share/ahenk/plugins/user-privilege/init.py
usr/share/ahenk/plugins/user-privilege/safe.py
usr/share/ahenk/plugins/user-privilege/main.py
usr/share/ahenk/plugins/user-privilege/policy.py
usr/share/ahenk/plugins/user-privilege/shutdown.py
usr/share/ahenk/plugins/user-privilege
usr/share/ahenk/plugins/manage-root/init.py
usr/share/ahenk/plugins/manage-root/safe.py
usr/share/ahenk/plugins/manage-root/login.py
usr/share/ahenk/plugins/manage-root/main.py
usr/share/ahenk/plugins/manage-root/policy.py
usr/share/ahenk/plugins/manage-root/shutdown.py
usr/share/ahenk/plugins/manage-root/set_root_password.py
usr/share/ahenk/plugins/manage-root/logout.py
usr/share/ahenk/plugins/manage-root
usr/share/ahenk/plugins/script/main.py
usr/share/ahenk/plugins/script/policy.py
usr/share/ahenk/plugins/script/execute_script.py
usr/share/ahenk/plugins/script
usr/share/ahenk/plugins/login-manager/init.py
usr/share/ahenk/plugins/login-manager/safe.py
usr/share/ahenk/plugins/login-manager/main.py
usr/share/ahenk/plugins/login-manager/policy.py
usr/share/ahenk/plugins/login-manager/machine_shutdown.py
usr/share/ahenk/plugins/login-manager/scripts/cron.sh
usr/share/ahenk/plugins/login-manager/scripts/check.py
usr/share/ahenk/plugins/login-manager/scripts
usr/share/ahenk/plugins/login-manager/manage.py
usr/share/ahenk/plugins/login-manager/shutdown.py
usr/share/ahenk/plugins/login-manager
usr/share/ahenk/plugins
usr/share/ahenk/api/service/ps_util.py
usr/share/ahenk/api/service
usr/share/ahenk/api
usr/share/ahenk
usr/share
usr

15
debian/ahenk.postinst vendored Normal file
View file

@ -0,0 +1,15 @@
#!/bin/sh
set -e
#mkdir -p /usr/share/ahenk/plugins
# update ahenk from 1.0.0-6 to 1.0.0-7
if [ ! -d /etc/ahenk ]; then
mkdir -p /etc/ahenk
cp -rf /tmp/ahenk/* /etc/ahenk
fi
systemctl enable ahenk
systemctl start ahenk

15
debian/ahenk.postinst.debhelper vendored Normal file
View file

@ -0,0 +1,15 @@
# Automatically added by dh_python3:
if which py3compile >/dev/null 2>&1; then
py3compile -p ahenk /usr/share/ahenk -V 3.2-
fi
# End automatically added section
# Automatically added by dh_installinit
if [ "$1" = "configure" ] || [ "$1" = "abort-upgrade" ]; then
if [ -x "/etc/init.d/ahenk" ]; then
update-rc.d ahenk defaults >/dev/null
invoke-rc.d ahenk start || exit $?
fi
fi
# End automatically added section

7
debian/ahenk.postrm vendored Normal file
View file

@ -0,0 +1,7 @@
#!/bin/sh
set -e
if [ -d /etc/ahenk ] && [ "$1" = "purge" ];then
rm -rf /etc/ahenk
fi

12
debian/ahenk.postrm.debhelper vendored Normal file
View file

@ -0,0 +1,12 @@
# Automatically added by dh_installinit
if [ "$1" = "purge" ] ; then
update-rc.d ahenk remove >/dev/null
fi
# In case this system is running systemd, we make systemd reload the unit files
# to pick up changes.
if [ -d /run/systemd/system ] ; then
systemctl --system daemon-reload >/dev/null || true
fi
# End automatically added section

14
debian/ahenk.preinst vendored Normal file
View file

@ -0,0 +1,14 @@
#!/bin/sh
set -e
# Create necessary directories
#update ahenk from 1.0.0-6 to 1.0.0-7
if [ -d /etc/ahenk ]; then
cp -rf /etc/ahenk /tmp
else
mkdir -p /etc/ahenk
fi

13
debian/ahenk.service vendored Normal file
View file

@ -0,0 +1,13 @@
[Unit]
Description=Starts Ahenk at system startup
After=network.target
[Service]
Type=simple
ExecStart=/usr/bin/python3 /usr/share/ahenk/ahenkd.py start
ExecStop=/usr/bin/python3 /usr/share/ahenk/ahenkd.py stop
PIDFile=/var/run/ahenkd.pid
Restart=always
[Install]
WantedBy=multi-user.target

45
debian/ahenk_init vendored Normal file
View file

@ -0,0 +1,45 @@
#! /bin/bash
### BEGIN INIT INFO
# Provides: ahenk
# Required-Start: $remote_fs $syslog $network
# Required-Stop: $remote_fs $syslog $network
# Default-Start: 2 3 4 5
# Default-Stop: 0 1 6
# Short-Description: Manages ahenk service.
# Description: Debian init script for the ahenk executables
# scheduler
### END INIT INFO
#
# Author: S Suleyman Arslan <sarslan@innova.com.tr>
#
# Activate the python virtual environment
# . /path_to_virtualenv/activate
case "$1" in
start)
echo "Starting server"
# Start the daemon
#python $AHENKDPATH start
systemctl start ahenk.service
;;
stop)
echo "Stopping server"
systemctl stop ahenk.service
;;
restart)
echo "Restarting server"
systemctl restart ahenk.service
;;
status)
echo "Server Status"
# Status of the daemon
systemctl status ahenk.service
;;
*)
# Refuse to do other stuff
echo "Usage: /etc/init.d/ahenk.sh {start|stop|restart|status}"
exit 1
;;
esac
exit 0

188
debian/changelog vendored Normal file
View file

@ -0,0 +1,188 @@
ahenk (1.0.0-9) unstable; urgency=medium
* added debian folder
* added debian folder
* updated changelog file
* added dep network-inventory plugin
* updated changelog file
* synced to development branch
-- Tuncay ÇOLAK <tuncay.colak@tubitak.gov.tr> Tue, 15 Oct 2019 10:37:55 +0300
ahenk (1.0.0-8) unstable; urgency=medium
[ Gökhan Gurbetoğlu ]
* Chronological order of roadmap
[ Tuncay ÇOLAK ]
* added method to delete local users after registration ahenk
* added method to disabled local users after registration ahenk
* registration with hostname
[ Cihangir Akturk ]
* Use std library whenever possible
[ Tuncay ÇOLAK ]
* changed local user name and home directory name when registration agent
* changed local user name and home directory name when registration agent
* bugfix
[ Ömer ÇAKMAK ]
* receiverjid and agreement default values changed
[ root ]
* Method for getting device language and getting computer model for showing Ahenk informations on Lider Console are added to core.
[ hasankara ]
* Method for getting device language and getting computer model for showing Ahenk informations on Lider Console are added to core.
* tab is removed
[ Tuncay ÇOLAK ]
* killall process of local user
[ hasankara ]
* Update registration.py
* missing header locale is added to util.py
[ Tuncay ÇOLAK ]
* enabled local user when unregistration agent
[ edip ]
* Ahenk Registration for user authorization..
* registarition bugfix
* register and unregister from user gui
* register bugfix
[ Edip YILDIZ ]
* Update util.py
[ edip ]
* disable user change
* disable user
* disable user config set
* bugfix
* registration attemp
* bugfix
* sdf
* bugfix
* unregistariton message fixed
* unregister bugfix
* unregister message for user display
* unregister show message fixed
* lider messages changed
* unregister
* ldap config check user and server
* registrtion db change user table for session
* polkit issues
* registration for cache
* check message file
* registration add util methods
* adding config for cache
* pam config change for agent id
* pam ldap login and cancel operations are moved to registration module
[ Tuncay ÇOLAK ]
* script executable ldap-login.sh
[ edip ]
* add user info for registiration process
[ Hasan Kara ]
* SSSD config and installation python files are copied under registration
[ edip ]
* registrarion for sssd
[ Hasan Kara ]
* firefox autostart is added if profile is not created for user.
[ edip ]
* change log
[ hasankara ]
* sssd bug has been solved for clients which has language turkish
[ Tuncay ÇOLAK ]
* add user mode changed to 0700 in file /etc/adduser.conf
* sssd configuraton for ldap login
[ Hasan Kara ]
* sudo role refresh time is set to 1 sec
[ Tuncay ÇOLAK ]
* added polkit file
[ Hasan Kara ]
* restarting sssd service is added to login method
* sssd ldap full and smart refresh times has been edited
* sssd ldap_sudo_search_base has been made dynamic
[ Tuncay ÇOLAK ]
* added default policy for users
* added xfce4-notifyd.xml template file and set owner and group user's .config file
* set display to messsages.py
* set offline_credentials_expiration time and set display unregister ui
* send display parameter to unregister_message
* added get user display number methode
* created autostart file for firefox, firefox-esr and iceweasel when user first login
* root password removed from Receşved message
* bugfix: get display number
* bugfix: logging set on message type
* added debian folder
* added debian folder
* updated changelog file
* added dep network-inventory plugin
* synced to development branch
-- Tuncay ÇOLAK <tuncay.colak@tubitak.gov.tr> Tue, 15 Oct 2019 09:47:28 +0300
ahenk (1.0.0-7) unstable; urgency=medium
[ Ömer Çakmak ]
* Add dependency python3-easygui
* Changed to package installer dpkg
* the agent conf file is deleted while the agent is purged
* update agent from 1.0.0-6 to 1.0.0-7
[ Tuncay ÇOLAK ]
-- Tuncay ÇOLAK <tuncay.colak@tubitak.gov.tr> Wed, 25 Apr 2018 16:05:13 +0300
ahenk (1.0.0-6) unstable; urgency=medium
[ Tuncay ÇOLAK ]
* Add preinst script to fix uninstalled configs
[ Tuncay ÇOLAK ]
-- Tuncay ÇOLAK <tcolak@localhost.localdomain> Mon, 12 Feb 2018 11:07:33 +0300
ahenk (1.0.0-5) unstable; urgency=medium
* fix postins syntax
-- Tuncay ÇOLAK <tuncay.colak@tubitak.gov.tr> Fri, 24 Nov 2017 10:33:23 +0300
ahenk (1.0.0-4) unstable; urgency=medium
* update postrm script
-- Tuncay ÇOLAK <tuncay.colak@tubitak.gov.tr> Fri, 24 Nov 2017 10:21:56 +0300
ahenk (1.0.0-3) unstable; urgency=medium
* udpate control file and postins script for overriding pam script
-- Tuncay ÇOLAK <tuncay.colak@tubitak.gov.tr> Fri, 24 Nov 2017 10:04:38 +0300
ahenk (1.0.0-2) unstable; urgency=medium
* Add postinstall and post remove script to take everything under control
-- Yunusemre Şentürk <yunusemre.senturk@pardus.org.tr> Wed, 22 Nov 2017 09:59:39 +0300
ahenk (1.0.0-1) onyedi; urgency=medium
* Initial release.
-- Yunusemre Şentürk <yunusemre.senturk@pardus.org.tr> Tue, 21 Nov 2017 15:06:11 +0300

1
debian/compat vendored Normal file
View file

@ -0,0 +1 @@
9

42
debian/control vendored Normal file
View file

@ -0,0 +1,42 @@
Source: ahenk
Section: utils
Priority: optional
Maintainer: İsmail Başaran <ismail.basaran@tubitak.gov.tr>
Uploaders: Yunusemre Şentürk <yunusemre.senturk@pardus.org.tr>
Build-Depends: debhelper (>=9), dh-python, python3-all
Standards-Version: 3.9.8
Homepage: http://www.liderahenk.org.tr
X-Python3-Version: >= 3.2
Package: ahenk
Architecture: all
Depends: ${misc:Depends},
${python3:Depends},
python3-cpuinfo,
python3-netifaces,
python3-paramiko,
python3-psutil,
python3-sleekxmpp,
python3-watchdog,
python3-easygui,
libpam-script,
acct,
chkconfig,
x11vnc,
conky,
conky-all,
nmap,
whois,
cpulimit,
policykit-1,
sudo,
rsyslog,
rsyslog-relp,
quota,
quotatool,
ahenk-register
Replaces: libpam-runtime
Description: The client side of the Lider Ahenk Project
Lider Ahenk is an open source project which provides solutions
to manage, monitor and audit unlimited number of different
systems and users on a network.

28
debian/copyright vendored Normal file
View file

@ -0,0 +1,28 @@
Format: http://www.debian.org/doc/packaging-manuals/copyright-format/1.0/
Upstream-Name: ahenk
Source: https://github.com/Pardus-LiderAhenk/ahenk
Files: *
Copyright: 2017 İsmail Başaran <ismail.basaran@tubitak.gov.tr>
License: GPL-3.0+
Files: debian/*
Copyright: 2017 Yunusemre Şentürk <yunusemre.senturk@pardus.org.tr>
License: GPL-3.0+
License: GPL-3.0+
This program is free software: you can redistribute it and/or modify
it under the terms of the GNU General Public License as published by
the Free Software Foundation, either version 3 of the License, or
(at your option) any later version.
.
This package is distributed in the hope that it will be useful,
but WITHOUT ANY WARRANTY; without even the implied warranty of
MERCHANTABILITY or FITNESS FOR A PARTICULAR PURPOSE. See the
GNU General Public License for more details.
.
You should have received a copy of the GNU General Public License
along with this program. If not, see <http://www.gnu.org/licenses/>.
.
On Debian systems, the complete text of the GNU General
Public License version 3 can be found in "/usr/share/common-licenses/GPL-3".

1
debian/debhelper-build-stamp vendored Normal file
View file

@ -0,0 +1 @@
ahenk

2
debian/files vendored Normal file
View file

@ -0,0 +1,2 @@
ahenk_1.0.0-7.1_all.deb utils optional
ahenk_1.0.0-7.1_amd64.buildinfo utils optional

19
debian/gbp.conf vendored Normal file
View file

@ -0,0 +1,19 @@
# Configuration file for "gbp <command>"
[DEFAULT]
# the default branch for upstream sources:
upstream-branch = master
# the default branch for the debian patch:
debian-branch = debian
# the default tag formats used:
upstream-tag = %(version)s
debian-tag = debian/%(version)s
# don't check if debian-branch == current branch:
ignore-branch = True
# Use color when on a terminal, alternatives: on/true, off/false or auto
color = auto
# Options only affecting gbp buildpackage
[buildpackage]
# Look for a tag matching the upstream version when creating a tarball
upstream-tree = tag

0
debian/patches/series vendored Normal file
View file

6
debian/rules vendored Executable file
View file

@ -0,0 +1,6 @@
#!/usr/bin/make -f
# You must remove unused comment lines for the released package.
#export DH_VERBOSE = 1
%:
dh $@ --with python3

1
debian/source/format vendored Normal file
View file

@ -0,0 +1 @@
3.0 (quilt)

2
debian/source/local-options vendored Normal file
View file

@ -0,0 +1,2 @@
#abort-on-upstream-changes
#unapply-patches

1
debian/watch vendored Normal file
View file

@ -0,0 +1 @@
version=3

28
etc/ahenk/ahenk.conf Normal file
View file

@ -0,0 +1,28 @@
[BASE]
logconfigurationfilepath = /etc/ahenk/log.conf
dbpath = /etc/ahenk/ahenk.db
[PLUGIN]
pluginfolderpath = /usr/share/ahenk/plugins/
mainmodulename = main
[CONNECTION]
uid =
password =
host =
port = 5222
use_tls = false
receiverjid = lider_sunucu
receiverresource = Smack
servicename = im.liderahenk.org
receivefileparam = /tmp/
[SESSION]
agreement_timeout = 30
registration_timeout = 30
get_policy_timeout = 30
[MACHINE]
type = default
agreement = 2
user_disabled = false

23
etc/ahenk/log.conf Normal file
View file

@ -0,0 +1,23 @@
[formatters]
keys=default
[formatter_default]
format=format=%(asctime)s %(name)-12s %(levelname)-8s %(message)s
class=logging.Formatter
[handlers]
keys=file
[handler_file]
class=logging.FileHandler
level=DEBUG
formatter=default
args=("/var/log/ahenk.log", "w")
[loggers]
keys=root
[logger_root]
level=DEBUG
formatter=default
handlers=file

45
etc/init.d/ahenk Normal file
View file

@ -0,0 +1,45 @@
#! /bin/bash
### BEGIN INIT INFO
# Provides: ahenk
# Required-Start: $remote_fs $syslog $network
# Required-Stop: $remote_fs $syslog $network
# Default-Start: 2 3 4 5
# Default-Stop: 0 1 6
# Short-Description: Manages ahenk service.
# Description: Debian init script for the ahenk executables
# scheduler
### END INIT INFO
#
# Author: S Suleyman Arslan <sarslan@innova.com.tr>
#
# Activate the python virtual environment
# . /path_to_virtualenv/activate
case "$1" in
start)
echo "Starting server"
# Start the daemon
#python $AHENKDPATH start
systemctl start ahenk.service
;;
stop)
echo "Stopping server"
systemctl stop ahenk.service
;;
restart)
echo "Restarting server"
systemctl restart ahenk.service
;;
status)
echo "Server Status"
# Status of the daemon
systemctl status ahenk.service
;;
*)
# Refuse to do other stuff
echo "Usage: /etc/init.d/ahenk.sh {start|stop|restart|status}"
exit 1
;;
esac
exit 0

11
etc/logrotate.d/ahenk Normal file
View file

@ -0,0 +1,11 @@
/var/log/ahenk.log {
weekly
missingok
notifempty
rotate 5
compress
delaycompress
copytruncate
minsize 1000k
create 0766 root root
}

35
src/ahenkd.py
View file

@ -159,10 +159,10 @@ class AhenkDaemon(BaseDaemon):
# self.registration_failed() # self.registration_failed()
if registration.is_registered() is False: if registration.is_registered() is False:
print("Registation attemp") print("Registration attemp")
max_attempt_number -= 1 max_attempt_number -= 1
self.logger.debug('Ahenk is not registered. Attempting for registration') self.logger.debug('Ahenk is not registered. Attempting for registration')
registration.registration_request() registration.registration_request(self.register_hostname,self.register_user_name,self.register_user_password)
#if max_attempt_number < 0: #if max_attempt_number < 0:
# self.logger.warning('Number of Attempting for registration is over') # self.logger.warning('Number of Attempting for registration is over')
@ -240,28 +240,33 @@ class AhenkDaemon(BaseDaemon):
Util.create_file(System.Ahenk.fifo_file()) Util.create_file(System.Ahenk.fifo_file())
Util.set_permission(System.Ahenk.fifo_file(), '600') Util.set_permission(System.Ahenk.fifo_file(), '600')
def disable_local_users(self): def set_register_user(self, hostName, username, password):
self.register_hostname=hostName
self.register_user_name=username
self.register_user_password=password
# if user_disabled is when ahenk service restarted TRUE disabled local users
def disable_local_users(self):
self.logger.info('Local users disable action start..') self.logger.info('Local users disable action start..')
conf_manager = Scope.get_instance().get_configuration_manager() conf_manager = Scope.get_instance().get_configuration_manager()
if conf_manager.has_section('MACHINE'): if conf_manager.has_section('MACHINE'):
user_disabled = conf_manager.get("MACHINE", "user_disabled") user_disabled = conf_manager.get("MACHINE", "user_disabled")
self.logger.info('User disabled value=' + str(user_disabled)) self.logger.info('User disabled value=' + str(user_disabled))
if user_disabled == '0': if user_disabled == 'true':
self.logger.info('local user disabling') self.logger.info('local user disabling')
Scope.get_instance().get_registration().disable_local_users() Scope.get_instance().get_registration().disable_local_users()
conf_manager.set('MACHINE', 'user_disabled', 'disabled')
conf_manager.set('MACHINE', 'user_disabled', '1')
with open('/etc/ahenk/ahenk.conf', 'w') as configfile: with open('/etc/ahenk/ahenk.conf', 'w') as configfile:
self.logger.info('oepning config file ') self.logger.info('opening config file ')
conf_manager.write(configfile) conf_manager.write(configfile)
user_disabled = conf_manager.get("MACHINE", "user_disabled") user_disabled = conf_manager.get("MACHINE", "user_disabled")
self.logger.info('User succesfully disabled value=' + str(user_disabled)) self.logger.info('User succesfully disabled value=' + str(user_disabled))
else: else:
self.logger.info('users already disabled') self.logger.info('local users will not be disabled because local_user_paramater is FALSE')
def run(self): def run(self):
""" docstring""" """ docstring"""
@ -310,7 +315,7 @@ class AhenkDaemon(BaseDaemon):
self.check_registration() self.check_registration()
#self.is_registered() self.is_registered()
self.disable_local_users() self.disable_local_users()
@ -322,7 +327,8 @@ class AhenkDaemon(BaseDaemon):
self.init_signal_listener() self.init_signal_listener()
self.logger.info('Signals listeners was set') self.logger.info('Signals listeners was set')
Agreement().agreement_contract_update() # Agreement().agreement_contract_update()
global_scope.put_custom_map('ahenk_daemon', ahenk_daemon) global_scope.put_custom_map('ahenk_daemon', ahenk_daemon)
self.init_message_response_queue() self.init_message_response_queue()
@ -343,6 +349,7 @@ if __name__ == '__main__':
ahenk_daemon = AhenkDaemon(System.Ahenk.pid_path()) ahenk_daemon = AhenkDaemon(System.Ahenk.pid_path())
try: try:
if len(sys.argv) == 2 and (sys.argv[1] in ('start', 'stop', 'restart', 'status')): if len(sys.argv) == 2 and (sys.argv[1] in ('start', 'stop', 'restart', 'status')):
ahenk_daemon.set_register_user(None, None, None)
if sys.argv[1] == 'start': if sys.argv[1] == 'start':
if System.Ahenk.is_running() is True: if System.Ahenk.is_running() is True:
print('There is already running Ahenk service. It will be killed.[{0}]'.format( print('There is already running Ahenk service. It will be killed.[{0}]'.format(
@ -368,6 +375,14 @@ if __name__ == '__main__':
else: else:
print('Unknown command. Usage : %s start|stop|restart|status|clean' % sys.argv[0]) print('Unknown command. Usage : %s start|stop|restart|status|clean' % sys.argv[0])
sys.exit(2) sys.exit(2)
elif len(sys.argv) > 2 and (sys.argv[1] in ('register')):
params = sys.argv[1]
hostName = sys.argv[2]
userName = sys.argv[3]
password = sys.argv[4]
ahenk_daemon.set_register_user(hostName,userName,password)
ahenk_daemon.run()
else: else:
result = Commander().set_event(sys.argv) result = Commander().set_event(sys.argv)
if result is None: if result is None:

103
src/base/agreement/ahenkmessage.py
View file

@ -1,47 +1,86 @@
# #!/usr/bin/python3
# -*- coding: utf-8 -*-
import tkinter as tk
from tkinter import *
import os
import sys import sys
from easygui import multpasswordbox, msgbox
def ask(message, title, host): class AskRegister():
field_names=[] message = None
title = None
host = ""
if host =='': def __init__(self, message, title, host):
field_names.append("Etki Alanı Sunucusu:")
field_names.append("Yetkili Kullanıcı") self.message = message
field_names.append("Parola") self.title = title
self.host = host
self.master = tk.Tk()
self.master.title(self.title)
field_values = multpasswordbox( if self.host != "":
msg=message, pass
title=title, fields=(field_names))
if field_values is None:
return print('N');
is_fieldvalue_empty = False;
for value in field_values:
if value == '':
is_fieldvalue_empty = True;
if is_fieldvalue_empty:
msgbox("Lütfen zorunlu alanları giriniz.", ok_button="Tamam")
return print('Z');
if host =='':
print(field_values[0],field_values[1],field_values[2])
else: else:
print(field_values[0], field_values[1]) tk.Label(self.master, text="Etki Alanı Sunucusu : ").grid(row=0)
self.e1 = tk.Entry(self.master)
self.e1.grid(row=0, column=1)
tk.Label(self.master, text="Yetkili Kullanıcı : ").grid(row=1)
tk.Label(self.master, text="Parola : ").grid(row=2)
self.e2 = tk.Entry(self.master)
self.e3 = tk.Entry(show="*")
self.var1 = IntVar()
Checkbutton(self.master, text="Active Directory", variable=self.var1, command=self.check1).grid(row=3, column=0, stick=tk.W,
pady=4)
self.var2 = IntVar()
self.var2.set(1)
Checkbutton(self.master, text="OpenLDAP", variable=self.var2, command=self.check2).grid(row=3, column=1, stick=tk.W, pady=4)
self.e2.grid(row=1, column=1)
self.e3.grid(row=2, column=1)
tk.Button(self.master, text='Çıkış', command=self.master.quit).grid(row=4, column=0, sticky=tk.W, pady=4)
tk.Button(self.master, text='Tamam', command=self.show).grid(row=4, column=1, sticky=tk.W, pady=4)
tk.mainloop()
def show(self):
if self.var2.get() == 1:
if self.host != "":
print(self.e2.get()+" "+self.e3.get()+" "+"LDAP")
else:
print(self.e1.get()+" "+self.e2.get()+" "+self.e3.get()+" "+"LDAP")
if self.var1.get() == 1:
if self.host != "":
print(self.e2.get()+" "+self.e3.get()+" "+"AD")
else:
print(self.e1.get()+" "+self.e2.get()+" "+self.e3.get()+" "+"AD")
self.master.quit()
def check1(self):
self.var2.set(0)
def check2(self):
self.var1.set(0)
if __name__ == '__main__': if __name__ == '__main__':
if len(sys.argv) > 1: if len(sys.argv) > 1:
try: try:
message=sys.argv[1] m_message = sys.argv[1]
title=sys.argv[2] t_title = sys.argv[2]
host=sys.argv[3] h_host = sys.argv[3]
ask(message,title, host) display = sys.argv[4]
os.environ["DISPLAY"] = display
app = AskRegister(m_message, t_title, h_host)
except Exception as e: except Exception as e:
print(str(e)) print(str(e))
else: else:
print('Argument fault. Check your parameters or content of parameters. Parameters: ' + str(sys.argv)) print("Argument fault. Check your parameters or content of parameters. Parameters:" + str(sys.argv))

6
src/base/agreement/confirm.py
View file

@ -2,10 +2,10 @@
# -*- coding: utf-8 -*- # -*- coding: utf-8 -*-
# Author: Volkan Şahin <volkansah.in> <bm.volkansahin@gmail.com> # Author: Volkan Şahin <volkansah.in> <bm.volkansahin@gmail.com>
import os
import sys import sys
import easygui import easygui
def confirm(message, title): def confirm(message, title):
choice = easygui.buttonbox(msg=message, title=title, choices=["Tamam"]) choice = easygui.buttonbox(msg=message, title=title, choices=["Tamam"])
@ -17,8 +17,10 @@ def confirm(message, title):
if __name__ == '__main__': if __name__ == '__main__':
if len(sys.argv) == 3: if len(sys.argv) == 4:
try: try:
display=sys.argv[3]
os.environ["DISPLAY"] = display
confirm(sys.argv[1], sys.argv[2]) confirm(sys.argv[1], sys.argv[2])
except Exception as e: except Exception as e:
print(str(e)) print(str(e))

11
src/base/agreement/unregistrationmessage.py
View file

@ -1,3 +1,4 @@
import os
import sys import sys
from easygui import multpasswordbox, msgbox from easygui import multpasswordbox, msgbox
@ -12,17 +13,17 @@ def ask(message, title):
title=title, fields=(field_names)) title=title, fields=(field_names))
if field_values is None: if field_values is None:
return print('N'); return print('N')
is_fieldvalue_empty = False; is_fieldvalue_empty = False
for value in field_values: for value in field_values:
if value == '': if value == '':
is_fieldvalue_empty = True; is_fieldvalue_empty = True
if is_fieldvalue_empty: if is_fieldvalue_empty:
msgbox("Lütfen zorunlu alanları giriniz.", ok_button="Tamam") msgbox("Lütfen zorunlu alanları giriniz.", ok_button="Tamam")
return print('Z'); return print('Z')
print(field_values[0], field_values[1]) print(field_values[0], field_values[1])
@ -32,6 +33,8 @@ if __name__ == '__main__':
try: try:
message=sys.argv[1] message=sys.argv[1]
title=sys.argv[2] title=sys.argv[2]
display = sys.argv[3]
os.environ["DISPLAY"] = display
ask(message,title) ask(message,title)
except Exception as e: except Exception as e:
print(str(e)) print(str(e))

24
src/base/command/command_runner.py
View file

@ -13,6 +13,7 @@ from base.system.system import System
from base.timer.setup_timer import SetupTimer from base.timer.setup_timer import SetupTimer
from base.timer.timer import Timer from base.timer.timer import Timer
from base.util.util import Util from base.util.util import Util
from base.default_policy.default_policy import DefaultPolicy
class CommandRunner(object): class CommandRunner(object):
@ -25,6 +26,7 @@ class CommandRunner(object):
self.conf_manager = scope.get_configuration_manager() self.conf_manager = scope.get_configuration_manager()
self.db_service = scope.get_db_service() self.db_service = scope.get_db_service()
self.execute_manager = scope.get_execution_manager() self.execute_manager = scope.get_execution_manager()
self.default_policy = DefaultPolicy()
def check_last_login(self): def check_last_login(self):
last_login_tmstmp = self.db_service.select_one_result('session', 'timestamp') last_login_tmstmp = self.db_service.select_one_result('session', 'timestamp')
@ -36,6 +38,16 @@ class CommandRunner(object):
else: else:
return True return True
def delete_polkit_user(self):
content = "[Configuration] \nAdminIdentities=unix-user:root"
ahenk_policy_file = "/etc/polkit-1/localauthority.conf.d/99-ahenk-policy.conf"
if not Util.is_exist(ahenk_policy_file):
self.logger.info('Ahenk polkit file not found')
else:
Util.delete_file(ahenk_policy_file)
Util.write_file(ahenk_policy_file, content)
self.logger.info('Root added ahenk polkit file')
def run_command_from_fifo(self, num, stack): def run_command_from_fifo(self, num, stack):
""" docstring""" """ docstring"""
@ -61,18 +73,24 @@ class CommandRunner(object):
display = json_data['display'] display = json_data['display']
desktop = json_data['desktop'] desktop = json_data['desktop']
ip = None ip = None
if 'ip' in json_data: if 'ip' in json_data:
ip = json_data['ip'] ip = json_data['ip']
self.logger.info('login event is handled for user: {0}'.format(username)) self.logger.info('login event is handled for user: {0}'.format(username))
Util.execute("systemctl restart sssd.service")
login_message = self.message_manager.login_msg(username,ip) login_message = self.message_manager.login_msg(username,ip)
self.messenger.send_direct_message(login_message) self.messenger.send_direct_message(login_message)
agreement = Agreement() agreement = Agreement()
agreement_choice = None agreement_choice = None
## Default policy for users
self.logger.info("Applying default policies for user {0}".format(username))
self.default_policy.default_firefox_policy(username)
self.default_policy.disable_update_package_notify(username)
if agreement.check_agreement(username) is not True and System.Ahenk.agreement() == '1': if agreement.check_agreement(username) is not True and System.Ahenk.agreement() == '1':
self.logger.debug('User {0} has not accepted agreement.'.format(username)) self.logger.debug('User {0} has not accepted agreement.'.format(username))
thread_ask = Process(target=agreement.ask, args=(username, display,)) thread_ask = Process(target=agreement.ask, args=(username, display,))
@ -151,6 +169,9 @@ class CommandRunner(object):
logout_message = self.message_manager.logout_msg(username,ip) logout_message = self.message_manager.logout_msg(username,ip)
self.messenger.send_direct_message(logout_message) self.messenger.send_direct_message(logout_message)
self.logger.info('Ahenk polkit file deleting..')
self.delete_polkit_user()
self.plugin_manager.process_mode('logout', username) self.plugin_manager.process_mode('logout', username)
self.plugin_manager.process_mode('safe', username) self.plugin_manager.process_mode('safe', username)
@ -160,7 +181,6 @@ class CommandRunner(object):
message = json.dumps(json_data['message']) message = json.dumps(json_data['message'])
self.messenger.send_direct_message(message) self.messenger.send_direct_message(message)
elif str(json_data['event']) == 'unregister': elif str(json_data['event']) == 'unregister':
self.logger.info('Unregistering..') self.logger.info('Unregistering..')
unregister_message = self.message_manager.unregister_msg() unregister_message = self.message_manager.unregister_msg()

1
src/base/database/ahenk_db_service.py
View file

@ -55,6 +55,7 @@ class AhenkDbService(object):
self.check_and_create_table('mail', ['id INTEGER PRIMARY KEY AUTOINCREMENT', 'command TEXT', 'mailstatus INTEGER', 'timestamp TEXT']) self.check_and_create_table('mail', ['id INTEGER PRIMARY KEY AUTOINCREMENT', 'command TEXT', 'mailstatus INTEGER', 'timestamp TEXT'])
self.check_and_create_table('service', ['id INTEGER PRIMARY KEY AUTOINCREMENT', 'serviceName TEXT', 'serviceStatus TEXT','timestamp TEXT','task_id INTEGER']) self.check_and_create_table('service', ['id INTEGER PRIMARY KEY AUTOINCREMENT', 'serviceName TEXT', 'serviceStatus TEXT','timestamp TEXT','task_id INTEGER'])
self.check_and_create_table('app_restriction', ['id INTEGER PRIMARY KEY AUTOINCREMENT', 'application_name TEXT', 'username TEXT', 'restriction INTEGER'])
def get_cols(self, table_name): def get_cols(self, table_name):

0
src/base/default_policy/__init__.py Normal file
View file

12
src/base/default_policy/config-files/xfce4-notifyd.xml Normal file
View file

@ -0,0 +1,12 @@
<?xml version="1.0" encoding="UTF-8"?>
<channel name="xfce4-notifyd" version="1.0">
<property name="notify-location" type="empty"/>
<property name="theme" type="empty"/>
<property name="initial-opacity" type="empty"/>
<property name="applications" type="empty">
<property name="known_applications" type="array">
<value type="string" value="nm-applet"/>
</property>
</property>
</channel>

147
src/base/default_policy/default_policy.py Normal file
View file

@ -0,0 +1,147 @@
#!/usr/bin/env python3
# -*- coding: utf-8 -*-
# Author: Tuncay Çolak <tuncay.colak@tubitak.gov.tr> <tncyclk05@gmail.com>
# Author: Hasan Kara <h.kara27@gmail.com>
# Default Policy for users
from base.scope import Scope
from base.util.util import Util
import xml.etree.ElementTree as ET
class DefaultPolicy:
def __init__(self):
scope = Scope().get_instance()
self.logger = scope.get_logger()
self.util = Util()
## default firefox policy for user
def default_firefox_policy(self, username):
exec_command = None
firefox_path = None
if self.util.is_exist("/usr/lib/firefox-esr/"):
firefox_path = "/usr/lib/firefox-esr/"
exec_command = "firefox-esr"
elif self.util.is_exist('/opt/firefox-esr/'):
firefox_path = "/opt/firefox-esr/"
exec_command = "firefox-esr"
elif self.util.is_exist('/usr/lib/iceweasel/'):
firefox_path = "/usr/lib/iceweasel/"
exec_command = "iceweasel"
elif self.util.is_exist('/opt/firefox/'):
firefox_path = "/opt/firefox/"
exec_command = "firefox"
else:
self.logger.error('Firefox installation path not found')
self.logger.info("if mozilla profile is not created run firefox to create profile for user: " + username)
if not Util.is_exist("/home/" + username + "/.mozilla/"):
self.logger.info("firefox profile does not exist. Check autostart file.")
if not Util.is_exist("/home/" + username + "/.config/autostart/"):
self.logger.info(".config/autostart folder does not exist. Creating folder.")
Util.create_directory("/home/" + username + "/.config/autostart/")
else:
self.logger.info(".config/autostart folder exists.")
self.logger.info(
"Checking if {0}-autostart-for-profile.desktop autorun file exists.".format(exec_command))
if not Util.is_exist(
"/home/" + username + "/.config/autostart/{0}-autostart-for-profile.desktop".format(exec_command)):
self.logger.info(
"{0}-autostart-for-profile.desktop autorun file does not exists. Creating file.".format(
exec_command))
Util.create_file(
"/home/" + username + "/.config/autostart/{0}-autostart-for-profile.desktop".format(exec_command))
content = "[Desktop Entry]\n\n" \
"Type=Application\n\n" \
"Exec={0}{1} www.liderahenk.org".format(firefox_path, exec_command)
Util.write_file(
"/home/" + username + "/.config/autostart/{0}-autostart-for-profile.desktop".format(exec_command),
content)
self.logger.info(
"Autorun config is written to {0}-autostart-for-profile.desktop.".format(exec_command))
else:
self.logger.info("{0}-autostart-for-profile.desktop exists".format(exec_command))
else:
self.logger.info(".mozilla firefox profile path exists. Delete autorun file.")
Util.delete_file(
"/home/" + username + "/.config/autostart/{0}-autostart-for-profile.desktop".format(exec_command))
## disabled update package notify for user
def disable_update_package_notify(self, username):
xfce4_notify_template_path = "/usr/share/ahenk/base/default_policy/config-files/xfce4-notifyd.xml"
fileName = "/home/{0}/.config/xfce4/xfconf/xfce-perchannel-xml/xfce4-notifyd.xml".format(username)
if not self.util.is_exist(fileName):
## if configuration file does not exist will be create /home/{username}/.config/xfce4/xfconf/xfce-perchannel-xml/
self.logger.info("Configuration file does not exist")
self.util.create_directory("/home/{0}/.config/xfce4/xfconf/xfce-perchannel-xml/".format(username))
self.logger.info("Created directory /home/{0}/.config/xfce4/xfconf/xfce-perchannel-xml/".format(username))
self.util.copy_file(xfce4_notify_template_path, "/home/{0}/.config/xfce4/xfconf/xfce-perchannel-xml/".format(username))
self.logger.info("Copy xfce4-notifyd.xml template file")
gid = self.util.file_group("/home/{0}".format(username))
cmd = "chown -R {0}:{1} /home/{0}/.config".format(username, gid)
self.util.execute(cmd)
self.logger.info("Set permissons for /home/{0}.config directory".format(username))
self.notifyd_xml_parser(username)
else:
self.logger.info("Configuration file exist")
self.notifyd_xml_parser(username)
pk_update_icon_file = "/etc/xdg/autostart/pk-update-icon.desktop"
if self.util.is_exist(pk_update_icon_file):
self.logger.info("{0} file exists".format(pk_update_icon_file))
self.util.rename_file(pk_update_icon_file, pk_update_icon_file+".ahenk")
self.logger.info("Renamed from {0} to {0}.ahenk".format(pk_update_icon_file))
self.logger.info("Disabled autostart for pk-update-icon")
else:
self.logger.info("File not found")
self.logger.info("Disable notifications if there is a package update notification for user: " + username)
def notifyd_xml_parser(self, username):
fileName = "/home/{0}/.config/xfce4/xfconf/xfce-perchannel-xml/xfce4-notifyd.xml".format(username)
tree = ET.parse(fileName)
root = tree.getroot()
app_name_for_blocking = "pk-update-icon"
element = root.find("./property/[@name='applications']")
if element is None:
self.logger.info("applications element could not be found.")
else:
element = root.find("./property/property[@name='muted_applications']")
if element is None:
self.logger.info("muted_applications element could not be found.")
self.logger.info("adding muted_applications element to applications tag.")
element = root.find("./property/[@name='applications']")
new_element = ET.SubElement(element, 'property')
new_element.attrib["name"] = 'muted_applications'
new_element.attrib["type"] = 'array'
tree.write(fileName)
else:
self.logger.info("muted_applications tag exists.")
self.logger.info("checking if '" + app_name_for_blocking + "' exists in muted_applications tag.")
element = root.find(
"./property/property[@name='muted_applications']/value[@value='{0}']".format(app_name_for_blocking))
if element is None:
self.logger.info("'" + app_name_for_blocking + "' is not found in muted_applications element.")
self.logger.info("'" + app_name_for_blocking + "' will be added to muted_applications tag.")
element = root.find("./property/property[@name='muted_applications']")
new_element = ET.SubElement(element, 'value')
new_element.attrib["type"] = 'string'
new_element.attrib["value"] = app_name_for_blocking
tree.write(fileName)
else:
self.logger.info("'" + app_name_for_blocking + "' is already added to muted_applications tag.")

25
src/base/execution/execution_manager.py
View file

@ -45,6 +45,7 @@ class ExecutionManager(object):
self.event_manager.register_event(MessageType.RESPONSE_AGREEMENT.value, self.agreement_update) self.event_manager.register_event(MessageType.RESPONSE_AGREEMENT.value, self.agreement_update)
self.event_manager.register_event(MessageType.UPDATE_SCHEDULED_TASK.value, self.update_scheduled_task) self.event_manager.register_event(MessageType.UPDATE_SCHEDULED_TASK.value, self.update_scheduled_task)
self.event_manager.register_event(MessageType.REGISTRATION_RESPONSE.value, self.unregister) # registration message for unregister event self.event_manager.register_event(MessageType.REGISTRATION_RESPONSE.value, self.unregister) # registration message for unregister event
self.event_manager.register_event(MessageType.LOGIN_RESPONSE.value, self.login_response) # registration message for unregister event
def agreement_update(self, arg): def agreement_update(self, arg):
@ -410,9 +411,9 @@ class ExecutionManager(object):
self.logger.info('Registration is failed. User not authorized') self.logger.info('Registration is failed. User not authorized')
Util.show_message(user_name,display,'Ahenk Lider MYS sisteminden çıkarmak için yetkili kullanıcı haklarına sahip olmanız gerekmektedir.', Util.show_message(user_name,display,'Ahenk Lider MYS sisteminden çıkarmak için yetkili kullanıcı haklarına sahip olmanız gerekmektedir.',
'Kullanıcı Yetkilendirme Hatası') 'Kullanıcı Yetkilendirme Hatası')
else : else:
Util.show_message(user_name, display, "Ahenk Lider MYS sisteminden çıkarılmıştır.", "") Util.show_message(user_name, display, "Ahenk Lider MYS sisteminden çıkarılmıştır.", "")
if Util.show_message(user_name, display, "Değişikliklerin etkili olması için sistemi yeniden başlatmanız gerekmektedir.", "") : if Util.show_message(user_name, display, "Değişikliklerin etkili olması için sistem yeniden başlatılacaktır. Lütfen bekleyiniz...", "") :
registration= Scope.get_instance().get_registration() registration= Scope.get_instance().get_registration()
registration.purge_and_unregister() registration.purge_and_unregister()
@ -531,3 +532,23 @@ class ExecutionManager(object):
user_execution_id=json_data['userCommandExecutionId'], user_execution_id=json_data['userCommandExecutionId'],
agent_expiration_date=json_data['agentPolicyExpirationDate'], agent_expiration_date=json_data['agentPolicyExpirationDate'],
user_expiration_date=json_data['userPolicyExpirationDate']) user_expiration_date=json_data['userPolicyExpirationDate'])
def login_response(self, msg):
jData = json.loads(msg)
username = jData['userName']
if username is not None:
self.create_sudo_polkit(username)
def create_sudo_polkit(self,username):
content = "[Configuration] \nAdminIdentities=unix-user:{}".format(username)
ahenk_policy_file = "/etc/polkit-1/localauthority.conf.d/99-ahenk-policy.conf"
if not Util.is_exist(ahenk_policy_file):
Util.create_file(ahenk_policy_file)
Util.write_file(ahenk_policy_file, content)
self.logger.debug('Ahenk polkit file created and user added.. User : {}'.format(username))
else:
self.logger.debug('Writing result to file')
Util.delete_file(ahenk_policy_file)
Util.create_file(ahenk_policy_file)
Util.write_file(ahenk_policy_file, content)

4
src/base/messaging/anonymous_messenger.py
View file

@ -95,8 +95,8 @@ class AnonymousMessenger(ClientXMPP):
def recv_direct_message(self, msg): def recv_direct_message(self, msg):
if msg['type'] in ['normal']: if msg['type'] in ['normal']:
self.logger.debug('---------->Received message: {0}'.format(str(msg['body']))) self.logger.info('---------->Received message: {0}'.format(str(msg['body'])))
self.logger.debug('Reading registration reply') self.logger.info('Reading registration reply')
j = json.loads(str(msg['body'])) j = json.loads(str(msg['body']))
message_type = j['type'] message_type = j['type']
status = str(j['status']).lower() status = str(j['status']).lower()

7
src/base/messaging/messaging.py
View file

@ -72,6 +72,7 @@ class Messaging(object):
data['ipAddresses'] = str(System.Hardware.Network.ip_addresses()).replace('[', '').replace(']', '') data['ipAddresses'] = str(System.Hardware.Network.ip_addresses()).replace('[', '').replace(']', '')
data['timestamp'] = Util.timestamp() data['timestamp'] = Util.timestamp()
data['userIp'] = ip data['userIp'] = ip
data['hostname'] = str(System.Os.hostname())
self.logger.debug('USER IP : '+ str(ip)+ ' IPADDRESSES : '+ str(System.Hardware.Network.ip_addresses()).replace('[', '').replace(']', '')) self.logger.debug('USER IP : '+ str(ip)+ ' IPADDRESSES : '+ str(System.Hardware.Network.ip_addresses()).replace('[', '').replace(']', ''))
@ -113,7 +114,7 @@ class Messaging(object):
self.logger.debug('Get Policies message was created') self.logger.debug('Get Policies message was created')
return json_data return json_data
def registration_msg(self, userName= None, userPassword=None): def registration_msg(self, userName= None, userPassword=None, directoryServer=None):
data = dict() data = dict()
data['type'] = 'REGISTER' data['type'] = 'REGISTER'
data['from'] = self.db_service.select_one_result('registration', 'jid', ' 1=1') data['from'] = self.db_service.select_one_result('registration', 'jid', ' 1=1')
@ -132,9 +133,13 @@ class Messaging(object):
if userPassword is not None: if userPassword is not None:
data["userPassword"] = str(userPassword) data["userPassword"] = str(userPassword)
if directoryServer is not None:
data["directoryServer"] = str(directoryServer)
data['timestamp'] = self.db_service.select_one_result('registration', 'timestamp', ' 1=1') data['timestamp'] = self.db_service.select_one_result('registration', 'timestamp', ' 1=1')
json_data = json.dumps(data) json_data = json.dumps(data)
self.logger.debug('Registration message was created') self.logger.debug('Registration message was created')
self.logger.info('Registration message was created. Data content: '+ json_data)
return json_data return json_data
def ldap_registration_msg(self): def ldap_registration_msg(self):

16
src/base/messaging/messenger.py
View file

@ -99,10 +99,24 @@ class Messenger(ClientXMPP):
def recv_direct_message(self, msg): def recv_direct_message(self, msg):
if msg['type'] in ['normal']: if msg['type'] in ['normal']:
self.logger.info('---------->Received message: {0}'.format(str(msg['body'])))
try: try:
j = json.loads(str(msg['body'])) j = json.loads(str(msg['body']))
message_type = j['type'] message_type = j['type']
self.logger.debug("Get message type: "+str(message_type))
if j['type'] == "EXECUTE_POLICY":
self.logger.info('---------->Received message: {0}'.format(str(msg['body'])))
if j['type'] == "EXECUTE_TASK":
i = json.loads(str(j['task']))
plugin_name = i['plugin']['name']
if plugin_name == "manage-root":
parameter_map = i['parameterMap']
parameter_map.pop("RootPassword")
self.logger.info("---------->Received message: {}".format(str(parameter_map)))
else:
self.logger.info('---------->Received message: {0}'.format(str(msg['body'])))
self.event_manger.fireEvent(message_type, str(msg['body'])) self.event_manger.fireEvent(message_type, str(msg['body']))
self.logger.debug('Fired event is: {0}'.format(message_type)) self.logger.debug('Fired event is: {0}'.format(message_type))
except Exception as e: except Exception as e:

1
src/base/model/enum/message_type.py
View file

@ -24,3 +24,4 @@ class MessageType(Enum):
RESPONSE_AGREEMENT = 'RESPONSE_AGREEMENT' RESPONSE_AGREEMENT = 'RESPONSE_AGREEMENT'
UPDATE_SCHEDULED_TASK = 'UPDATE_SCHEDULED_TASK' UPDATE_SCHEDULED_TASK = 'UPDATE_SCHEDULED_TASK'
REGISTRATION_RESPONSE ='REGISTRATION_RESPONSE' REGISTRATION_RESPONSE ='REGISTRATION_RESPONSE'
LOGIN_RESPONSE = 'LOGIN_RESPONSE'

37
src/base/registration/config-files/krb5.conf Normal file
View file

@ -0,0 +1,37 @@
[libdefaults]
default_realm = ENGEREK.LOCAL
kdc_timesync = 1
ccache_type = 4
forwardable = true
proxiable = true
fcc-mit-ticketflags = true
[realms]
ENGEREK.LOCAL = {
admin_server = liderahenk.engerek.local
kdc = liderahenk.engerek.local
}
[domain_realm]
.engerek.local = ENGEREK.LOCAL
------------------------------------------------------------------------------------------
[libdefaults]
default_realm = ENGEREK.LOCAL
kdc_timesync = 1
ccache_type = 4
forwardable = true
proxiable = true
fcc-mit-ticketflags = true
[realms]
###realm### = {
###admin_server###
###kdc###
}
[domain_realm]
###own_domain_realm###

20
src/base/registration/config-files/ldap Normal file
View file

@ -0,0 +1,20 @@
Name: Ahenk LDAP Authentication
Default: yes
Priority: 128
Auth-Type: Primary
Auth-Initial:
[success=end authinfo_unavail=ignore default=ignore] pam_ldap.so
Auth:
[success=end authinfo_unavail=ignore default=ignore] pam_ldap.so use_first_pass
Account-Type: Primary
Account:
[success=end new_authtok_reqd=done authinfo_unavail=1 default=ignore] pam_ldap.so
Password-Type: Primary
Password-Initial:
[success=end user_unknown=ignore default=die] pam_ldap.so
Password:
[success=end user_unknown=ignore default=die] pam_ldap.so try_first_pass
Session-Type: Additional
Session:
optional pam_ldap.so
required pam_mkhomedir.so skel=/etc/skel umask=066

12
src/base/registration/config-files/pam_script Normal file
View file

@ -0,0 +1,12 @@
Name: Ahenk PAM scripts
Default: yes
Priority: 257
Auth-Type: Primary
Auth:
optional pam_script.so
Account-Type: Primary
Account:
optional pam_script.so
Session-Type: Additional
Session:
optional pam_script.so

44
src/base/registration/config-files/sssd.conf Normal file
View file

@ -0,0 +1,44 @@
[sssd]
config_file_version = 2
services = nss, pam, sudo
domains = LDAP
[nss]
[sudo]
[pam]
pam_verbosity=2
pam_account_locked_message = Hesap Kilitli
offline_credentials_expiration = 90
[domain/LDAP]
debug_level = 9
id_provider = ldap
auth_provider = ldap
access_provider = ldap
#ldap_access_filter = (employeeType=admin)
ldap_access_order = ppolicy
pam_verbosity=2
###ldap_pwdlockout_dn###
ldap_schema = rfc2307
###ldap_uri###
###ldap_default_bind_dn###
###ldap_default_authtok###
ldap_default_authtok_type = password
###ldap_search_base###
###ldap_user_search_base###
###ldap_group_search_base###
ldap_user_object_class = posixAccount
ldap_user_gecos = cn
ldap_tls_reqcert = never
ldap_auth_disable_tls_never_use_in_production = true
override_shell = /bin/bash
enumerate = true
cache_credentials = true
sudo_provider = ldap
###ldap_sudo_search_base###
###90 days
ldap_sudo_full_refresh_interval=7776000
###30 days
ldap_sudo_smart_refresh_interval=2592000

25
src/base/registration/config-files/sssd_ad.conf Normal file
View file

@ -0,0 +1,25 @@
[nss]
filter_groups = root,adm
filter_users = root,adm
reconnection_retries = 3
[pam]
reconnection_retries = 3
[sssd]
###domains###
config_file_version = 2
services = nss, pam
###[domain/###
###ad_domain###
###krb5_realm###
realmd_tags = manages-system joined-with-adcli
cache_credentials = True
id_provider = ad
krb5_store_password_if_offline = True
default_shell = /bin/bash
ldap_id_mapping = True
use_fully_qualified_names = False
fallback_homedir = /home/%u@%d
access_provider = ad

101
src/base/registration/execute_cancel_ldap_login.py Normal file
View file

@ -0,0 +1,101 @@
#!/usr/bin/python3
# -*- coding: utf-8 -*-
# Author: Hasan Kara <h.kara27@gmail.com>
from base.scope import Scope
from base.util.util import Util
import re
class ExecuteCancelLDAPLogin:
def __init__(self):
scope = Scope().get_instance()
self.logger = scope.get_logger()
self.util = Util()
def cancel(self):
self.logger.info('Purge ldap packages')
self.util.execute("apt-get install sudo -y")
self.util.execute("apt purge libpam-ldap libnss-ldap ldap-utils sudo-ldap nss-updatedb libnss-db libpam-ccreds -y")
self.util.execute("apt autoremove -y")
self.logger.info('purging successfull')
# pattern for clearing file data from spaces, tabs and newlines
pattern = re.compile(r'\s+')
ldap_back_up_file_path = "/usr/share/ahenk/pam_scripts_original/ldap"
ldap_original_file_path = "/usr/share/pam-configs/ldap"
pam_script_back_up_file_path = "/usr/share/ahenk/pam_scripts_original/pam_script"
pam_script_original_file_path = "/usr/share/pam-configs/pam_script"
if self.util.is_exist(ldap_back_up_file_path):
self.logger.info("Replacing {0} with {1}".format(ldap_original_file_path, ldap_back_up_file_path))
self.util.copy_file(ldap_back_up_file_path, ldap_original_file_path)
self.logger.info("Deleting {0}".format(ldap_back_up_file_path))
self.util.delete_file(ldap_back_up_file_path)
if self.util.is_exist(pam_script_back_up_file_path):
self.logger.info(
"Replacing {0} with {1}".format(pam_script_original_file_path, pam_script_back_up_file_path))
self.util.copy_file(pam_script_back_up_file_path, pam_script_original_file_path)
self.logger.info("Deleting {0}".format(pam_script_back_up_file_path))
self.util.delete_file(pam_script_back_up_file_path)
(result_code, p_out, p_err) = self.util.execute("DEBIAN_FRONTEND=noninteractive pam-auth-update --package")
if result_code == 0:
self.logger.info("'DEBIAN_FRONTEND=noninteractive pam-auth-update --package' has run successfully")
else:
self.logger.error(
"'DEBIAN_FRONTEND=noninteractive pam-auth-update --package' could not run successfully: " + p_err)
# Configure nsswitch.conf
file_ns_switch = open("/etc/nsswitch.conf", 'r')
file_data = file_ns_switch.read()
# cleared file data from spaces, tabs and newlines
text = pattern.sub('', file_data)
did_configuration_change = False
if "passwd:compatldap[NOTFOUND=return]db" in text:
file_data = file_data.replace("passwd: compat ldap [NOTFOUND=return] db", "passwd: compat")
did_configuration_change = True
if "group:compatldap[NOTFOUND=return]db" in text:
file_data = file_data.replace("group: compat ldap [NOTFOUND=return] db", "group: compat")
did_configuration_change = True
if "shadow:compatldap" in text:
file_data = file_data.replace("shadow: compat ldap", "shadow: compat")
did_configuration_change = True
if "#gshadow:files" in text:
file_data = file_data.replace("#gshadow: files", "gshadow: files")
did_configuration_change = True
if did_configuration_change:
self.logger.info("nsswitch.conf configuration has been configured")
else:
self.logger.info("nsswitch.conf has already been configured")
file_ns_switch.close()
file_ns_switch = open("/etc/nsswitch.conf", 'w')
file_ns_switch.write(file_data)
file_ns_switch.close()
# Configure ldap-cache
nss_update_cron_job_file_path = "/etc/cron.daily/nss-updatedb"
if self.util.is_exist(nss_update_cron_job_file_path):
self.util.delete_file(nss_update_cron_job_file_path)
self.logger.info("{0} is deleted.".format(nss_update_cron_job_file_path))
# Configure lightdm.service
pardus_xfce_path = "/usr/share/lightdm/lightdm.conf.d/99-pardus-xfce.conf"
if self.util.is_exist(pardus_xfce_path):
self.logger.info("99-pardus-xfce.conf exists. Deleting file.")
self.util.delete_file(pardus_xfce_path)
self.util.execute("systemctl restart nscd.service")
self.logger.info("Operation finished")

126
src/base/registration/execute_cancel_sssd_ad_authentication.py Normal file
View file

@ -0,0 +1,126 @@
#!/usr/bin/python3
# -*- coding: utf-8 -*-
# Author: Agah Hulusi ÖZ <enghulusi@gmail.com>
from base.scope import Scope
from base.util.util import Util
import re
class ExecuteCancelSSSDAdAuthentication:
def __init__(self):
scope = Scope().get_instance()
self.logger = scope.get_logger()
self.util = Util()
self.ad_info_path = "/etc/ahenk/ad_info"
def cancel(self):
try:
# Deleting packages require for AD entegration
self.util.execute(
"apt purge realmd sssd sssd-tools adcli krb5-user packagekit samba-common samba-common-bin samba-libs -y")
self.util.execute("apt autoremove -y")
# Read information about AD
if self.util.is_exist(self.ad_info_path):
file_data = self.util.read_file_by_line(self.ad_info_path)
self.ip_address = file_data[0].strip("\n")
self.host_name = file_data[1].strip("\n")
self.logger.info(self.ip_address)
self.logger.info(self.host_name)
self.logger.info("Information read successfully from ad_info.")
else:
self.logger.error("ad_info file not found")
if self.util.is_exist("/etc/sssd"):
# self.util.delete_folder("/etc/sssd")
self.logger.info("SSSD is deleted")
else:
self.logger.info("SSSD is not exist")
# Re-Configure dhclient.conf deleting AD IP address
dhclient_conf_path = "/etc/dhcp/dhclient.conf"
file_dhclient = open(dhclient_conf_path, 'r')
file_data = file_dhclient.read()
if "prepend domain-name-servers {};".format(self.ip_address) in file_data:
file_data = file_data.replace(("prepend domain-name-servers {};".format(self.ip_address)),
"#prepend domain-name-servers 127.0.0.1;")
self.logger.info("dhclient is reconfigured")
else:
self.logger.error("dhclient is'not reconfigured")
file_dhclient.close()
file_dhclient = open(dhclient_conf_path, 'w')
file_dhclient.write(file_data)
file_dhclient.close()
# Configure hosts for deleting AD "IP address" and "AD hostname"
hosts_conf_path = "/etc/hosts"
file_hosts = open(hosts_conf_path, 'r')
file_data = file_hosts.read()
if ("{0} {1}".format(self.ip_address, self.host_name)) in file_data:
file_data = file_data.replace(("{0} {1}".format(self.ip_address, self.host_name)), " ")
self.logger.info("hosts is configured")
else:
self.logger.error("hosts is not configured")
file_hosts.close()
file_hosts = open(hosts_conf_path, 'w')
file_hosts.write(file_data)
file_hosts.close()
# Configure common-session for deleting home directories for AD users
common_session_conf_path = "/etc/pam.d/common-session"
file_common_session = open(common_session_conf_path, 'r')
file_data = file_common_session.read()
if "session optional pam_mkhomedir.so skel=/etc/skel umask=077" in file_data:
file_data = file_data.replace("session optional pam_mkhomedir.so skel=/etc/skel umask=077", " ")
self.logger.info("common-session is configured")
else:
self.logger.error("common session is not configured")
file_common_session.close()
file_common_session = open(common_session_conf_path, 'w')
file_common_session.write(file_data)
file_common_session.close()
# Configure resolv.conf for deleting AD IP address
resolv_conf_path = "/etc/resolv.conf"
file_resolv = open(resolv_conf_path, 'r')
file_data = file_resolv.read()
if ("nameserver {0}".format(self.ip_address)) in file_data:
file_data = file_data.replace(("nameserver {0}".format(self.ip_address)), "")
self.logger.info("resolv.conf is configured")
else:
self.logger.error("resolv is not configured")
file_resolv.close()
file_resolv = open(resolv_conf_path, 'w')
file_resolv.write(file_data)
file_resolv.close()
# Deleting ad_info file
if self.util.is_exist(self.ad_info_path):
self.util.delete_file(self.ad_info_path)
self.logger.info("Deleted ad_info file")
else:
self.logger.error("ad_info file not found")
# Configure lightdm.service
pardus_xfce_path = "/usr/share/lightdm/lightdm.conf.d/99-pardus-xfce.conf"
if self.util.is_exist(pardus_xfce_path):
self.logger.info("99-pardus-xfce.conf exists. Deleting file.")
self.util.delete_file(pardus_xfce_path)
self.util.execute("systemctl restart nscd.service")
else:
self.logger.info("99-pardus-xfce.conf not found")
self.logger.info("AD Login iptal etme işlemi başarı ile sağlandı.")
return True
except Exception as e:
self.logger.error(str(e))
self.logger.info("AD Login İptal etme işlemi esnasında hata oluştu.")
return False

85
src/base/registration/execute_cancel_sssd_authentication.py Normal file
View file

@ -0,0 +1,85 @@
#!/usr/bin/python3
# -*- coding: utf-8 -*-
# Author: Hasan Kara <h.kara27@gmail.com>
from base.scope import Scope
from base.util.util import Util
import re
class ExecuteCancelSSSDAuthentication:
def __init__(self):
scope = Scope().get_instance()
self.logger = scope.get_logger()
self.util = Util()
def cancel(self):
self.util.execute("apt purge libpam-sss sssd-common -y")
self.util.execute("apt autoremove -y")
if self.util.is_exist("/etc/sssd"):
self.util.delete_folder("/etc/sssd")
# pattern for clearing file data from spaces, tabs and newlines
pattern = re.compile(r'\s+')
# Configure nsswitch.conf
# file_ns_switch = open("/etc/nsswitch.conf", 'r')
# file_data = file_ns_switch.read()
#
# # cleared file data from spaces, tabs and newlines
# text = pattern.sub('', file_data)
# did_configuration_change = False
# if "passwd:compatsss" in text:
# file_data = file_data.replace("passwd: compat sss", "passwd: compat")
# did_configuration_change = True
#
# if "group:compatsss" in text:
# file_data = file_data.replace("group: compat sss", "group: compat")
# did_configuration_change = True
#
# if "shadow:compatsss" in text:
# file_data = file_data.replace("shadow: compat sss", "shadow: compat")
# did_configuration_change = True
#
# if "services:dbfilessss" in text:
# file_data = file_data.replace("services: db files sss", "services: db files")
# did_configuration_change = True
#
# if "netgroup:nissss" in text:
# file_data = file_data.replace("netgroup: nis sss", "netgroup: nis")
# did_configuration_change = True
#
# if "sudoers:filessss" in text:
# file_data = file_data.replace("sudoers: files sss", "")
# did_configuration_change = True
#
# if did_configuration_change:
# self.logger.info("nsswitch.conf configuration has been configured")
# else:
# self.logger.info("nsswitch.conf has already been configured")
# file_ns_switch.close()
# file_ns_switch = open("/etc/nsswitch.conf", 'w')
# file_ns_switch.write(file_data)
# file_ns_switch.close()
common_session_conf_path = "/etc/pam.d/common-session"
# configure common-session for creating home directories for ldap users
file_common_session = open(common_session_conf_path, 'r')
file_data = file_common_session.read()
if "session optional pam_mkhomedir.so skel=/etc/skel umask=077" in file_data:
file_data = file_data.replace("session optional pam_mkhomedir.so skel=/etc/skel umask=077", "")
self.logger.info("common-session is configured")
file_common_session.close()
file_common_session = open(common_session_conf_path, 'w')
file_common_session.write(file_data)
file_common_session.close()
self.util.execute("systemctl restart nscd.service")
self.logger.info("LDAP Login iptal etme işlemi başarı ile sağlandı.")

232
src/base/registration/execute_ldap_login.py Normal file
View file

@ -0,0 +1,232 @@
#!/usr/bin/python3
# -*- coding: utf-8 -*-
# Author: Hasan Kara <h.kara27@gmail.com>
from base.scope import Scope
from base.util.util import Util
import re
class ExecuteLDAPLogin:
def __init__(self):
scope = Scope().get_instance()
self.logger = scope.get_logger()
self.util = Util()
def login(self, server_address, dn, version, admin_dn, admin_password):
try:
self.logger.info("----------------> server_address: " + server_address)
self.logger.info("----------------> dn: " + dn)
self.logger.info("----------------> version: " + version)
self.logger.info("----------------> admin_dn: " + admin_dn)
self.logger.info("----------------> admin_password: " + admin_password)
#(result_code, p_out, p_err) = self.util.execute("/bin/bash /usr/share/ahenk/base/registration/scripts/test.sh")
(result_code, p_out, p_err) = self.util.execute("/bin/bash /usr/share/ahenk/base/registration/scripts/ldap-login.sh {0} {1} {2} {3} {4}".format(server_address, "\'" + dn + "\'", "\'" + admin_dn + "\'", "\'" + admin_password + "\'", version))
if result_code == 0:
self.logger.info("Script has run successfully")
else:
self.logger.error("Script could not run successfully: " + p_err)
# pattern for clearing file data from spaces, tabs and newlines
pattern = re.compile(r'\s+')
pam_scripts_original_directory_path = "/usr/share/ahenk/pam_scripts_original"
ldap_back_up_file_path = "/usr/share/ahenk/pam_scripts_original/ldap"
ldap_original_file_path = "/usr/share/pam-configs/ldap"
ldap_configured_file_path = "/usr/share/ahenk/plugins/ldap-login/config-files/ldap"
pam_script_back_up_file_path = "/usr/share/ahenk/pam_scripts_original/pam_script"
pam_script_original_file_path = "/usr/share/pam-configs/pam_script"
pam_script_configured_file_path = "/usr/share/ahenk/plugins/ldap-login/config-files/pam_script"
# create pam_scripts_original directory if not exists
if not self.util.is_exist(pam_scripts_original_directory_path):
self.logger.info("Creating {0} directory.".format(pam_scripts_original_directory_path))
self.util.create_directory(pam_scripts_original_directory_path)
if self.util.is_exist(ldap_back_up_file_path):
self.logger.info("Changing {0} with {1}.".format(ldap_original_file_path, ldap_configured_file_path))
self.util.copy_file(ldap_configured_file_path, ldap_original_file_path)
else:
self.logger.info("Backing up {0}".format(ldap_original_file_path))
self.util.copy_file(ldap_original_file_path, ldap_back_up_file_path)
self.logger.info(
"{0} file is replaced with {1}.".format(ldap_original_file_path, ldap_configured_file_path))
self.util.copy_file(ldap_configured_file_path, ldap_original_file_path)
if self.util.is_exist(pam_script_back_up_file_path):
self.util.copy_file(pam_script_configured_file_path, pam_script_original_file_path)
self.logger.info(
"{0} is replaced with {1}.".format(pam_script_original_file_path, pam_script_configured_file_path))
else:
self.logger.info("Backing up {0}".format(pam_script_original_file_path))
self.util.copy_file(pam_script_original_file_path, pam_script_back_up_file_path)
self.logger.info("{0} file is replaced with {1}".format(pam_script_original_file_path,
pam_script_configured_file_path))
self.util.copy_file(pam_script_configured_file_path, pam_script_original_file_path)
(result_code, p_out, p_err) = self.util.execute("DEBIAN_FRONTEND=noninteractive pam-auth-update --package")
if result_code == 0:
self.logger.info("'DEBIAN_FRONTEND=noninteractive pam-auth-update --package' has run successfully")
else:
self.logger.error(
"'DEBIAN_FRONTEND=noninteractive pam-auth-update --package' could not run successfully: " + p_err)
# Configure nsswitch.conf
file_ns_switch = open("/etc/nsswitch.conf", 'r')
file_data = file_ns_switch.read()
# cleared file data from spaces, tabs and newlines
text = pattern.sub('', file_data)
is_configuration_done_before = False
if ("passwd:compatldap" not in text):
file_data = file_data.replace("passwd: compat", "passwd: compat ldap")
is_configuration_done_before = True
if ("group:compatldap" not in text):
file_data = file_data.replace("group: compat", "group: compat ldap")
is_configuration_done_before = True
if ("shadow:compatldap" not in text):
file_data = file_data.replace("shadow: compat", "shadow: compat ldap")
is_configuration_done_before = True
if is_configuration_done_before:
self.logger.info("nsswitch.conf configuration has been completed")
else:
self.logger.info("nsswitch.conf is already configured")
file_ns_switch.close()
file_ns_switch = open("/etc/nsswitch.conf", 'w')
file_ns_switch.write(file_data)
file_ns_switch.close()
# configure ldap-cache
self.logger.info("Starting to ldap-cache configurations.")
result_code, p_out, p_err = self.util.execute("apt-get install nss-updatedb -y")
if result_code != 0:
self.logger.error("Error occured while downloading nss-updatedb.")
else:
self.logger.info("nss-updatedb downloaded successfully. Configuring /etc/nsswitch.conf.")
file_ns_switch = open("/etc/nsswitch.conf", 'r')
file_data = file_ns_switch.read()
# cleared file data from spaces, tabs and newlines
text = pattern.sub('', file_data)
did_configuration_change = False
if "passwd:compatldap[NOTFOUND=return]db" not in text:
file_data = file_data.replace("passwd: compat ldap",
"passwd: compat ldap [NOTFOUND=return] db")
did_configuration_change = True
if "group:compatldap[NOTFOUND=return]db" not in text:
file_data = file_data.replace("group: compat ldap",
"group: compat ldap [NOTFOUND=return] db")
did_configuration_change = True
if "gshadow:files" in text and "#gshadow:files" not in text:
file_data = file_data.replace("gshadow: files", "#gshadow: files")
did_configuration_change = True
if did_configuration_change:
self.logger.info("nsswitch.conf configuration has been configured for ldap cache.")
else:
self.logger.info("nsswitch.conf has already been configured for ldap cache.")
file_ns_switch.close()
file_ns_switch = open("/etc/nsswitch.conf", 'w')
file_ns_switch.write(file_data)
file_ns_switch.close()
self.util.execute("nss_updatedb ldap")
# create cron job for ldap cache
content = "#!/bin/bash\n" \
"nss-updatedb ldap"
nss_update_cron_job_file_path = "/etc/cron.daily/nss-updatedb"
if self.util.is_exist(nss_update_cron_job_file_path):
self.logger.info(
"{0} exists. File will be deleted and creating new one.".format(nss_update_cron_job_file_path))
self.util.delete_file(nss_update_cron_job_file_path)
self.util.create_file(nss_update_cron_job_file_path)
self.util.write_file(nss_update_cron_job_file_path, content, 'w+')
self.util.execute("chmod +x " + nss_update_cron_job_file_path)
else:
self.logger.info(
"{0} doesnt exist. File will be created and content will be written.".format(
nss_update_cron_job_file_path))
self.util.create_file(nss_update_cron_job_file_path)
self.util.write_file(nss_update_cron_job_file_path, content, 'w+')
self.util.execute("chmod +x " + nss_update_cron_job_file_path)
# configure /etc/libnss-ldap.conf
libnss_ldap_file_path = "/etc/libnss-ldap.conf"
content = "bind_policy hard" \
"\nnss_reconnect_tries 1" \
"\nnss_reconnect_sleeptime 1" \
"\nnss_reconnect_maxsleeptime 8" \
"\nnss_reconnect_maxconntries 2"
if self.util.is_exist(libnss_ldap_file_path):
self.logger.info("{0} exists.".format(libnss_ldap_file_path))
self.util.execute("sed -i '/bind_policy hard/c\\' " + libnss_ldap_file_path)
self.util.execute("sed -i '/nss_reconnect_tries 1/c\\' " + libnss_ldap_file_path)
self.util.execute("sed -i '/nss_reconnect_sleeptime 1/c\\' " + libnss_ldap_file_path)
self.util.execute("sed -i '/nss_reconnect_maxsleeptime 8/c\\' " + libnss_ldap_file_path)
self.util.execute("sed -i '/nss_reconnect_maxconntries 2/c\\' " + libnss_ldap_file_path)
self.util.write_file(libnss_ldap_file_path, content, 'a+')
self.logger.info("Configuration has been made to {0}.".format(libnss_ldap_file_path))
result_code, p_out, p_err = self.util.execute("apt-get install libnss-db libpam-ccreds -y")
if result_code != 0:
self.logger.error("Error occured while downloading libnss-db libpam-ccreds.")
else:
self.logger.error("libnss-db libpam-ccreds are downloaded.")
# configure sudo-ldap
sudo_ldap_conf_file_path = "/etc/sudo-ldap.conf"
content = "sudoers_base ou=Roles," + dn \
+ "\nBASE " + dn \
+ "\nURI ldap://" + server_address
# clean if config is already written
self.util.execute("sed -i '/BASE /c\\' " + sudo_ldap_conf_file_path)
self.util.execute("sed -i '/sudoers_base /c\\' " + sudo_ldap_conf_file_path)
self.util.execute("sed -i '/URI /c\\' " + sudo_ldap_conf_file_path)
if self.util.is_exist(sudo_ldap_conf_file_path):
self.logger.info("{0} exists.".format(sudo_ldap_conf_file_path))
self.util.write_file(sudo_ldap_conf_file_path, content, 'a+')
self.logger.info("Content is written to {0} successfully.".format(sudo_ldap_conf_file_path))
# Configure lightdm.service
# check if 99-pardus-xfce.conf exists if not create
pardus_xfce_path = "/usr/share/lightdm/lightdm.conf.d/99-pardus-xfce.conf"
if not self.util.is_exist(pardus_xfce_path):
self.logger.info("99-pardus-xfce.conf does not exist.")
self.util.create_file(pardus_xfce_path)
file_lightdm = open(pardus_xfce_path, 'a')
file_lightdm.write("[Seat:*]\n")
file_lightdm.write("greeter-hide-users=true")
file_lightdm.close()
self.logger.info("lightdm has been configured.")
else:
self.logger.info("99-pardus-xfce.conf exists. Delete file and create new one.")
self.util.delete_file(pardus_xfce_path)
self.util.create_file(pardus_xfce_path)
file_lightdm = open(pardus_xfce_path, 'a')
file_lightdm.write("[Seat:*]")
file_lightdm.write("greeter-hide-users=true")
file_lightdm.close()
self.logger.info("lightdm.conf has been configured.")
self.util.execute("systemctl restart nscd.service")
self.util.execute("pam-auth-update --force")
self.logger.info("LDAP Login operation has been completed.")
self.logger.info("LDAP Login işlemi başarı ile sağlandı.")
except Exception as e:
self.logger.error(str(e))
self.logger.info("LDAP Login işlemi esnasında hata oluştu.")
raise Exception('LDAP Ayarları yapılırken hata oluştu. Lütfen ağ bağlantınızı kontrol ediniz. Deponuzun güncel olduğundan emin olunuz.')

208
src/base/registration/execute_sssd_ad_authentication.py Normal file
View file

@ -0,0 +1,208 @@
#!/usr/bin/python3
# -*- coding: utf-8 -*-
# Author: Agah Hulusi ÖZ <enghulusi@gmail.com>
from base.scope import Scope
from base.util.util import Util
class ExecuteSSSDAdAuthentication:
def __init__(self):
scope = Scope().get_instance()
self.logger = scope.get_logger()
self.util = Util()
def authenticate(self, domain_name, host_name, ip_address, password, ad_username):
try:
# Create and Configure ad_info file
(result_code, p_out, p_err) = self.util.create_file("/etc/ahenk/ad_info")
if (result_code == 0):
self.logger.info("AD INFO başarılı bir şekilde oluşturuldu")
# Configure ad_info for deregisteration info
default_ad_info_path = "/etc/ahenk/ad_info"
file_default_ad_info = open(default_ad_info_path, 'r')
file_data = file_default_ad_info.read()
file_data = file_data + ("{}".format(ip_address)) + "\n" + ("{}".format(host_name)) + "\n" + (
"{}".format(domain_name)) + "\n" + ("{}".format(ad_username))
self.logger.info("/etc/ahenk/ad_info bilgiler girildi.")
file_default_ad_info.close()
file_default_ad_info = open(default_ad_info_path, 'w')
file_default_ad_info.write(file_data)
file_default_ad_info.close()
else:
self.logger.error("ad_info oluşturma komutu başarısız : " + str(p_err))
self.logger.info("Authenticate starting....")
# Configure /etc/dhcp/dhclient.conf
dhclient_conf_path = "/etc/dhcp/dhclient.conf"
dhc_conf = self.util.read_file_by_line(dhclient_conf_path, "r")
dhc_conf_temp = open(dhclient_conf_path, 'w')
for lines in dhc_conf:
if (lines == "#prepend domain-name-servers 127.0.0.1;\n"):
lines = lines.replace(lines, ("prepend domain-name-servers {};\n".format(ip_address)))
dhc_conf_temp.write(lines)
dhc_conf_temp.close()
file_default_dhcp = open(dhclient_conf_path, 'r')
file_data = file_default_dhcp.read()
if ("prepend domain-name-servers {};\n".format(ip_address)) not in file_data:
file_data = file_data + "\n" + ("prepend domain-name-servers {};".format(ip_address))
file_default_dhcp.close()
file_default_dhcp = open(dhclient_conf_path, 'w')
file_default_dhcp.write(file_data)
file_default_dhcp.close()
# Configure /etc/resolv.conf
resolve_conf_path = "/etc/resolv.conf"
resolve_conf = self.util.read_file_by_line(resolve_conf_path, "r")
resolve_conf_temp = open(resolve_conf_path, 'w')
for lines in resolve_conf:
if (lines == ("nameserver {}\n".format(ip_address))):
continue
lines = lines.replace(lines, ("#" + lines))
resolve_conf_temp.write(lines)
resolve_conf_temp.close()
file_default_resolve = open(resolve_conf_path, 'r')
file_data = file_default_resolve.read()
if ("nameserver {}\n".format(ip_address)) not in file_data:
file_data = file_data + "\n" + ("nameserver {}\n".format(ip_address))
self.logger.info("/etc/resolv.conf is configured")
file_default_resolve.close()
file_default_resolve = open(resolve_conf_path, 'w')
file_default_resolve.write(file_data)
file_default_resolve.close()
# Configure /etc/hosts
host_path = "/etc/hosts"
file_default_hosts = open(host_path, 'r')
file_data = file_default_hosts.read()
if ("{0} {1}".format(ip_address, host_name)) not in file_data:
file_data = file_data + "\n" + ("{0} {1}".format(ip_address, host_name))
self.logger.info("/etc/hosts is configured")
file_default_hosts.close()
file_default_hosts = open(host_path, 'w')
file_default_hosts.write(file_data)
file_default_hosts.close()
# Execute the script that required for "samba-common" and "krb5"
(result_code, p_out, p_err) = self.util.execute("/bin/bash /usr/share/ahenk/base/registration/scripts/ad.sh {0} {1}".format(domain_name.upper(),host_name))
if(result_code == 0):
self.logger.info("Script başarılı bir şekilde çalıştırıldı.")
else:
self.logger.error("Script başarısız oldu : " + str(p_err))
# Installation of required packages
(result_code, p_out, p_err) = self.util.execute("sudo apt-get -y install realmd sssd sssd-tools adcli packagekit samba-common-bin samba-libs")
if (result_code == 0):
self.logger.info("İndirmeler Başarılı")
else:
self.logger.error("İndirmeler Başarısız : " + str(p_err))
# Configure pam.d/common-session
pamd_common_session_path = "/etc/pam.d/common-session"
file_default_pam = open(pamd_common_session_path, 'r')
file_data = file_default_pam.read()
if "session optional pam_mkhomedir.so skel=/etc/skel umask=077" not in file_data:
file_data = file_data + "\n" + "session optional pam_mkhomedir.so skel=/etc/skel umask=077"
self.logger.info("/etc/pam.d/common-session is configured")
file_default_pam.close()
file_default_pam = open(pamd_common_session_path, 'w')
file_default_pam.write(file_data)
file_default_pam.close()
# Execute the commands that require for join Domain
(result_code, p_out, p_err) = self.util.execute("realm discover {}".format(domain_name.upper()))
if (result_code == 0):
self.logger.info("Realm Discover komutu başarılı")
else:
self.logger.error("Realm Discover komutu başarısız : " + str(p_err))
(result_code, p_out, p_err) = self.util.execute("echo \"{0}\" | realm join --user={1} {2}".format(password, ad_username, domain_name.upper()))
if (result_code == 0):
self.logger.info("Realm Join komutu başarılı")
else:
self.logger.error("Realm Join komutu başarısız : " + str(p_err))
# Configure sssd template
sssd_config_template_path = "/usr/share/ahenk/base/registration/config-files/sssd_ad.conf"
sssd_config_folder_path = "/etc/sssd"
sssd_config_file_path = "/etc/sssd/sssd.conf"
if not self.util.is_exist(sssd_config_folder_path):
self.util.create_directory(sssd_config_folder_path)
self.logger.info("{0} folder is created".format(sssd_config_folder_path))
if self.util.is_exist(sssd_config_file_path):
self.util.delete_file(sssd_config_file_path)
self.logger.info("delete sssd org conf")
self.util.copy_file(sssd_config_template_path, sssd_config_folder_path)
self.logger.info("{0} config file is copied under {1}".format(sssd_config_template_path, sssd_config_folder_path))
self.util.rename_file("/etc/sssd/sssd_ad.conf", "/etc/sssd/sssd.conf")
# Configure sssd.conf
file_sssd = open(sssd_config_file_path, 'r')
file_data = file_sssd.read()
file_data = file_data.replace("###domains###", "domains = {}".format(domain_name))
file_data = file_data.replace("###[domain/###", "[domain/{}]".format(domain_name))
file_data = file_data.replace("###ad_domain###", "ad_domain = {}".format(domain_name))
file_data = file_data.replace("###krb5_realm###", "krb5_realm = {}".format(domain_name.upper()))
file_sssd.close()
file_sssd = open(sssd_config_file_path, 'w')
file_sssd.write(file_data)
file_sssd.close()
# Arrangement of chmod as 600 for sssd.conf
(result_code, p_out, p_err) = self.util.execute("chmod 600 {}".format(sssd_config_file_path))
if(result_code == 0):
self.logger.info("Chmod komutu başarılı bir şekilde çalıştırıldı")
else:
self.logger.error("Chmod komutu başarısız : " + str(p_err))
# Configure sssd for language environment
default_sssd_path = "/etc/default/sssd"
file_default_sssd = open(default_sssd_path, 'r')
file_data = file_default_sssd.read()
if not self.util.is_exist(default_sssd_path):
self.util.create_directory(default_sssd_path)
self.logger.info("{0} folder is created".format(default_sssd_path))
if self.util.is_exist(default_sssd_path):
self.util.delete_file(default_sssd_path)
self.logger.info("delete sssd org conf")
if "LC_ALL=\"tr_CY.UTF-8\"" not in file_data :
file_data = file_data + "\n" + "LC_ALL=\"tr_CY.UTF-8\""
self.logger.info("/etc/default/sssd is configured")
file_default_sssd.close()
file_default_sssd = open(default_sssd_path, 'w')
file_default_sssd.write(file_data)
file_default_sssd.close()
self.util.execute("systemctl restart nscd.service")
# self.util.execute("pam-auth-update --force")
self.logger.info("AD Login operation has been completed.")
self.logger.info("AD Login işlemi başarı ile sağlandı.")
return True
except Exception as e:
self.logger.error(str(e))
self.logger.info("AD Login işlemi esnasında hata oluştu.")
return False

163
src/base/registration/execute_sssd_authentication.py Normal file
View file

@ -0,0 +1,163 @@
#!/usr/bin/python3
# -*- coding: utf-8 -*-
# Author: Hasan Kara <h.kara27@gmail.com>
from base.scope import Scope
from base.util.util import Util
import re
class ExecuteSSSDAuthentication:
def __init__(self):
scope = Scope().get_instance()
self.logger = scope.get_logger()
self.util = Util()
def authenticate(self, server_address, dn, admin_dn, admin_password):
try:
ldap_pwdlockout_dn = "cn=DefaultPolicy,ou=PasswordPolicies" + "," + dn
# pattern for clearing file data from spaces, tabs and newlines
pattern = re.compile(r'\s+')
sssd_config_template_path = "/usr/share/ahenk/base/registration/config-files/sssd.conf"
sssd_config_folder_path = "/etc/sssd"
sssd_config_file_path = "/etc/sssd/sssd.conf"
sssd_language_conf = "/etc/default/sssd"
common_session_conf_path = "/etc/pam.d/common-session"
# copy configuration file to /etc/sssd/sssd.conf before package installation
# create sssd folder in /etc
if not self.util.is_exist(sssd_config_folder_path):
self.util.create_directory(sssd_config_folder_path)
self.logger.info("{0} folder is created".format(sssd_config_folder_path))
# Copy sssd.conf template under /etc/sssd
self.util.copy_file(sssd_config_template_path, sssd_config_folder_path)
self.logger.info("{0} config file is copied under {1}".format(sssd_config_template_path, sssd_config_folder_path))
# Configure sssd.conf
file_sssd = open (sssd_config_file_path, 'r')
file_data = file_sssd.read()
file_data = file_data.replace("###ldap_pwdlockout_dn###", "ldap_pwdlockout_dn = " + ldap_pwdlockout_dn)
file_data = file_data.replace("###ldap_uri###", "ldap_uri = " + "ldap://" + server_address + "/")
file_data = file_data.replace("###ldap_default_bind_dn###", "ldap_default_bind_dn = " + admin_dn)
file_data = file_data.replace("###ldap_default_authtok###", "ldap_default_authtok = " + admin_password)
file_data = file_data.replace("###ldap_search_base###", "ldap_search_base = " + dn)
file_data = file_data.replace("###ldap_user_search_base###", "ldap_user_search_base = " + dn)
file_data = file_data.replace("###ldap_group_search_base###", "ldap_group_search_base = " + dn)
file_data = file_data.replace("###ldap_sudo_search_base###", "ldap_sudo_search_base = ou=Roles," + dn)
file_sssd.close()
file_sssd = open(sssd_config_file_path, 'w')
file_sssd.write(file_data)
file_sssd.close()
# Install libpam-sss sssd-common for sssd authentication
(result_code, p_out, p_err) = self.util.execute("sudo apt install libpam-sss sssd-common -y")
if result_code != 0:
self.logger.error("SSSD packages couldn't be downloaded.")
return False
# configure common-session for creating home directories for ldap users
file_common_session = open(common_session_conf_path, 'r')
file_data = file_common_session.read()
if "session optional pam_mkhomedir.so skel=/etc/skel umask=077" not in file_data :
file_data = file_data + "\n" + "session optional pam_mkhomedir.so skel=/etc/skel umask=077"
self.logger.info("common-session is configured")
file_common_session.close()
file_common_session = open(common_session_conf_path, 'w')
file_common_session.write(file_data)
file_common_session.close()
# configure sssd for language environment
file_default_sssd = open(sssd_language_conf, 'r')
file_data = file_default_sssd.read()
if "LC_ALL=\"tr_CY.UTF-8\"" not in file_data :
file_data = file_data + "\n" + "LC_ALL=\"tr_CY.UTF-8\""
self.logger.info("/etc/default/sssd is configured")
file_default_sssd.close()
file_default_sssd = open(sssd_language_conf, 'w')
file_default_sssd.write(file_data)
file_default_sssd.close()
self.logger.info("Restarting sssd service.")
self.util.execute("systemctl restart sssd.service")
# Configure nsswitch.conf
file_ns_switch = open("/etc/nsswitch.conf", 'r')
file_data = file_ns_switch.read()
# cleared file data from spaces, tabs and newlines
text = pattern.sub('', file_data)
is_configuration_done_before = False
if "passwd:compatsss" not in text and "passwd:compat" in text:
file_data = file_data.replace("passwd: compat", "passwd: compat sss")
is_configuration_done_before = True
if "passwd:filessystemdsss" not in text and "passwd:filessystemd" in text:
file_data = file_data.replace("passwd: files systemd", "passwd: files systemd sss")
is_configuration_done_before = True
if "group:compatsss" not in text and "group:compat" in text:
file_data = file_data.replace("group: compat", "group: compat sss")
is_configuration_done_before = True
if "group:filessystemdsss" not in text and "group:filessystemd" in text:
file_data = file_data.replace("group: files systemd", "group: files systemd sss")
is_configuration_done_before = True
if "shadow:compatsss" not in text and "shadow:compat" in text:
file_data = file_data.replace("shadow: compat", "shadow: compat sss")
is_configuration_done_before = True
if "shadow:filessss" not in text and "shadow:files" in text:
file_data = file_data.replace("shadow: files", "shadow: files sss")
is_configuration_done_before = True
if "services:dbfilessss" not in text:
file_data = file_data.replace("services: db files", "services: db files sss")
is_configuration_done_before = True
if "netgroup:nissss" not in text:
file_data = file_data.replace("netgroup: nis", "netgroup: nis sss")
is_configuration_done_before = True
if "sudoers:filessss" not in text and "sudoers:files" in text:
file_data = file_data.replace("sudoers: files", "sudoers: files sss")
is_configuration_done_before = True
elif "sudoers:filessss" in text:
is_configuration_done_before = False
else:
file_data = file_data + "sudoers: files sss"
if is_configuration_done_before:
self.logger.info("nsswitch.conf configuration has been completed")
else:
self.logger.info("nsswitch.conf is already configured")
file_ns_switch.close()
file_ns_switch = open("/etc/nsswitch.conf", 'w')
file_ns_switch.write(file_data)
file_ns_switch.close()
self.util.execute("systemctl restart nscd.service")
# self.util.execute("pam-auth-update --force")
self.logger.info("LDAP Login operation has been completed.")
self.logger.info("LDAP Login işlemi başarı ile sağlandı.")
return True
except Exception as e:
self.logger.error(str(e))
self.logger.info("LDAP Login işlemi esnasında hata oluştu.")
return False

296
src/base/registration/registration.py
View file

@ -15,8 +15,11 @@ import pwd
from base.timer.setup_timer import SetupTimer from base.timer.setup_timer import SetupTimer
from base.timer.timer import Timer from base.timer.timer import Timer
import re import re
import sys
import os import os
from base.registration.execute_cancel_sssd_authentication import ExecuteCancelSSSDAuthentication
from base.registration.execute_sssd_authentication import ExecuteSSSDAuthentication
from base.registration.execute_sssd_ad_authentication import ExecuteSSSDAdAuthentication
from base.registration.execute_cancel_sssd_ad_authentication import ExecuteCancelSSSDAdAuthentication
class Registration: class Registration:
def __init__(self): def __init__(self):
@ -28,55 +31,65 @@ class Registration:
self.conf_manager = scope.get_configuration_manager() self.conf_manager = scope.get_configuration_manager()
self.db_service = scope.get_db_service() self.db_service = scope.get_db_service()
self.util = Util() self.util = Util()
self.service_name='im.liderahenk.org' self.servicename='im.liderahenk.org'
self.local_user_disable = None
#self.event_manager.register_event('REGISTRATION_RESPONSE', self.registration_process) #self.event_manager.register_event('REGISTRATION_RESPONSE', self.registration_process)
self.event_manager.register_event('REGISTRATION_SUCCESS', self.registration_success) self.event_manager.register_event('REGISTRATION_SUCCESS', self.registration_success)
self.event_manager.register_event('REGISTRATION_ERROR', self.registration_error) self.event_manager.register_event('REGISTRATION_ERROR', self.registration_error)
self.ldap_login_cancel = ExecuteCancelSSSDAuthentication()
self.ad_login_cancel = ExecuteCancelSSSDAdAuthentication()
self.ldap_login = ExecuteSSSDAuthentication()
self.ad_login = ExecuteSSSDAdAuthentication()
self.directory_server = None
if self.is_registered(): if self.is_registered():
self.logger.debug('Ahenk already registered') self.logger.debug('Ahenk already registered')
else: else:
self.register(True) self.register(True)
def registration_request(self): def registration_request(self, hostname,username,password):
self.logger.debug('Requesting registration') self.logger.debug('Requesting registration')
# SetupTimer.start(Timer(System.Ahenk.registration_timeout(), timeout_function=self.registration_timeout,checker_func=self.is_registered, kwargs=None)) # SetupTimer.start(Timer(System.Ahenk.registration_timeout(), timeout_function=self.registration_timeout,checker_func=self.is_registered, kwargs=None))
self.host = self.conf_manager.get("CONNECTION", "host")
self.servicename = self.conf_manager.get("CONNECTION", "servicename") self.servicename = self.conf_manager.get("CONNECTION", "servicename")
self.user_name = '' self.host = hostname
self.user_password= '' self.user_name = username
self.user_password= password
if(username is None and password is None and self.host is None ):
self.host = self.conf_manager.get("CONNECTION", "host")
user_name= os.getlogin() user_name= os.getlogin()
self.logger.debug('User : '+ str(user_name)) self.logger.debug('User : '+ str(user_name))
pout = Util.show_registration_message(user_name,'Makineyi Lider MYS sistemine kaydetmek için bilgileri ilgili alanlara giriniz. LÜTFEN DEVAM EDEN İŞLEMLERİ SONLANDIRDIĞINZA EMİN OLUNUZ !', pout = Util.show_registration_message(user_name,'Makineyi Lider MYS sistemine kaydetmek için bilgileri ilgili alanlara giriniz. LÜTFEN DEVAM EDEN İŞLEMLERİ SONLANDIRDIĞINZA EMİN OLUNUZ !',
'LIDER MYS SISTEMINE KAYIT', self.host) 'LIDER MYS SISTEMINE KAYIT', self.host)
self.logger.debug('pout : ' + str(pout)) self.logger.debug('pout : ' + str(pout))
field_values = pout.split(' ') field_values = pout.split(' ')
user_registration_info = list(field_values) user_registration_info = list(field_values)
if self.host == '' : if self.host == '':
self.host = user_registration_info[0] self.host = user_registration_info[0]
self.user_name = user_registration_info[1]; self.user_name = user_registration_info[1]
self.user_password = user_registration_info[2]; self.user_password = user_registration_info[2]
self.directory_server = user_registration_info[3]
else: else:
self.user_name = user_registration_info[0]; self.user_name = user_registration_info[0]
self.user_password = user_registration_info[1]; self.user_password = user_registration_info[1]
self.directory_server = user_registration_info[2]
#anon_messenger = AnonymousMessenger(self.message_manager.registration_msg(user_name,user_password), self.host,self.servicename) #anon_messenger = AnonymousMessenger(self.message_manager.registration_msg(user_name,user_password), self.host,self.servicename)
#anon_messenger.connect_to_server() #anon_messenger.connect_to_server()
self.logger.debug('Requesting registration') self.logger.debug('Requesting registration')
SetupTimer.start(Timer(System.Ahenk.registration_timeout(), timeout_function=self.registration_timeout,checker_func=self.is_registered, kwargs=None)) SetupTimer.start(Timer(System.Ahenk.registration_timeout(), timeout_function=self.registration_timeout,checker_func=self.is_registered, kwargs=None))
anon_messenger = AnonymousMessenger(self.message_manager.registration_msg(self.user_name,self.user_password), self.host,self.servicename) anon_messenger = AnonymousMessenger(self.message_manager.registration_msg(self.user_name,self.user_password,self.directory_server), self.host,self.servicename)
anon_messenger.connect_to_server() anon_messenger.connect_to_server()
def ldap_registration_request(self): def ldap_registration_request(self):
@ -84,121 +97,24 @@ class Registration:
self.messenger.send_Direct_message(self.message_manager.ldap_registration_msg()) self.messenger.send_Direct_message(self.message_manager.ldap_registration_msg())
def registration_success(self, reg_reply): def registration_success(self, reg_reply):
self.logger.info('Registration update starting')
try: try:
self.local_user_disable = reg_reply['disableLocalUser']
if self.local_user_disable is True:
self.conf_manager.set('MACHINE', 'user_disabled', 'true')
else:
self.conf_manager.set('MACHINE', 'user_disabled', 'false')
self.logger.info('LDAP Registration update starting')
dn = str(reg_reply['agentDn']) dn = str(reg_reply['agentDn'])
self.logger.info('Current dn:' + dn) self.logger.info('Current dn:' + dn)
self.logger.info('updating host name and service') self.logger.info('updating host name and service')
self.install_and_config_ldap(reg_reply)
self.update_registration_attrs(dn) self.update_registration_attrs(dn)
except Exception as e: # lightdm configuration by desktop env is XFCE
self.logger.error('Registartion error. Error Message: {0}.'.format(str(e))) self.desktop_env = self.util.get_desktop_env()
print(e) self.logger.info("Get desktop environment is {0}".format(self.desktop_env))
raise if self.desktop_env == "xfce":
def install_and_config_ldap(self, reg_reply):
self.logger.info('ldap install process starting')
server_address = str(reg_reply['ldapServer'])
dn = str(reg_reply['ldapBaseDn'])
version = str(reg_reply['ldapVersion'])
admin_dn = str(reg_reply['ldapUserDn']) # get user full dn from server.. password same
admin_password = self.user_password # same user get from server
if server_address != '' and dn != '' and version != '' and admin_dn != '' and admin_password != '':
(result_code, p_out, p_err) = self.util.execute("/bin/bash /usr/share/ahenk/plugins/ldap-login/scripts/ldap-login.sh {0} {1} {2} {3} {4}".format(
server_address, "\'" + dn + "\'", "\'" + admin_dn + "\'", "\'" + admin_password + "\'", version))
if result_code == 0:
self.logger.info("Script has run successfully")
self.change_pam_ldap_configs()
else:
self.logger.error("Script could not run successfully: " + p_err)
print("ERROR ---> " + str(p_err))
raise Exception('LDAP Ayarları yapılırken hata oluştu. Lütfen ağ bağlantınızı kontrol ediniz. Deponuzun güncel olduğundan emin olunuz.')
else :
raise Exception(
'LDAP Ayarları yapılırken hata oluştu. Lütfen ağ bağlantınızı kontrol ediniz. Deponuzun güncel olduğundan emin olunuz.')
def registration_error(self, reg_reply):
self.re_register()
def change_pam_ldap_configs(self):
# pattern for clearing file data from spaces, tabs and newlines
pattern = re.compile(r'\s+')
pam_scripts_original_directory_path = "/usr/share/ahenk/pam_scripts_original"
ldap_back_up_file_path = "/usr/share/ahenk/pam_scripts_original/ldap"
ldap_original_file_path = "/usr/share/pam-configs/ldap"
ldap_configured_file_path = "/usr/share/ahenk/plugins/ldap-login/config-files/ldap"
pam_script_back_up_file_path = "/usr/share/ahenk/pam_scripts_original/pam_script"
pam_script_original_file_path = "/usr/share/pam-configs/pam_script"
pam_script_configured_file_path = "/usr/share/ahenk/plugins/ldap-login/config-files/pam_script"
#create pam_scripts_original directory if not exists
if not self.util.is_exist(pam_scripts_original_directory_path):
self.logger.info("Creating {0} directory.".format(pam_scripts_original_directory_path))
self.util.create_directory(pam_scripts_original_directory_path)
if self.util.is_exist(ldap_back_up_file_path):
self.logger.info("Changing {0} with {1}.".format(ldap_original_file_path, ldap_configured_file_path))
self.util.copy_file(ldap_configured_file_path, ldap_original_file_path)
else:
self.logger.info("Backing up {0}".format(ldap_original_file_path))
self.util.copy_file(ldap_original_file_path, ldap_back_up_file_path)
self.logger.info("{0} file is replaced with {1}.".format(ldap_original_file_path, ldap_configured_file_path))
self.util.copy_file(ldap_configured_file_path, ldap_original_file_path)
if self.util.is_exist(pam_script_back_up_file_path):
self.util.copy_file(pam_script_configured_file_path, pam_script_original_file_path)
self.logger.info("{0} is replaced with {1}.".format(pam_script_original_file_path, pam_script_configured_file_path))
else:
self.logger.info("Backing up {0}".format(pam_script_original_file_path))
self.util.copy_file(pam_script_original_file_path, pam_script_back_up_file_path)
self.logger.info("{0} file is replaced with {1}".format(pam_script_original_file_path, pam_script_configured_file_path))
self.util.copy_file(pam_script_configured_file_path, pam_script_original_file_path)
(result_code, p_out, p_err) = self.util.execute("DEBIAN_FRONTEND=noninteractive pam-auth-update --package")
if result_code == 0:
self.logger.info("'DEBIAN_FRONTEND=noninteractive pam-auth-update --package' has run successfully")
else:
self.logger.error("'DEBIAN_FRONTEND=noninteractive pam-auth-update --package' could not run successfully: " + p_err)
# Configure nsswitch.conf
file_ns_switch = open("/etc/nsswitch.conf", 'r')
file_data = file_ns_switch.read()
# cleared file data from spaces, tabs and newlines
text = pattern.sub('', file_data)
is_configuration_done_before = False
if ("passwd:compatldap" not in text):
file_data = file_data.replace("passwd: compat", "passwd: compat ldap")
is_configuration_done_before = True
if ("group:compatldap" not in text):
file_data = file_data.replace("group: compat", "group: compat ldap")
is_configuration_done_before = True
if ("shadow:compatldap" not in text):
file_data = file_data.replace("shadow: compat", "shadow: compat ldap")
is_configuration_done_before = True
if is_configuration_done_before:
self.logger.info("nsswitch.conf configuration has been completed")
else:
self.logger.info("nsswitch.conf is already configured")
file_ns_switch.close()
file_ns_switch = open("/etc/nsswitch.conf", 'w')
file_ns_switch.write(file_data)
file_ns_switch.close()
# Configure lightdm.service # Configure lightdm.service
# check if 99-pardus-xfce.conf exists if not create # check if 99-pardus-xfce.conf exists if not create
pardus_xfce_path = "/usr/share/lightdm/lightdm.conf.d/99-pardus-xfce.conf" pardus_xfce_path = "/usr/share/lightdm/lightdm.conf.d/99-pardus-xfce.conf"
@ -221,9 +137,18 @@ class Registration:
file_lightdm.write("greeter-hide-users=true") file_lightdm.write("greeter-hide-users=true")
file_lightdm.close() file_lightdm.close()
self.logger.info("lightdm.conf has been configured.") self.logger.info("lightdm.conf has been configured.")
self.util.execute("systemctl restart nscd.service")
self.logger.info("Operation finished")
# LDAP registration
if self.directory_server == "LDAP":
self.install_and_config_ldap(reg_reply)
# AD registration
else:
self.install_and_config_ad(reg_reply)
except Exception as e:
self.logger.error('Registration error. Error Message: {0}.'.format(str(e)))
print(e)
raise
def update_registration_attrs(self, dn=None): def update_registration_attrs(self, dn=None):
self.logger.debug('Registration configuration is updating...') self.logger.debug('Registration configuration is updating...')
@ -244,7 +169,39 @@ class Registration:
self.conf_manager.write(configfile) self.conf_manager.write(configfile)
self.logger.debug('Registration configuration file is updated') self.logger.debug('Registration configuration file is updated')
def install_and_config_ldap(self, reg_reply):
self.logger.info('ldap install process starting')
server_address = str(reg_reply['ldapServer'])
dn = str(reg_reply['ldapBaseDn'])
version = str(reg_reply['ldapVersion'])
admin_dn = str(reg_reply['ldapUserDn']) # get user full dn from server.. password same
#admin_password = self.user_password # same user get from server
admin_password = self.db_service.select_one_result('registration', 'password', ' registered=1')
self.ldap_login.authenticate(server_address, dn, admin_dn, admin_password)
if server_address != '' and dn != '' and version != '' and admin_dn != '' and admin_password != '':
self.logger.info("SSSD configuration process starting....")
self.logger.info("SSSD configuration process starting....")
else :
raise Exception(
'LDAP Ayarları yapılırken hata oluştu. Lütfen ağ bağlantınızı kontrol ediniz. Deponuzun güncel olduğundan emin olunuz.')
def install_and_config_ad(self, reg_reply):
self.logger.info('AD install process starting')
domain_name = str(reg_reply['adDomainName'])
host_name = str(reg_reply['adHostName'])
ip_address = str(reg_reply['adIpAddress'])
password = str(reg_reply['adAdminPassword'])
ad_username = str(reg_reply['adAdminUserName'])
if domain_name is None or host_name is None or ip_address is None or password is None :
self.logger.error("Registration params is null")
return
self.ad_login.authenticate(domain_name, host_name, ip_address, password, ad_username)
def registration_error(self, reg_reply):
self.re_register()
def is_registered(self): def is_registered(self):
try: try:
@ -349,43 +306,50 @@ class Registration:
'and it is connected to XMPP server! Check your Ahenk configuration file (/etc/ahenk/ahenk.conf)') 'and it is connected to XMPP server! Check your Ahenk configuration file (/etc/ahenk/ahenk.conf)')
self.logger.error('Ahenk is shutting down...') self.logger.error('Ahenk is shutting down...')
print('Ahenk is shutting down...') print('Ahenk is shutting down...')
Util.show_message(os.getlogin(),':0',"Lider MYS sistemine ulaşılamadı. Lütfen sunucu adresini kontrol ediniz....","HATA") Util.show_message(os.getlogin(),':0',"Lider MYS sistemine ulaşılamadı. Lütfen sunucu adresini kontrol ediniz....","HATA")
System.Process.kill_by_pid(int(System.Ahenk.get_pid_number())) System.Process.kill_by_pid(int(System.Ahenk.get_pid_number()))
def purge_and_unregister(self): def purge_and_unregister(self):
try: try:
self.logger.info('Ahenk conf cleaned') self.logger.info('Ahenk conf cleaned')
self.logger.info('Ahenk conf cleaning from db') self.logger.info('Ahenk conf cleaning from db')
self.unregister() self.unregister()
self.logger.info('Purge ldap packages')
Util.execute("sudo apt purge libpam-ldap libnss-ldap ldap-utils -y") directory_type = "LDAP"
# self.logger.info('Purge ahenk packages') if self.util.is_exist("/etc/ahenk/ad_info"):
# Util.execute("sudo apt purge ahenk ahenk-* -y") directory_type = "AD"
Util.execute("sudo apt autoremove -y")
self.change_configs_after_purge() if directory_type == "LDAP":
self.logger.info('purging successfull') self.ldap_login_cancel.cancel()
else:
self.ad_login_cancel.cancel()
self.logger.info('Cleaning ahenk conf..') self.logger.info('Cleaning ahenk conf..')
self.clean() self.clean()
self.logger.info('Ahenk conf cleaned from db') self.logger.info('Ahenk conf cleaned from db')
if self.conf_manager.has_section('MACHINE'):
user_disabled = self.conf_manager.get("MACHINE", "user_disabled")
self.logger.info('User disabled value=' + str(user_disabled))
if user_disabled != 'false':
self.logger.info('Enable Users') self.logger.info('Enable Users')
self.enable_local_users() self.enable_local_users()
Util.shutdown() else:
self.logger.info('Local users already enabled')
# İf desktop env is XFCE configured lightdm.service
if self.util.get_desktop_env() == "xfce":
pardus_xfce_path = "/usr/share/lightdm/lightdm.conf.d/99-pardus-xfce.conf"
if self.util.is_exist(pardus_xfce_path):
self.logger.info("99-pardus-xfce.conf exists. Deleting file.")
self.util.delete_file(pardus_xfce_path)
Util.shutdown()
except Exception as e: except Exception as e:
self.logger.error("Error while running purge_and_unregister process.. Error Message " + str(e)) self.logger.error("Error while running purge_and_unregister process.. Error Message " + str(e))
#System.Process.kill_by_pid(int(System.Ahenk.get_pid_number())) #System.Process.kill_by_pid(int(System.Ahenk.get_pid_number()))
#sys.exit(2) #sys.exit(2)
def change_configs_after_purge(self): def change_configs_after_purge(self):
# pattern for clearing file data from spaces, tabs and newlines # pattern for clearing file data from spaces, tabs and newlines
pattern = re.compile(r'\s+') pattern = re.compile(r'\s+')
@ -402,7 +366,8 @@ class Registration:
self.util.delete_file(ldap_back_up_file_path) self.util.delete_file(ldap_back_up_file_path)
if self.util.is_exist(pam_script_back_up_file_path): if self.util.is_exist(pam_script_back_up_file_path):
self.logger.info("Replacing {0} with {1}".format(pam_script_original_file_path, pam_script_back_up_file_path)) self.logger.info(
"Replacing {0} with {1}".format(pam_script_original_file_path, pam_script_back_up_file_path))
self.util.copy_file(pam_script_back_up_file_path, pam_script_original_file_path) self.util.copy_file(pam_script_back_up_file_path, pam_script_original_file_path)
self.logger.info("Deleting {0}".format(pam_script_back_up_file_path)) self.logger.info("Deleting {0}".format(pam_script_back_up_file_path))
self.util.delete_file(pam_script_back_up_file_path) self.util.delete_file(pam_script_back_up_file_path)
@ -411,7 +376,8 @@ class Registration:
if result_code == 0: if result_code == 0:
self.logger.info("'DEBIAN_FRONTEND=noninteractive pam-auth-update --package' has run successfully") self.logger.info("'DEBIAN_FRONTEND=noninteractive pam-auth-update --package' has run successfully")
else: else:
self.logger.error("'DEBIAN_FRONTEND=noninteractive pam-auth-update --package' could not run successfully: " + p_err) self.logger.error(
"'DEBIAN_FRONTEND=noninteractive pam-auth-update --package' could not run successfully: " + p_err)
# Configure nsswitch.conf # Configure nsswitch.conf
file_ns_switch = open("/etc/nsswitch.conf", 'r') file_ns_switch = open("/etc/nsswitch.conf", 'r')
@ -421,18 +387,22 @@ class Registration:
text = pattern.sub('', file_data) text = pattern.sub('', file_data)
did_configuration_change = False did_configuration_change = False
if "passwd:compatldap" in text: if "passwd:compatldap[NOTFOUND=return]db" in text:
file_data = file_data.replace("passwd: compat ldap", "passwd: compat") file_data = file_data.replace("passwd: compat ldap [NOTFOUND=return] db", "passwd: compat")
did_configuration_change = True did_configuration_change = True
if "group:compatldap" in text: if "group:compatldap[NOTFOUND=return]db" in text:
file_data = file_data.replace("group: compat ldap", "group: compat") file_data = file_data.replace("group: compat ldap [NOTFOUND=return] db", "group: compat")
did_configuration_change = True did_configuration_change = True
if "shadow:compatldap" in text: if "shadow:compatldap" in text:
file_data = file_data.replace("shadow: compat ldap", "shadow: compat") file_data = file_data.replace("shadow: compat ldap", "shadow: compat")
did_configuration_change = True did_configuration_change = True
if "#gshadow:files" in text:
file_data = file_data.replace("#gshadow: files", "gshadow: files")
did_configuration_change = True
if did_configuration_change: if did_configuration_change:
self.logger.info("nsswitch.conf configuration has been configured") self.logger.info("nsswitch.conf configuration has been configured")
else: else:
@ -443,6 +413,12 @@ class Registration:
file_ns_switch.write(file_data) file_ns_switch.write(file_data)
file_ns_switch.close() file_ns_switch.close()
# Configure ldap-cache
nss_update_cron_job_file_path = "/etc/cron.daily/nss-updatedb"
if self.util.is_exist(nss_update_cron_job_file_path):
self.util.delete_file(nss_update_cron_job_file_path)
self.logger.info("{0} is deleted.".format(nss_update_cron_job_file_path))
# Configure lightdm.service # Configure lightdm.service
pardus_xfce_path = "/usr/share/lightdm/lightdm.conf.d/99-pardus-xfce.conf" pardus_xfce_path = "/usr/share/lightdm/lightdm.conf.d/99-pardus-xfce.conf"
if self.util.is_exist(pardus_xfce_path): if self.util.is_exist(pardus_xfce_path):
@ -452,7 +428,6 @@ class Registration:
self.util.execute("systemctl restart nscd.service") self.util.execute("systemctl restart nscd.service")
self.logger.info("Operation finished") self.logger.info("Operation finished")
def clean(self): def clean(self):
print('Ahenk cleaning..') print('Ahenk cleaning..')
import configparser import configparser
@ -473,7 +448,7 @@ class Registration:
config.set('CONNECTION', 'uid', '') config.set('CONNECTION', 'uid', '')
config.set('CONNECTION', 'password', '') config.set('CONNECTION', 'password', '')
config.set('MACHINE', 'user_disabled', '0') config.set('MACHINE', 'user_disabled', 'false')
with open(System.Ahenk.config_path(), 'w') as file: with open(System.Ahenk.config_path(), 'w') as file:
config.write(file) config.write(file)
@ -508,6 +483,20 @@ class Registration:
change_username = 'usermod -l {0} {1}' change_username = 'usermod -l {0} {1}'
content = Util.read_file('/etc/passwd') content = Util.read_file('/etc/passwd')
kill_all_process = 'killall -KILL -u {}' kill_all_process = 'killall -KILL -u {}'
change_permisson = "chmod -R 700 {}"
add_user_conf_file = "/etc/adduser.conf"
file_dir_mode = open(add_user_conf_file, 'r')
file_data = file_dir_mode.read()
file_data = file_data.replace("DIR_MODE=0755", "DIR_MODE=0700")
file_dir_mode.close()
file_dir_mode = open(add_user_conf_file, 'w')
file_dir_mode.write(file_data)
file_dir_mode.close()
self.logger.info("add user mode changed to 0700 in file {}".format(add_user_conf_file))
for p in pwd.getpwall(): for p in pwd.getpwall():
self.logger.info("User: '{0}' will be disabled and changed username and home directory of username".format(p.pw_name)) self.logger.info("User: '{0}' will be disabled and changed username and home directory of username".format(p.pw_name))
if not sysx.shell_is_interactive(p.pw_shell): if not sysx.shell_is_interactive(p.pw_shell):
@ -521,3 +510,4 @@ class Registration:
Util.execute(passwd_cmd.format(p.pw_name)) Util.execute(passwd_cmd.format(p.pw_name))
Util.execute(change_username.format(new_username, p.pw_name)) Util.execute(change_username.format(new_username, p.pw_name))
Util.execute(change_home.format(new_home_dir, new_username)) Util.execute(change_home.format(new_home_dir, new_username))
Util.execute(change_permisson.format(new_home_dir))

26
src/base/registration/scripts/ad.sh Normal file
View file

@ -0,0 +1,26 @@
#!/bin/bash
#set debconf krb5 and samba-common
ad_domain_name=$1
ad_host_name=$2
echo "samba-common samba-common/workgroup string WORKGROUP" | sudo debconf-set-selections
echo "samba-common samba-common/dhcp boolean false" | sudo debconf-set-selections
echo "samba-common samba-common/do_debconf boolean true" | sudo debconf-set-selections
apt-get -y install samba-common
cat > /root/debconf-krb5.conf <<EOF
krb5-config krb5-config/read_conf boolean true
krb5-config krb5-config/kerberos_servers string
krb5-config krb5-config/add_servers boolean false
krb5-config krb5-config/default_realm string ${ad_domain_name}
krb5-config krb5-config/add_servers_realm string ${ad_host_name}
krb5-config krb5-config/admin_server string ${ad_host_name}
EOF
export DEBIAN_FRONTEND=noninteractive
cat /root/debconf-krb5.conf | debconf-set-selections
apt-get install krb5-user -y

60
src/base/registration/scripts/ldap-login.sh Executable file
View file

@ -0,0 +1,60 @@
#!/bin/bash
#Author: <tuncay.colak@tubitak.gov.tr>
#set debconf libnss-ldap and libpam-ldap
ldap_hostname=$1
ldap_base_dn=$2
ldap_user_dn=$3
ldap_user_pwd=$4
ldap_version=$5
echo 'debconf debconf/frontend select Noninteractive' | debconf-set-selections
## libnss-ldap
echo -e " \
libnss-ldap libnss-ldap/dblogin boolean false
libnss-ldap shared/ldapns/base-dn string $ldap_base_dn
libnss-ldap libnss-ldap/binddn string $ldap_user_dn
libnss-ldap libnss-ldap/dbrootlogin boolean true
libnss-ldap libnss-ldap/override boolean true
libnss-ldap shared/ldapns/ldap-server string $ldap_hostname
libnss-ldap libnss-ldap/confperm boolean false
libnss-ldap libnss-ldap/rootbinddn string $ldap_user_dn
libnss-ldap shared/ldapns/ldap_version select $ldap_version
libnss-ldap libnss-ldap/nsswitch note
libpam-ldap libpam-ldap/dblogin boolean false
libpam-ldap libpam-ldap/dbrootlogin boolean true
libpam-ldap libpam-ldap/override boolean true
libpam-ldap libpam-ldap/pam_password string crypt
libpam-ldap libpam-ldap/rootbinddn string $ldap_user_dn
libpam-ldap libpam-runtime/override boolean false \
" | debconf-set-selections
echo "Name: libnss-ldap/bindpw
Template: libnss-ldap/bindpw
Owners: libnss-ldap, libnss-ldap:amd64
Name: libnss-ldap/rootbindpw
Template: libnss-ldap/rootbindpw
Value:
Owners: libnss-ldap, libnss-ldap:amd64
Flags: seen
Name: libpam-ldap/bindpw
Template: libpam-ldap/bindpw
Owners: libpam-ldap, libpam-ldap:amd64
Name: libpam-ldap/rootbindpw
Template: libpam-ldap/rootbindpw
Value:
Owners: libpam-ldap, libpam-ldap:amd64
Flags: seen
Variables:
filename = /etc/pam_ldap.secret
package = libpam-ldap" >> /var/cache/debconf/passwords.dat
echo $ldap_user_pwd > /etc/pam_ldap.secret
apt update
apt-get install libpam-ldap libnss-ldap ldap-utils -y
SUDO_FORCE_REMOVE=yes apt-get install sudo-ldap -y

91
src/base/registration/test.py Normal file
View file

@ -0,0 +1,91 @@
#!/usr/bin/python3
# -*- coding: utf-8 -*-
# Author: Hasan Kara <h.kara27@gmail.com>
from base.scope import Scope
from base.util.util import Util
import re
class ExecuteCancelSSSDAuthentication:
def __init__(self):
scope = Scope().get_instance()
self.logger = scope.get_logger()
self.util = Util()
def cancel(self):
self.util.execute("apt purge libpam-sss sssd-common -y")
self.util.execute("apt autoremove -y")
if self.util.is_exist("/etc/sssd"):
self.util.delete_folder("/etc/sssd")
# pattern for clearing file data from spaces, tabs and newlines
pattern = re.compile(r'\s+')
# Configure nsswitch.conf
file_ns_switch = open("/etc/nsswitch.conf", 'r')
file_data = file_ns_switch.read()
# cleared file data from spaces, tabs and newlines
text = pattern.sub('', file_data)
did_configuration_change = False
if "passwd:compatsss" in text:
file_data = file_data.replace("passwd: compat sss", "passwd: compat")
did_configuration_change = True
if "group:compatsss" in text:
file_data = file_data.replace("group: compat sss", "group: compat")
did_configuration_change = True
if "shadow:compatsss" in text:
file_data = file_data.replace("shadow: compat sss", "shadow: compat")
did_configuration_change = True
if "services:dbfilessss" in text:
file_data = file_data.replace("services: db files sss", "services: db files")
did_configuration_change = True
if "netgroup:nissss" in text:
file_data = file_data.replace("netgroup: nis sss", "netgroup: nis")
did_configuration_change = True
if "sudoers:filessss" in text:
file_data = file_data.replace("sudoers: files sss", "")
did_configuration_change = True
if did_configuration_change:
self.logger.info("nsswitch.conf configuration has been configured")
else:
self.logger.info("nsswitch.conf has already been configured")
file_ns_switch.close()
file_ns_switch = open("/etc/nsswitch.conf", 'w')
file_ns_switch.write(file_data)
file_ns_switch.close()
common_session_conf_path = "/etc/pam.d/common-session"
# configure common-session for creating home directories for ldap users
file_common_session = open(common_session_conf_path, 'r')
file_data = file_common_session.read()
if "session optional pam_mkhomedir.so skel=/etc/skel umask=077" in file_data:
file_data = file_data.replace("session optional pam_mkhomedir.so skel=/etc/skel umask=077", "")
self.logger.info("common-session is configured")
file_common_session.close()
file_common_session = open(common_session_conf_path, 'w')
file_common_session.write(file_data)
file_common_session.close()
# Configure lightdm.service
pardus_xfce_path = "/usr/share/lightdm/lightdm.conf.d/99-pardus-xfce.conf"
if self.util.is_exist(pardus_xfce_path):
self.logger.info("99-pardus-xfce.conf exists. Deleting file.")
self.util.delete_file(pardus_xfce_path)
self.util.execute("systemctl restart nscd.service")
self.logger.info("LDAP Login iptal etme işlemi başarı ile sağlandı.")

97
src/base/util/util.py
View file

@ -17,16 +17,21 @@ from base.scope import Scope
class Util: class Util:
def __init__(self): def __init__(self):
super().__init__() super().__init__()
@staticmethod
def get_ask_path_file():
return '/usr/share/ahenk/base/agreement/'
@staticmethod @staticmethod
def close_session(username): def close_session(username):
Util.execute('pkill -9 -u {0}'.format(username)) Util.execute('pkill -9 -u {0}'.format(username))
@staticmethod @staticmethod
def shutdown(): def shutdown():
print("shutting down")
Util.execute('reboot') Util.execute('reboot')
@staticmethod @staticmethod
@ -138,6 +143,16 @@ class Util:
except: except:
raise raise
@staticmethod
def get_executable_path(app_name):
path = None
try:
path = shutil.which(app_name)
except:
raise
finally:
return path
@staticmethod @staticmethod
def execute(command, stdin=None, env=None, cwd=None, shell=True, result=True, as_user=None, ip=None): def execute(command, stdin=None, env=None, cwd=None, shell=True, result=True, as_user=None, ip=None):
@ -225,8 +240,9 @@ class Util:
def file_group(full_path): def file_group(full_path):
try: try:
st = os.stat(full_path) st = os.stat(full_path)
gid = st.st_uid gid = st.st_gid
return grp.getgrgid(gid)[0] # return grp.getgrgid(gid)[0]
return gid
except: except:
raise raise
@ -332,15 +348,20 @@ class Util:
Util.execute('export DISPLAY={0}; su - {1} -c \'{2}\''.format(display, user, inner_command)) Util.execute('export DISPLAY={0}; su - {1} -c \'{2}\''.format(display, user, inner_command))
@staticmethod @staticmethod
def show_message(username,display=':0',message='', title=''): def show_message(username, display, message='', title=''):
ask_path = '/usr/share/ahenk/base/agreement/confirm.py' ask_path = Util.get_ask_path_file()+ 'confirm.py'
Scope.get_instance().get_logger().debug('DISPLAYYYY --------->>>>>>>>: ' + str(display))
if display is None:
display_number = Util.get_username_display()
else:
display_number = display
try: try:
if username is not None: if username is not None:
command = 'export DISPLAY={0};su - {1} -c \'python3 {2} \"{3}\" \"{4}\"\''.format(display, username, command = 'su - {0} -c \'python3 {1} \"{2}\" \"{3}\" \"{4}\"\''.format(username, ask_path, message,
ask_path, title, display_number)
message,
title)
result_code, p_out, p_err = Util.execute(command) result_code, p_out, p_err = Util.execute(command)
if p_out.strip() == 'Y': if p_out.strip() == 'Y':
@ -355,22 +376,26 @@ class Util:
except Exception as e : except Exception as e :
print("Error when showing message " + str(e)) print("Error when showing message " + str(e))
return None; return None
@staticmethod @staticmethod
def show_registration_message(login_user_name,message,title,host=None): def show_registration_message(login_user_name,message,title,host=None):
ask_path = '/usr/share/ahenk/base/agreement/ahenkmessage.py'
display_number = ":0" ask_path = Util.get_ask_path_file()+ 'ahenkmessage.py'
# display_number = ":0"
display_number = Util.get_username_display()
if host is None: if host is None:
command = 'export DISPLAY={0}; su - {1} -c \"python3 {2} \'{3}\' \'{4}\' \"'.format(display_number, login_user_name, command = 'su - {0} -c \"python3 {1} \'{2}\' \'{3}\' \'{4}\' \"'.format(login_user_name,
ask_path, message, title) ask_path, message, title, display_number)
else: else:
command = 'export DISPLAY={0}; su - {1} -c \"python3 {2} \'{3}\' \'{4}\' \'{5}\' \"'.format(display_number, command = 'su - {0} -c \"python3 {1} \'{2}\' \'{3}\' \'{4}\' \'{5}\' \"'.format(login_user_name,
login_user_name,
ask_path, ask_path,
message, title, message, title,
host) host, display_number)
result_code, p_out, p_err = Util.execute(command) result_code, p_out, p_err = Util.execute(command)
pout = str(p_out).replace('\n', '') pout = str(p_out).replace('\n', '')
@ -380,16 +405,42 @@ class Util:
@staticmethod @staticmethod
def show_unregistration_message(login_user_name,display_number,message,title): def show_unregistration_message(login_user_name,display_number,message,title):
ask_path = '/usr/share/ahenk/base/agreement/unregistrationmessage.py' ask_path = Util.get_ask_path_file()+ 'unregistrationmessage.py'
command = 'export DISPLAY={0}; su - {1} -c \"python3 {2} \'{3}\' \'{4}\' \"'.format(display_number, command = 'su - {0} -c \"python3 {1} \'{2}\' \'{3}\' \'{4}\' \"'.format(login_user_name, ask_path, message, title, display_number)
login_user_name,
ask_path,
message, title
)
result_code, p_out, p_err = Util.execute(command) result_code, p_out, p_err = Util.execute(command)
pout = str(p_out).replace('\n', '') pout = str(p_out).replace('\n', '')
return pout return pout
@staticmethod
def get_username_display():
result_code, p_out, p_err = Util.execute("who | awk '{print $1, $5}' | sed 's/(://' | sed 's/)//'", result=True)
result = []
lines = str(p_out).split('\n')
for line in lines:
arr = line.split(' ')
if len(arr) > 1 and str(arr[1]).isnumeric() is True:
result.append(line)
params = str(result[0]).split(' ')
display_number = params[1]
display_number = ":"+str(display_number)
return display_number
@staticmethod
def get_desktop_env():
xfce4_session = "/usr/bin/xfce4-session"
gnome_session = "/usr/bin/gnome-session"
desktop_env = None
result_code, p_out, p_err = Util.execute("ls {}".format(gnome_session))
if result_code == 0:
desktop_env = "gnome"
result_code, p_out, p_err = Util.execute("ls {}".format(xfce4_session))
if result_code == 0:
desktop_env = "xfce"
return desktop_env

18
src/plugins/browser/main.py Normal file
View file

@ -0,0 +1,18 @@
#!/usr/bin/env python3
# -*- coding: utf-8 -*-
# Author: >
# Author: Volkan Şahin <volkansah.in> <bm.volkansahin@gmail.com>
def info():
inf = dict()
inf['name'] = 'browser'
inf['version'] = '1.0.0'
inf['support'] = 'debian'
inf['description'] = 'Browser plugin provides to managing user or global firefox profile like setting homepage etc.'
inf['task'] = True
inf['user_oriented'] = True
inf['machine_oriented'] = True
inf['developer'] = 'bm.volkansahin@gmail.com'
return inf

173
src/plugins/browser/policy.py Normal file
View file

@ -0,0 +1,173 @@
#!/usr/bin/env python3
# -*- coding: utf-8 -*-
# Author: Volkan Şahin <volkansah.in> <bm.volkansahin@gmail.com>
# Author: Tuncay Çolak <tuncay.colak@tubitak.gov.tr> <tncyclk05@gmail.com>
import json
from base.plugin.abstract_plugin import AbstractPlugin
class Browser(AbstractPlugin):
"""docstring for Browser"""
def __init__(self, data, context):
super(AbstractPlugin, self).__init__()
self.data = data
self.context = context
self.logger = self.get_logger()
self.message_code = self.get_message_code()
self.mozilla_config_file = 'mozilla.cfg'
self.local_settings_JS_file = 'local-settings.js'
self.local_settings_JS_path = 'defaults/pref/'
self.logger.info('Parameters were initialized.')
def handle_policy(self):
self.logger.info('Browser plugin handling...')
try:
username = self.context.get('username')
self.logger.info('Username: {}'.format(username))
if username is not None:
self.logger.debug('Writing preferences to user profile')
self.write_to_user_profile(username)
self.context.create_response(code=self.message_code.POLICY_PROCESSED.value, message='Kullanıcı browser profili başarıyla uygulandı.')
else:
self.logger.debug('Writing preferences to global profile')
self.write_to_global_profile()
self.context.create_response(code=self.message_code.POLICY_PROCESSED.value, message='Ajan browser profili başarıyla uygulandı.')
self.logger.info('Browser profile is handled successfully')
except Exception as e:
self.logger.error('A problem occurred while handling browser profile: {0}'.format(str(e)))
self.context.create_response(code=self.message_code.POLICY_ERROR.value, message='Browser profili uygulanırken bir hata oluştu.')
def write_to_user_profile(self, username):
try:
username = str(username).strip()
profile_paths = self.find_user_preference_paths(username)
if profile_paths is not None:
# User might have multiple firefox profile directories
for path in profile_paths:
if self.is_exist(path):
path = str(path) + '/user.js'
user_jss = open(path, 'w')
preferences = json.loads(self.data)['preferences']
self.logger.debug('Writing preferences to user.js file ...')
for pref in preferences:
if pref['value'].isdigit() or str(pref['value']) == 'false' or str(pref['value']) == 'true':
value = pref['value']
else:
value = '\"' + pref['value'] + '\"'
line = 'user_pref("' + str(pref['preferenceName']) + '",' + value + ');\n'
user_jss.write(line)
self.logger.debug('User preferences were wrote successfully')
user_jss.close()
change_owner = 'chown ' + username + ':' + username + ' ' + path
self.execute(change_owner)
self.logger.debug('Preferences file owner is changed')
except Exception as e:
self.logger.error('A problem occurred while writing user profile: {0}'.format(str(e)))
# Remove global lock files to tell Firefox to load the user
installation_path_list = self.find_firefox_installation_path()
for installation_path in installation_path_list:
if installation_path is None:
self.logger.error('Firefox installation directory could not be found! Finishing task...')
return
self.silent_remove(str(installation_path) + self.mozilla_config_file)
self.silent_remove(str(installation_path) + self.local_settings_JS_path + self.local_settings_JS_file)
self.logger.debug('User profiles have been set successfully')
def write_to_global_profile(self):
firefox_installation_path_list = self.find_firefox_installation_path()
if firefox_installation_path_list is not None:
for firefox_installation_path in firefox_installation_path_list:
preferences = None
try:
preferences = json.loads(str(self.data))['preferences']
except Exception as e:
self.logger.error('Problem occurred while getting preferences. Error Message: {}'.format(str(e)))
mozilla_cfg = open(str(firefox_installation_path) + self.mozilla_config_file, 'w')
self.logger.debug('Mozilla configuration file is created for {0}'.format(firefox_installation_path))
# mozilla.cfg file must start with command
is_command_line_added = False
for pref in preferences:
if pref['value'].isdigit() or str(pref['value']) == 'false' or str(pref['value']) == 'true':
value = pref['value']
else:
value = '\"' + pref['value'] + '\"'
line = 'lockPref("' + str(pref['preferenceName']) + '",' + value + ');\n'
if not is_command_line_added:
mozilla_cfg.write("//mozilla.cfg must start with command.\n")
is_command_line_added = True
mozilla_cfg.write(line)
mozilla_cfg.close()
self.logger.debug('Preferences were wrote to Mozilla configuration file for {0}'.format(firefox_installation_path))
local_settings_path = str(firefox_installation_path) + self.local_settings_JS_path
if not self.is_exist(local_settings_path):
self.logger.debug('Firefox local setting path not found, it will be created')
self.create_directory(local_settings_path)
local_settings_js = open(local_settings_path + self.local_settings_JS_file, 'w')
local_settings_js.write(
'pref("general.config.obscure_value", 0);\npref("general.config.filename", "mozilla.cfg");\n')
local_settings_js.close()
self.logger.debug('Firefox local settings were configured {}'.format(firefox_installation_path))
def silent_remove(self, filename):
try:
if self.is_exist(filename):
self.delete_file(filename)
self.logger.debug('{0} removed successfully'.format(filename))
else:
self.logger.warning('{0} was tried to delete but not found.'.format(filename))
except Exception as e:
self.logger.error('Problem occurred while removing file {0}. Exception Message is: {1}'.format(filename, str(e)))
def find_user_preference_paths(self, user_name):
paths = []
firefox_path = '/home/' + user_name + '/.mozilla/firefox/'
if self.is_exist(firefox_path + 'profiles.ini'):
profile_ini_file = open(firefox_path + 'profiles.ini', 'r')
profile_ini_file_lines = profile_ini_file.readlines()
for line in profile_ini_file_lines:
if 'Path' in line:
paths.append(firefox_path + str(line.split('=')[1]).strip())
if len(paths) > 0:
self.logger.debug('User preferences path found successfully')
return paths
else:
self.logger.error('User preferences path not found')
def find_firefox_installation_path(self):
installation_path_list = []
if self.is_exist("/usr/lib/firefox-esr/"):
installation_path_list.append("/usr/lib/firefox-esr/")
if self.is_exist('/opt/firefox-esr/'):
installation_path_list.append('/opt/firefox-esr/')
if self.is_exist('/usr/lib/iceweasel/'):
installation_path_list.append('/usr/lib/iceweasel/')
if self.is_exist('/opt/firefox/'):
installation_path_list.append('/opt/firefox/')
if installation_path_list:
self.logger.info("Firefox installation paths list: "+str(installation_path_list))
return installation_path_list
else:
self.logger.error('Firefox installation path not found')
return None
def handle_policy(profile_data, context):
browser = Browser(profile_data, context)
browser.handle_policy()

27
src/plugins/conky/ask.py Normal file
View file

@ -0,0 +1,27 @@
#!/usr/bin/env python3
# -*- coding: utf-8 -*-
# Author: Volkan Şahin <volkansah.in> <bm.volkansahin@gmail.com>
# Author: Tuncay ÇOLAK <tuncay.colak@tubitak.gov.tr>
import sys
import easygui
def ask(content, title):
choice = easygui.buttonbox(msg=title, title=content, choices=['TAMAM'])
#choice = easygui.textbox(msg=title, text=content)
if choice:
print('Y')
else:
print('N')
if __name__ == '__main__':
if len(sys.argv) == 3:
try:
ask(sys.argv[1], sys.argv[2])
except Exception as e:
print(str(e))
else:
print('Argument fault. Check your parameters or content of parameters. Parameters: ' + str(sys.argv))

146
src/plugins/conky/execute_conky.py Normal file
View file

@ -0,0 +1,146 @@
#!/usr/bin/python3
# -*- coding: utf-8 -*-
# Author: Edip YILDIZ
from base.model.enum.content_type import ContentType
import json
from base.plugin.abstract_plugin import AbstractPlugin
class RunConkyCommand(AbstractPlugin):
def __init__(self, data, context):
super(AbstractPlugin, self).__init__()
self.data = data
self.context = context
self.logger = self.get_logger()
self.message_code = self.get_message_code()
self.conky_config_file_dir = '/etc/conky'
self.conky_config_global_autorun_file = '/etc/xdg/autostart/conky.desktop'
self.conky_config_file_path = self.conky_config_file_dir + '/conky.conf'
self.logger.debug('[Conky] Parameters were initialized.')
self.conky_autorun_content = '[Desktop Entry] \n' \
'Comment[tr]= \n' \
'Comment= \n' \
'Exec=conky_wp \n' \
'GenericName[tr]= \n' \
'GenericName= \n' \
'Icon=system-run \n' \
'MimeType= \n' \
'Name[tr]= \n' \
'Name= \n' \
'Path= \n' \
'StartupNotify=true \n' \
'Terminal=false \n' \
'TerminalOptions= \n' \
'Type=Application \n' \
'X-DBUS-ServiceName= \n' \
'X-DBUS-StartupType= \n' \
'X-KDE-SubstituteUID=false \n' \
'X-KDE-Username= \n'
self.conky_wrapper_file= '/usr/bin/conky_wp'
self.conky_wrapper_content = '#!/bin/bash \n' \
' killall conky \n' \
' sleep 5 \n' \
' /usr/bin/conky -q \n'
def remove_conky_message(self):
self.execute("killall conky")
if self.is_exist(self.conky_config_global_autorun_file) == True:
self.delete_file(self.conky_config_global_autorun_file)
self.context.create_response(code=self.message_code.TASK_PROCESSED.value,
message='Conky measajları kaldırıldı',
content_type=ContentType.APPLICATION_JSON.value)
def execute_conky(self, conky_message):
self.logger.debug("[CONKY] Executing conky.")
try:
if self.is_installed('conky') is False:
self.logger.info('[Conky] Could not found Conky. It will be installed')
self.logger.debug('[Conky] Conky installing with using apt-get')
self.install_with_apt_get('conky')
self.logger.info('[Conky] Could installed')
self.logger.debug('[Conky] Some processes found which names are conky. They will be killed.')
self.execute('killall conky')
except:
self.logger.error('[Conky] Conky install-kill problem.')
raise
if self.is_exist(self.conky_config_file_dir) == False:
self.logger.debug('[Conky] Creating directory for conky config at ' + self.conky_config_file_dir)
self.create_directory(self.conky_config_file_dir)
if self.is_exist(self.conky_config_file_path) == True:
self.logger.debug('[Conky] Old config file will be renamed.')
self.rename_file(self.conky_config_file_path, self.conky_config_file_path + '_old')
self.logger.debug('[Conky] Old config file will be renamed to ' + (self.conky_config_file_path + 'old'))
self.create_file(self.conky_config_file_path)
self.write_file(self.conky_config_file_path, conky_message)
self.logger.debug('[Conky] Config file was filled by context.')
# creating wrapper file if is not exist. wrapper for using conky command..its need for ETA
if self.is_exist(self.conky_wrapper_file) == False:
self.logger.debug('[Conky] Creating directory for conky wrapper file at ' + self.conky_wrapper_file)
self.create_file(self.conky_wrapper_file)
self.write_file(self.conky_wrapper_file,self.conky_wrapper_content)
if self.is_exist(self.conky_wrapper_file) == True:
self.execute('chmod +x ' + self.conky_wrapper_file)
# creating autorun file if is not exist
if self.is_exist(self.conky_config_global_autorun_file) == False:
self.logger.debug('[Conky] Creating directory for conky autorun file at ' + self.conky_config_global_autorun_file)
self.create_file(self.conky_config_global_autorun_file)
self.write_file(self.conky_config_global_autorun_file, self.conky_autorun_content)
users=self.Sessions.user_name()
for user in users:
user_display = self.Sessions.display(user)
if user_display is None:
self.logger.debug('[Conky] executing for display none for user '+ str(user))
self.execute('conky -q', result=False)
else :
self.logger.debug('[Conky] user display ' + str(user_display) +' user '+ str(user))
conky_cmd= 'su ' + str(user) + ' -c ' + ' "conky --display=' + str(user_display) + ' " '
self.logger.debug('[Conky] executing command: ' + str(conky_cmd))
self.execute(conky_cmd, result=False)
#self.execute('conky ', result=False)
self.context.create_response(code=self.message_code.TASK_PROCESSED.value,
message='Conky başarıyla oluşturuldu.',
data=json.dumps({'Result': conky_message}),
content_type=ContentType.APPLICATION_JSON.value)
def handle_task(self):
try:
conky_message = self.data['conkyMessage']
remove_conky_message = self.data['removeConkyMessage']
if remove_conky_message:
self.remove_conky_message()
else:
self.execute_conky(conky_message)
except Exception as e:
self.logger.error(" error on handle conky task. Error: " + str(e))
self.context.create_response(code=self.message_code.TASK_ERROR.value,
message='Conky mesajı olusturulurken hata oluştu:' + str(e),
content_type=ContentType.APPLICATION_JSON.value)
def handle_task(task, context):
cls = RunConkyCommand(task, context)
cls.handle_task()

135
src/plugins/conky/execute_xmessage.py Normal file
View file

@ -0,0 +1,135 @@
#!/usr/bin/python3
# -*- coding: utf-8 -*-
# Author: Edip YILDIZ
# Author: Tuncay ÇOLAK <tuncay.colak@tubitak.gov.tr>
from base.model.enum.content_type import ContentType
import json
from base.plugin.abstract_plugin import AbstractPlugin
import threading
class RunXMessageCommand(AbstractPlugin):
def __init__(self, data, context):
super(AbstractPlugin, self).__init__()
self.data = data
self.context = context
self.logger = self.get_logger()
self.message_code = self.get_message_code()
# self.xmessage_command= "su {0} -c 'export DISPLAY={1} && export XAUTHORITY=~{2}/.Xauthority && xmessage \"{3}\" ' "
self.custom_message_command = "su {0} -c 'export DISPLAY={1} && export XAUTHORITY=~{2}/.Xauthority && python3 /usr/share/ahenk/plugins/conky/ask.py \"LİDER AHENK BİLDİRİ\" \"{3}\" ' "
# command for ltsp
self.custom_message_command_ltsp = "su {0} -c 'export DISPLAY={1} && export XAUTHORITY=~{2}/.Xauthority && python3 /usr/share/ahenk/plugins/conky/ask.py \"LİDER AHENK\\\ BİLDİRİ \" \"{3}\" ' "
def execute_xmessage(self, message):
users = self.Sessions.user_name();
self.logger.debug('[XMessage] users : ' + str(users))
for user in users:
user_display = self.Sessions.display(user)
user_ip = self.Sessions.userip(user)
if user_display is None:
self.logger.debug('[XMessage] executing for display none for user ' + str(user))
else:
self.logger.debug('[XMessage] user display ' + str(user_display) + ' user ' + str(user))
if user_ip is None:
t = threading.Thread(
target=self.execute(self.custom_message_command.format(user, user_display, user, message)))
t.start()
else:
# message format for ltsp
self.logger.debug('user_ip: ' + str(user_ip) + ' user_display: ' + str(user_display))
message_list = []
message_parser = message.split(" ")
self.logger.debug('running parser:--->> ' + str(message_parser))
for msg in message_parser:
message = '\\\ ' + str(msg)
message_list.append(message)
self.logger.debug('message_list:--->> ' + str(message_list))
message = ''.join(str(x) for x in message_list)
self.logger.debug('message: ' + str(message))
t = threading.Thread(
target=self.execute(self.custom_message_command_ltsp.format(user, user_display, user, message),
ip=user_ip))
t.start()
self.context.create_response(code=self.message_code.TASK_PROCESSED.value,
message='İşlem başarıyla gerçekleştirildi.',
data=json.dumps({'Result': message}),
content_type=ContentType.APPLICATION_JSON.value)
def execute_user_message(self, selected_user, message):
users = self.Sessions.user_name();
self.logger.debug('[XMessage] users : ' + str(users))
for user in users:
if selected_user in user:
user_display = self.Sessions.display(user)
user_ip = self.Sessions.userip(user)
if user_display is None:
self.logger.debug('[XMessage] executing for display none for user ' + str(user))
else:
self.logger.debug('[XMessage] user display ' + str(user_display) + ' user ' + str(user))
if user_ip is None:
t = threading.Thread(target=self.execute(
self.custom_message_command.format(user, user_display, user, message)))
t.start()
#message format for ltsp
else:
self.logger.debug('user_ip: ' + str(user_ip) + ' user_display: ' + str(user_display))
message_list = []
message_parser = message.split(" ")
self.logger.debug('running parser:--->> ' + str(message_parser))
for msg in message_parser:
message = '\\\ ' + str(msg)
message_list.append(message)
self.logger.debug('message_list:--->> ' + str(message_list))
message = ''.join(str(x) for x in message_list)
self.logger.debug('message: ' + str(message))
t = threading.Thread(target=self.execute(
self.custom_message_command_ltsp.format(user, user_display, user, message), ip=user_ip))
t.start()
self.context.create_response(code=self.message_code.TASK_PROCESSED.value,
message='İşlem başarıyla gerçekleştirildi.',
data=json.dumps({'Result': message}),
content_type=ContentType.APPLICATION_JSON.value)
def handle_task(self):
try:
message = self.data['message']
self.logger.debug('[XMessage]: get message from lider: ' + str(message))
selected_user = None
if 'selected_user' in self.data:
selected_user = str(self.data['selected_user'])
self.logger.debug('[XMessage]: selected User: ' + str(selected_user))
self.execute_user_message(selected_user, message)
else:
self.execute_xmessage(message)
except Exception as e:
self.logger.error(" error on handle xmessage task. Error: " + str(e))
self.context.create_response(code=self.message_code.TASK_ERROR.value,
message='XMessage mesajı olusturulurken hata oluştu:' + str(e),
content_type=ContentType.APPLICATION_JSON.value)
def handle_task(task, context):
cls = RunXMessageCommand(task, context)
cls.handle_task()

16
src/plugins/conky/main.py Normal file
View file

@ -0,0 +1,16 @@
#!/usr/bin/env python3
# -*- coding: utf-8 -*-
def info():
inf = dict()
inf['name'] = 'conky'
inf['version'] = '1.0.0'
inf['support'] = 'debian'
inf['description'] = ''
inf['task'] = True
inf['user_oriented'] = True
inf['machine_oriented'] = True
inf['developer'] = 'bm.volkansahin@gmail.com'
return inf

155
src/plugins/conky/policy.py Normal file
View file

@ -0,0 +1,155 @@
# !/usr/bin/python
# -*- coding: utf-8 -*-
# Author: Volkan Şahin <volkansah.in> <bm.volkansahin@gmail.com>
import json
from base.plugin.abstract_plugin import AbstractPlugin
class Conky(AbstractPlugin):
def __init__(self, data, context):
super(Conky, self).__init__()
self.data = data
self.context = context
self.logger = self.get_logger()
self.machine_profile = True
self.conky_config_file_dir = '/etc/conky/'
self.conky_config_file_path = '/etc/conky/conky.conf'
self.command_autorun_conky = 'sleep 3;conky -d {0} -c {1}'
self.username = None
self.autostart_dir_path = '{0}.config/autostart/'
self.autorun_file_path = '{0}conky.desktop'
self.logger.debug('Parameters were initialized.')
def handle_policy(self):
try:
# Checking dependecies
if self.check_dependencies(['conky', 'conky-all']) is True:
self.logger.debug('Dependencies checked.')
else:
return
# Killing conky processes
self.logger.debug('Conky named processes will be killed.')
self.execute('killall -9 conky')
# Is user profile
if 'username' in self.context.data and self.context.get('username') is not None:
self.logger.debug('This is user profile, parameters reinitializing.')
self.username = self.context.get('username')
self.conky_config_file_dir = '{0}.conky/'.format(self.Sessions.user_home_path(self.username))
self.conky_config_file_path = '{0}conky.conf'.format(self.conky_config_file_dir)
self.machine_profile = False
# Creating/checking conky file dir and conky conf file
self.logger.debug('Conky file directory and configuration file is creating/checking')
if self.is_exist(self.conky_config_file_dir):
self.logger.debug('Old config file will be deleted.')
self.delete_file(self.conky_config_file_path)
else:
self.logger.debug(
'Creating directory for conky config at {0}'.format(self.conky_config_file_dir))
self.create_directory(self.conky_config_file_dir)
if self.create_file(self.conky_config_file_path):
self.logger.debug('Config file was created.')
self.write_file(self.conky_config_file_path, json.loads(self.data)['message'])
self.logger.debug('Config file was filled by context.')
else:
self.logger.error('A problen occurred while creating Conky configuration file.')
raise Exception('File {0} could not created.'.format(self.conky_config_file_path))
# Creating autorun
self.logger.debug('Creating autorun file...')
self.initialize_auto_run()
if self.machine_profile is False:
self.execute(
self.command_autorun_conky.format('--display=' + self.Sessions.display(self.username),
self.conky_config_file_path),
as_user=self.username, result=False)
self.execute('chown -hR ' + self.username + ':' + self.username + ' ' + self.conky_config_file_dir)
self.logger.debug('Owner of Conky config file was changed.')
else:
self.execute(self.command_autorun_conky.format('', self.conky_config_file_path), result=False)
self.logger.debug('Autorun command executed successfully')
self.context.create_response(code=self.get_message_code().POLICY_PROCESSED.value,
message='Conky politikası başarıyla çalıştırıldı.')
except Exception as e:
self.logger.error(
'A problem occurred while handling Conky policy. Error Message: {}'.format(str(e)))
self.context.create_response(code=self.get_message_code().POLICY_ERROR.value,
message='Conky politikası uygulanırken bir hata oluştu.')
def check_dependencies(self, packages):
self.logger.debug('Checking dependencies')
for package in packages:
if self.is_installed(package) is False:
self.logger.debug('Could not found {0}. It will be installed'.format(package))
result_code, p_out, p_err = self.install_with_apt_get(package)
if result_code == 0:
self.logger.debug('{0} installed successfully'.format(package))
else:
self.logger.error(
'A problem occurred while installing {0} package. Error Message: {1}'.format(package,
str(
p_err)))
self.context.create_response(code=self.get_message_code().POLICY_ERROR.value,
message='Bağımlılıklardan {0} paketi kurulurken hata oluştu.')
return False
return True
def initialize_auto_run(self):
if self.machine_profile is True:
self.logger.debug('All users conky configuration files will be removed because of machine profile')
if self.Sessions.user_name() is not None and len(self.Sessions.user_name()) > 0:
for username in self.Sessions.user_name():
self.logger.debug(
'Removing conf file of user {0}'.format(username))
self.delete_file(
self.autorun_file_path.format(
self.autostart_dir_path.format(self.Sessions.user_home_path(username))))
else:
self.logger.debug(
'There are no user')
else:
home_path = self.Sessions.user_home_path(self.username)
self.logger.debug(
'Creating autorun file for user {0}'.format(self.username))
self.create_autorun_file(self.autostart_dir_path.format(home_path),
self.conky_config_file_path,
self.autorun_file_path.format(self.autostart_dir_path.format(home_path)))
self.logger.debug(
'Autorun created')
def create_autorun_file(self, autostart_path, conky_config_file_path, autorun_file_path):
if not self.is_exist(autostart_path):
self.logger.debug(
'Creating file: {0}'.format(autostart_path))
self.create_directory(autostart_path)
file_content = '[Desktop Entry]\n' \
'Encoding=UTF-8 \n' \
'Type=Application \n' \
'Name=Conky \n' \
'Comment=Conky Monitor \n' \
'Exec=conky -d -c ' + conky_config_file_path + '\n' \
'StartupNotify=false \n' \
'Terminal=false \n'
self.logger.debug(
'Writing content to autorun file.')
self.write_file(autorun_file_path, file_content, 'w')
def handle_policy(profile_data, context):
plugin = Conky(profile_data, context)
plugin.handle_policy()

119
src/plugins/disk-quota/api/disk_quota.py Normal file
View file

@ -0,0 +1,119 @@
#!/usr/bin/python3
# -*- coding: utf-8 -*-
# Author:Mine DOGAN <mine.dogan@agem.com.tr>
import json
import os
import sys
from base.plugin.abstract_plugin import AbstractPlugin
sys.path.append(os.path.abspath(os.path.join(os.path.dirname(__file__))))
from fstab import Fstab
class DiskQuota(AbstractPlugin):
def __init__(self, data, context):
super(AbstractPlugin, self).__init__()
self.data = data
self.context = context
self.logger = self.get_logger()
self.message_code = self.get_message_code()
self.username = self.context.get('username')
self.mount = 'mount -o remount /home'
self.quotacheck = 'quotacheck -cfmvF vfsv0 /home'
self.quotaon_all = 'quotaon --all'
self.quotaon_avug = 'quotaon -avug'
self.set_quota = 'setquota -u {0} {1} {2} 0 0 /home'
self.get_quota = 'quota -u {0} | awk \'{{print $4}}\' | tail -1'
self.parameters = json.loads(self.data)
self.soft_quota = str(int(self.parameters['soft-quota']) * 1024)
self.hard_quota = str(int(self.parameters['hard-quota']) * 1024)
self.default_quota = str(int(self.parameters['default-quota']) * 1024)
self.old_quota = None
self.logger.debug('Parameters were initialized.')
def handle_policy(self):
self.logger.debug('Policy handling...')
try:
if 'username' in self.context.data and self.context.get('username') is not None:
self.logger.debug('This is user profile, parameters reinitializing.')
self.username = self.context.get('username')
self.old_quota = self.execute(self.get_quota.format(self.username))[1]
# Check fstab & append 'usrquota' option if not exists
# fs = Fstab()
# fs.read('/etc/fstab')
# fstab_entries = []
# fslines = fs.lines
# for line in fslines:
# if line.has_filesystem() and 'usrquota' not in line.options:
# if line.dict['directory'] == '/' or line.dict['directory'] == '/home/':
# self.logger.debug('Appending \'usrquota\' option to {}'.format(line.dict['directory']))
# line.options += ['usrquota']
# fstab_entries.append(line.dict['directory'])
# fs.write('/etc/fstab')
# Re-mount necessary fstab entries
# for entry in fstab_entries:
# self.execute(self.mount.format(entry))
# self.logger.debug('Remounting fstab entry {}'.format(entry))
self.execute(self.quotacheck)
self.logger.debug('{}'.format(self.quotacheck))
self.execute(self.quotaon_all)
self.logger.debug('{}'.format(self.quotaon_all))
self.execute(self.quotaon_avug)
self.logger.debug('{}'.format(self.quotaon_avug))
self.execute(self.set_quota.format(self.username, self.soft_quota, self.hard_quota))
self.logger.debug(
'Set soft and hard quota. Username: {0}, Soft Quota: {1}, Hard Quota: {2}'.format(self.username,
self.soft_quota,
self.hard_quota))
self.create_default_quota_file()
result = dict()
if self.context.is_mail_send():
mail_content = self.context.get_mail_content()
if mail_content.__contains__('{ahenk-ip}'):
mail_content = str(mail_content).replace('{ahenk-ip}', ' {0} IP\'li Ahenk\'teki yeni'.format(
str(self.Hardware.ip_addresses())))
if mail_content.__contains__('{old-quota}'):
mail_content = str(mail_content).replace('{old-quota}',
' Eski kota değeri {0} MB olan'.format(
str(int(self.old_quota) / 1024)))
if mail_content.__contains__('{soft-quota}'):
mail_content = str(mail_content).replace('{soft-quota}', str(int(self.soft_quota) / 1024) + ' MB')
if mail_content.__contains__('{hard-quota}'):
mail_content = str(mail_content).replace('{hard-quota}', str(int(self.hard_quota) / 1024) + ' MB')
if mail_content.__contains__('{default-quota}'):
mail_content = str(mail_content).replace('{default-quota}',
str(int(self.default_quota)/1024) + ' MB')
self.context.set_mail_content(mail_content)
result['mail_content'] = str(self.context.get_mail_content())
result['mail_subject'] = str(self.context.get_mail_subject())
result['mail_send'] = self.context.is_mail_send()
self.context.create_response(code=self.get_message_code().POLICY_PROCESSED.value,
data=json.dumps(result),
message='Kotalar başarıyla güncellendi.',
content_type=self.get_content_type().APPLICATION_JSON.value)
except Exception as e:
self.logger.error('[DiskQuota] A problem occurred while handling browser profile: {0}'.format(str(e)))
self.context.create_response(code=self.get_message_code().POLICY_ERROR.value,
message='Disk Quota profili uygulanırken bir hata oluştu.')
def create_default_quota_file(self):
self.write_file('default_quota', self.default_quota)

91
src/plugins/disk-quota/api/disk_quota_ltsp.py Normal file
View file

@ -0,0 +1,91 @@
#!/usr/bin/python3
# -*- coding: utf-8 -*-
# Author:Mine DOGAN <mine.dogan@agem.com.tr>
import json
import os
import sys
from base.plugin.abstract_plugin import AbstractPlugin
sys.path.append(os.path.abspath(os.path.join(os.path.dirname(__file__))))
class DiskQuota(AbstractPlugin):
def __init__(self, data, context):
super(AbstractPlugin, self).__init__()
self.data = data
self.context = context
self.logger = self.get_logger()
self.message_code = self.get_message_code()
self.username = self.context.get('username')
self.mount = 'mount -o remount {}'
self.quotaon_all = 'quotaon --all'
self.quotaon_avug = 'quotaon -avug'
#self.set_quota = 'setquota --always-resolve -u {0} {1} {2} 0 0 --all'
self.set_quota = 'quotatool -u {0} -b -q {1} -l {2} /home'
#self.get_quota = 'quota -u {0} | awk \'{{print $4}}\' | tail -1'
self.get_quota = 'repquota /home | grep {0} | awk \'{{print $5}}\''
self.parameters = json.loads(self.data)
self.soft_quota = str(int(self.parameters['soft-quota']) * 1024)
self.hard_quota = str(int(self.parameters['hard-quota']) * 1024)
self.default_quota = str(int(self.parameters['default-quota']) * 1024)
self.old_quota = None
self.logger.debug('Parameters were initialized.')
def handle_policy(self):
self.logger.debug('Policy handling...')
try:
self.username = self.context.get('username')
self.old_quota = self.execute(self.get_quota.format(self.username))[1]
self.execute(self.set_quota.format(self.username, self.soft_quota, self.hard_quota))
self.logger.debug(
'Set soft and hard quota. Username: {0}, Soft Quota: {1}, Hard Quota: {2}'.format(self.username,
self.soft_quota,
self.hard_quota))
self.create_default_quota_file()
result = dict()
if self.context.is_mail_send():
mail_content = self.context.get_mail_content()
if mail_content.__contains__('{ahenk-ip}'):
mail_content = str(mail_content).replace('{ahenk-ip}', ' {0} IP\'li Ahenk\'teki yeni'.format(
str(self.Hardware.ip_addresses())))
if mail_content.__contains__('{old-quota}'):
mail_content = str(mail_content).replace('{old-quota}',
' Mevcut kota değeri {0} MB olan'.format(str(int(self.old_quota)/1024)))
if mail_content.__contains__('{soft-quota}'):
mail_content = str(mail_content).replace('{soft-quota}',str(int(self.soft_quota)/1024)+' MB')
if mail_content.__contains__('{hard-quota}'):
mail_content = str(mail_content).replace('{hard-quota}', str(int(self.hard_quota)/1024)+' MB')
if mail_content.__contains__('{default-quota}'):
mail_content = str(mail_content).replace('{default-quota}', str(int(self.default_quota)/1024)+' MB')
self.context.set_mail_content(mail_content)
result['mail_content'] = str(self.context.get_mail_content())
result['mail_subject'] = str(self.context.get_mail_subject())
result['mail_send'] = self.context.is_mail_send()
self.context.create_response(code=self.get_message_code().POLICY_PROCESSED.value,
data=json.dumps(result),
message='Kotalar başarıyla güncellendi.',
content_type=self.get_content_type().APPLICATION_JSON.value)
except Exception as e:
self.logger.error('[DiskQuota] A problem occurred while handling browser profile: {0}'.format(str(e)))
self.context.create_response(code=self.get_message_code().POLICY_ERROR.value,
message='Disk Quota profili uygulanırken bir hata oluştu.')
def create_default_quota_file(self):
self.write_file('default_quota', self.default_quota)

86
src/plugins/disk-quota/fstab.py Normal file
View file

@ -0,0 +1,86 @@
import os
import sys
import tempfile
sys.path.append(os.path.abspath(os.path.join(os.path.dirname(__file__))))
from line import Line
class Fstab(object):
"""An /etc/fstab file."""
def __init__(self):
self.lines = []
def open_file(self, filespec, mode):
if isinstance(filespec, str):
return open(filespec, mode=mode)
else:
return filespec
def close_file(self, f, filespec):
if isinstance(filespec, str):
f.close()
def get_perms(self, filename):
return os.stat(filename).st_mode # pragma: no cover
def chmod_file(self, filename, mode):
os.chmod(filename, mode) # pragma: no cover
def link_file(self, oldname, newname):
if os.path.exists(newname):
os.remove(newname)
os.link(oldname, newname)
def rename_file(self, oldname, newname):
os.rename(oldname, newname) # pragma: no cover
def read(self, filespec):
"""Read in a new file.
If filespec is a string, it is used as a filename. Otherwise
it is used as an open file.
The existing content is replaced.
"""
f = self.open_file(filespec, "r")
lines = []
for line in f:
lines.append(Line(line))
self.lines = lines
self.close_file(filespec, f)
def write(self, filespec):
"""Write out a new file.
If filespec is a string, it is used as a filename. Otherwise
it is used as an open file.
"""
if isinstance(filespec, str):
# We create the temporary file in the directory (/etc) that the
# file exists in. This is so that we can do an atomic rename
# later, and that only works inside one filesystem. Some systems
# have /tmp and /etc on different filesystems, for good reasons,
# and we need to support that.
dirname = os.path.dirname(filespec)
prefix = os.path.basename(filespec) + "."
fd, tempname = tempfile.mkstemp(dir=dirname, prefix=prefix)
os.close(fd)
else:
tempname = filespec
f = self.open_file(tempname, "w")
for line in self.lines:
f.write(line.raw)
self.close_file(filespec, f)
if isinstance(filespec, str):
self.chmod_file(tempname, self.get_perms(filespec))
self.link_file(filespec, filespec + ".bak")
self.rename_file(tempname, filespec)

57
src/plugins/disk-quota/get_quota.py Normal file
View file

@ -0,0 +1,57 @@
#!/usr/bin/python3
# -*- coding: utf-8 -*-
# Author:Mine DOGAN <mine.dogan@agem.com.tr>
import json
from base.plugin.abstract_plugin import AbstractPlugin
class GetQuota(AbstractPlugin):
def __init__(self, task, context):
super(AbstractPlugin, self).__init__()
self.task = task
self.context = context
self.logger = self.get_logger()
self.message_code = self.get_message_code()
self.get_quota = 'repquota /home | tail -n +6 | awk \'{print $1,$4,$5,$3}\''
self.logger.debug('Parameters were initialized.')
def handle_task(self):
try:
result_code, p_out, p_err = self.execute(self.get_quota)
user_list = []
lines = str(p_out).split('\n')
for line in lines:
detail = line.split(' ')
if str(detail[0]).strip() is not None and str(detail[0]).strip() != '':
user = {'user': str(detail[0]).strip(), 'soft_quota': str(detail[1]).strip(),
'hard_quota': str(detail[2]).strip(), 'disk_usage': str(detail[3]).strip()}
user_list.append(user)
self.logger.debug(
'user: {0}, soft_quota: {1}, hard_quota: {2}, disk_usage: {3}'
.format(str(detail[0]).strip(), str(detail[1]).strip(), str(detail[2]).strip(),
str(detail[3]).strip()))
self.logger.info('DISK-QUOTA task is handled successfully')
self.context.create_response(code=self.message_code.TASK_PROCESSED.value,
message='Kota bilgileri başarıyla alındı.',
data=json.dumps({'users': user_list}),
content_type=self.get_content_type().APPLICATION_JSON.value)
except Exception as e:
self.logger.error('A problem occured while handling DISK-QUOTA task: {0}'.format(str(e)))
self.context.create_response(code=self.message_code.TASK_ERROR.value,
message='DISK-QUOTA görevi uygulanırken bir hata oluştu.')
def handle_task(task, context):
gq = GetQuota(task, context)
gq.handle_task()

24
src/plugins/disk-quota/init.py Normal file
View file

@ -0,0 +1,24 @@
#!/usr/bin/python3
# -*- coding: utf-8 -*-
# Author:Mine DOGAN <mine.dogan@agem.com.tr>
from base.plugin.abstract_plugin import AbstractPlugin
class Init(AbstractPlugin):
def __init__(self, context):
super(Init, self).__init__()
self.context = context
self.logger = self.get_logger()
self.logger.debug('Parameters were initialized.')
def handle_init_mode(self):
if self.is_installed('quota') is False:
self.logger.debug('Installing quota with apt-get...')
self.install_with_apt_get('quota')
def handle_mode(context):
init = Init(context)
init.handle_init_mode()

104
src/plugins/disk-quota/line.py Normal file
View file

@ -0,0 +1,104 @@
import re
class Line(object):
"""A line in an /etc/fstab line.
Lines may or may not have a filesystem specification in them. The
has_filesystem method tells the user whether they do or not; if they
do, the attributes device, directory, fstype, options, dump, and
fsck contain the values of the corresponding fields, as instances of
the sub-classes of the LinePart class. For non-filesystem lines,
the attributes have the None value.
Lines may or may not be syntactically correct. If they are not,
they are treated as as non-filesystem lines.
"""
# Lines split this way to shut up coverage.py.
attrs = ("ws1", "device", "ws2", "directory", "ws3", "fstype")
attrs += ("ws4", "options", "ws5", "dump", "ws6", "fsck", "ws7")
def __init__(self, raw):
self.dict = {}
self.raw = raw
def __getattr__(self, name):
if name in self.dict:
return self.dict[name]
else:
raise AttributeError(name)
def __setattr__(self, name, value):
forbidden = ("dict", "dump", "fsck", "options")
if name not in forbidden and name in self.dict:
if self.dict[name] is None:
raise Exception("Cannot set attribute %s when line dies not "
"contain filesystem specification" % name)
self.dict[name] = value
else:
object.__setattr__(self, name, value)
def get_dump(self):
return int(self.dict["dump"])
def set_dump(self, value):
self.dict["dump"] = str(value)
dump = property(get_dump, set_dump)
def get_fsck(self):
return int(self.dict["fsck"])
def set_fsck(self, value):
self.dict["fsck"] = str(value)
fsck = property(get_fsck, set_fsck)
def get_options(self):
return self.dict["options"].split(",")
def set_options(self, list):
self.dict["options"] = ",".join(list)
options = property(get_options, set_options)
def set_raw(self, raw):
match = False
if raw.strip() != "" and not raw.strip().startswith("#"):
pat = r"^(?P<ws1>\s*)"
pat += r"(?P<device>\S*)"
pat += r"(?P<ws2>\s+)"
pat += r"(?P<directory>\S+)"
pat += r"(?P<ws3>\s+)"
pat += r"(?P<fstype>\S+)"
pat += r"(?P<ws4>\s+)"
pat += r"(?P<options>\S+)"
pat += r"(?P<ws5>\s+)"
pat += r"(?P<dump>\d+)"
pat += r"(?P<ws6>\s+)"
pat += r"(?P<fsck>\d+)"
pat += r"(?P<ws7>\s*)$"
match = re.match(pat, raw)
if match:
self.dict.update((attr, match.group(attr)) for attr in self.attrs)
if not match:
self.dict.update((attr, None) for attr in self.attrs)
self.dict["raw"] = raw
def get_raw(self):
if self.has_filesystem():
return "".join(self.dict[attr] for attr in self.attrs)
else:
return self.dict["raw"]
raw = property(get_raw, set_raw)
def has_filesystem(self):
"""Does this line have a filesystem specification?"""
return self.device is not None

16
src/plugins/disk-quota/main.py Normal file
View file

@ -0,0 +1,16 @@
#!/usr/bin/python3
# -*- coding: utf-8 -*-
def info():
inf = dict()
inf['name'] = 'disk-quota'
inf['version'] = '1.0.0'
inf['support'] = 'debian'
inf['description'] = 'Disk-Quota plugin provides to get current soft - hard quota and changing them.'
inf['task'] = True
inf['user_oriented'] = True
inf['machine_oriented'] = False
inf['developer'] = 'mine.dogan@agem.com.tr'
return inf

18
src/plugins/disk-quota/policy.py Normal file
View file

@ -0,0 +1,18 @@
#!/usr/bin/python3
# -*- coding: utf-8 -*-
# Author:Mine DOGAN <mine.dogan@agem.com.tr>
import json
import os
import sys
from base.plugin.abstract_plugin import AbstractPlugin
sys.path.append(os.path.abspath(os.path.join(os.path.dirname(__file__))))
from fstab import Fstab
from api.disk_quota import DiskQuota
def handle_policy(profile_data, context):
dq = DiskQuota(profile_data, context)
dq.handle_policy()

68
src/plugins/disk-quota/safe.py Normal file
View file

@ -0,0 +1,68 @@
#!/usr/bin/python3
# -*- coding: utf-8 -*-
import os
import sys
from base.plugin.abstract_plugin import AbstractPlugin
sys.path.append(os.path.abspath(os.path.join(os.path.dirname(__file__))))
from fstab import Fstab
class Safe(AbstractPlugin):
def __init__(self, context):
super(Safe, self).__init__()
self.context = context
self.username = str(context.get_username())
self.mount = 'mount -o remount /home'
self.quotacheck = 'quotacheck -cfmvF vfsv0 /home'
self.quotaon_all = 'quotaon --all'
self.quotaon_avug = 'quotaon -avug'
self.set_quota = 'setquota -u {0} {1} {2} 0 0 /home'
self.logger = self.get_logger()
def handle_safe_mode(self):
if self.is_exist('default_quota'):
quota_size = self.read_file('default_quota')
try:
# Check fstab & append 'usrquota' option if not exists
#fs = Fstab()
#fs.read('/etc/fstab')
#fstab_entries = []
#fslines = fs.lines
#for line in fslines:'
# if line.has_filesystem() and 'usrquota' not in line.options:
# if line.dict['directory'] == '/' or line.dict['directory'] == '/home/':
# self.logger.debug('Appending \'usrquota\' option to {}'.format(line.dict['directory']))
# line.options += ['usrquota']
# fstab_entries.append(line.dict['directory'])
#fs.write('/etc/fstab')#
# Re-mount necessary fstab entries
#for entry in fstab_entries:
# self.execute(self.mount.format(entry))
# self.logger.debug('Remounting fstab entry {}'.format(entry))
self.execute(self.quotacheck)
self.logger.debug('{}'.format(self.quotacheck))
self.execute(self.quotaon_all)
self.logger.debug('{}'.format(self.quotaon_all))
self.execute(self.quotaon_avug)
self.logger.debug('{}'.format(self.quotaon_avug))
self.execute(self.set_quota.format(self.username, quota_size, quota_size))
self.logger.debug(
'Set soft and hard quota. Username: {0}, Soft Quota: {1}, Hard Quota: {2}'.format(self.username,quota_size,quota_size))
except Exception as e:
self.logger.error('[DiskQuota] A problem occurred while handling browser profile: {0}'.format(str(e)))
def handle_mode(context):
safe = Safe(context)
safe.handle_safe_mode()

43
src/plugins/file-management/get_file_content.py Normal file
View file

@ -0,0 +1,43 @@
#!/usr/bin/python
# -*- coding: utf-8 -*-
# Author: Hasan Kara <hasan.kara@pardus.org.tr>
from base.plugin.abstract_plugin import AbstractPlugin
import json
class GetFileContent(AbstractPlugin):
def __init__(self, data, context):
super(AbstractPlugin, self).__init__()
self.data = data
self.context = context
self.logger = self.get_logger()
self.message_code = self.get_message_code()
def handle_task(self):
try:
file_path = self.data['file-path']
file_content = ""
is_file_exists = False
if self.is_exist(file_path):
self.logger.info("File exists: " + file_path)
is_file_exists = True
file_content = self.read_file(file_path)
self.context.create_response(code=self.message_code.TASK_PROCESSED.value,
message='Dosya içeriği başarıyla alındı..',
data=json.dumps({'file_exists': is_file_exists, 'file_content': file_content}),
content_type=self.get_content_type().APPLICATION_JSON.value)
else:
self.context.create_response(code=self.message_code.TASK_PROCESSED.value,
message='Dosya bulunamadı..',
content_type=self.get_content_type().APPLICATION_JSON.value)
except Exception as e:
self.logger.error(str(e))
self.context.create_response(code=self.message_code.TASK_ERROR.value,
message='Dosya içeriği alınırken hata oluştu: {0}'.format(str(e)))
def handle_task(task, context):
plugin = GetFileContent(task, context)
plugin.handle_task()

16
src/plugins/file-management/main.py Normal file
View file

@ -0,0 +1,16 @@
#!/usr/bin/python3
# -*- coding: utf-8 -*-
def info():
inf = dict()
inf['name'] = 'file-management'
inf['version'] = '1.0.0'
inf['support'] = 'debian'
inf['description'] = ''
inf['task'] = True
inf['user_oriented'] = False
inf['machine_oriented'] = False
inf['developer'] = ''
return inf

46
src/plugins/file-management/write_to_file.py Normal file
View file

@ -0,0 +1,46 @@
#!/usr/bin/python
# -*- coding: utf-8 -*-
# Author: Hasan Kara <hasan.kara@pardus.org.tr>
from base.plugin.abstract_plugin import AbstractPlugin
class WriteToFile(AbstractPlugin):
def __init__(self, data, context):
super(AbstractPlugin, self).__init__()
self.data = data
self.context = context
self.logger = self.get_logger()
self.message_code = self.get_message_code()
def handle_task(self):
try:
file_path = self.data['file-path']
file_content = self.data['file-content']
if self.is_exist(file_path):
self.write_file(file_path, file_content)
else:
path_str = ""
for idx, folder in enumerate(file_path.split("/")):
if idx != len(file_path.split("/")) - 1:
path_str += folder + "/"
(result_code, p_out, p_err) = self.execute("mkdir -p /" + path_str)
if result_code == 0:
self.logger.error('Folders are created')
else:
self.logger.error('Error occured while creating folders.')
self.write_file(file_path, file_content)
self.context.create_response(code=self.message_code.TASK_PROCESSED.value,
message='İçerik dosyaya başarıyla yazıldı..',
content_type=self.get_content_type().APPLICATION_JSON.value)
except Exception as e:
self.logger.error(str(e))
self.context.create_response(code=self.message_code.TASK_ERROR.value,
message='İçerik dosyaya yazılırken hata oluştu: {0}'.format(str(e)))
def handle_task(task, context):
plugin = WriteToFile(task, context)
plugin.handle_task()

70
src/plugins/ldap-login/execute_ad_login.py Normal file
View file

@ -0,0 +1,70 @@
#!/usr/bin/python3
# -*- coding: utf-8 -*-
# Author: Tuncay ÇOLAK<tuncay.colak@tubitak.gov.tr>
# Active Directory authentication task
import configparser
from base.plugin.abstract_plugin import AbstractPlugin
from base.registration.execute_sssd_ad_authentication import ExecuteSSSDAdAuthentication
from base.registration.registration import Registration
class ADLogin(AbstractPlugin):
def __init__(self, data, context):
super(AbstractPlugin, self).__init__()
self.data = data
self.context = context
self.logger = self.get_logger()
self.message_code = self.get_message_code()
self.ad_authentication = ExecuteSSSDAdAuthentication()
self.registration = Registration()
self.config = configparser.ConfigParser()
self.ahenk_conf_path = "/etc/ahenk/ahenk.conf"
def handle_task(self):
try:
domain_name = self.data['domain_name']
hostname = self.data['hostname']
ip_address = self.data['ip_address']
ad_username = self.data['ad_username']
admin_password = self.data['admin_password']
ad_port = self.data['ad_port']
disabled_local_user = self.data['disableLocalUser']
execution_result = self.ad_authentication.authenticate(domain_name, hostname, ip_address, admin_password, ad_username)
if execution_result is False:
self.context.create_response(code=self.message_code.TASK_ERROR.value,
message='Active Directory kullanıcısı ile oturum açma ayarlanırken hata oluştu.: Gerekli Paketleri indirilemedi.',
content_type=self.get_content_type().APPLICATION_JSON.value)
else:
# if get disabled_local_user TRUE set user_disabled in ahenk.conf. disabled local users then client reboot
self.config.read(self.ahenk_conf_path)
if disabled_local_user is True:
# self.registration.disable_local_users()
config = configparser.ConfigParser()
config.read(self.ahenk_conf_path)
config.set('MACHINE', 'user_disabled', 'true')
with open(self.ahenk_conf_path, 'w') as configfile:
self.logger.info('Opening config file ')
config.write(configfile)
configfile.close()
self.logger.info('User disabled value Disabled')
else:
self.logger.info("local users will not be disabled because local_user parameter is FALSE")
self.shutdown()
self.context.create_response(code=self.message_code.TASK_PROCESSED.value,
message='Active Directory kullanıcısı ile oturum açma başarı ile sağlandı ve istemci yeniden başlatılıyor.',
content_type=self.get_content_type().APPLICATION_JSON.value)
except Exception as e:
self.logger.error(str(e))
self.context.create_response(code=self.message_code.TASK_ERROR.value,
message='Active Directory kullanıcısı ile oturum açma ayarlanırken hata oluştu.: {0}'.format(str(e)))
def handle_task(task, context):
plugin = ADLogin(task, context)
plugin.handle_task()

67
src/plugins/ldap-login/execute_cancel_ldap_login.py Normal file
View file

@ -0,0 +1,67 @@
#!/usr/bin/python3
# -*- coding: utf-8 -*-
# Author: Hasan Kara <h.kara27@gmail.com>
# Author: Tuncay ÇOLAK<tuncay.colak@tubitak.gov.tr>
# Cancel AD or OpenLDAP authentication task
import configparser
from base.plugin.abstract_plugin import AbstractPlugin
from base.registration.execute_cancel_ldap_login import ExecuteCancelLDAPLogin
from base.registration.execute_cancel_sssd_authentication import ExecuteCancelSSSDAuthentication
from base.registration.execute_cancel_sssd_ad_authentication import ExecuteCancelSSSDAdAuthentication
from base.registration.registration import Registration
class CancelLDAPLogin(AbstractPlugin):
def __init__(self, data, context):
super(AbstractPlugin, self).__init__()
self.data = data
self.context = context
self.logger = self.get_logger()
self.message_code = self.get_message_code()
self.ldap_login = ExecuteCancelLDAPLogin()
self.sssd_authentication = ExecuteCancelSSSDAuthentication()
self.ad_authentication = ExecuteCancelSSSDAdAuthentication()
self.registration = Registration()
self.config = configparser.ConfigParser()
self.ahenk_conf_path = "/etc/ahenk/ahenk.conf"
def handle_task(self):
directory_type = "LDAP"
try:
if self.is_exist("/etc/ahenk/ad_info"):
directory_type = "AD"
if directory_type == "LDAP":
self.sssd_authentication.cancel()
else:
self.ad_authentication.cancel()
self.config.read(self.ahenk_conf_path)
if self.config.has_section('MACHINE'):
user_disabled = self.config.get("MACHINE", "user_disabled")
self.logger.info('User disabled value:' + str(user_disabled))
if user_disabled != 'false':
self.logger.info('Enable Users')
self.registration.enable_local_users()
self.config.set('MACHINE', 'user_disabled', 'false')
with open(self.ahenk_conf_path, 'w') as configfile:
self.logger.info('Opening config file ')
self.config.write(configfile)
self.logger.info('User disabled value FALSE')
configfile.close()
else:
self.logger.info('Local users already enabled')
self.context.create_response(code=self.message_code.TASK_PROCESSED.value,
message='{0} kullanıcısı ile oturum açabilme başarıyla iptal edildi.'.format(directory_type),
content_type=self.get_content_type().APPLICATION_JSON.value)
except Exception as e:
self.logger.error(str(e))
self.context.create_response(code=self.message_code.TASK_ERROR.value,
message='{0} kullanıcısı ile oturum açabilme iptal edilirken hata oluştu.: {1}'.format(directory_type, str(e)))
def handle_task(task, context):
plugin = CancelLDAPLogin(task, context)
plugin.handle_task()

69
src/plugins/ldap-login/execute_ldap_login.py Normal file
View file

@ -0,0 +1,69 @@
#!/usr/bin/python3
# -*- coding: utf-8 -*-
# Author: Hasan Kara <h.kara27@gmail.com>
import configparser
from base.plugin.abstract_plugin import AbstractPlugin
from base.registration.execute_ldap_login import ExecuteLDAPLogin
from base.registration.execute_sssd_authentication import ExecuteSSSDAuthentication
from base.registration.registration import Registration
class LDAPLogin(AbstractPlugin):
def __init__(self, data, context):
super(AbstractPlugin, self).__init__()
self.data = data
self.context = context
self.logger = self.get_logger()
self.message_code = self.get_message_code()
self.ldap_login = ExecuteLDAPLogin()
self.sssd_authentication = ExecuteSSSDAuthentication()
self.config = configparser.ConfigParser()
self.registration = Registration()
self.ahenk_conf_path = "/etc/ahenk/ahenk.conf"
def handle_task(self):
try:
server_address = self.data['server-address']
dn = self.data['dn']
# version = self.data['version']
admin_dn = self.data['admin-dn']
admin_password = self.data['admin-password']
disabled_local_user = self.data['disableLocalUser']
execution_result = self.sssd_authentication.authenticate(server_address, dn, admin_dn, admin_password)
if execution_result is False:
self.context.create_response(code=self.message_code.TASK_ERROR.value,
message='LDAP kullanıcısı ile oturum açma ayarlanırken hata oluştu.: SSSD Paketleri indirilemedi.',
content_type=self.get_content_type().APPLICATION_JSON.value)
else:
# if get disabled_local_user TRUE set user_disabled in ahenk.conf. disabled local users then client reboot
self.config.read(self.ahenk_conf_path)
if disabled_local_user is True:
# self.registration.disable_local_users()
config = configparser.ConfigParser()
config.read(self.ahenk_conf_path)
config.set('MACHINE', 'user_disabled', 'true')
with open(self.ahenk_conf_path, 'w') as configfile:
self.logger.info('Opening config file ')
config.write(configfile)
configfile.close()
self.logger.info('User disabled value Disabled')
else:
self.logger.info("local users will not be disabled because local_user parameter is FALSE")
self.shutdown()
self.context.create_response(code=self.message_code.TASK_PROCESSED.value,
message='LDAP kullanıcısı ile oturum açma başarı ile sağlandı ve istemci yeniden başlatılıyor.',
content_type=self.get_content_type().APPLICATION_JSON.value)
except Exception as e:
self.logger.error(str(e))
self.context.create_response(code=self.message_code.TASK_ERROR.value,
message='LDAP kullanıcısı ile oturum açma ayarlanırken hata oluştu.: {0}'.format(str(e)))
def handle_task(task, context):
plugin = LDAPLogin(task, context)
plugin.handle_task()

20
src/plugins/ldap-login/init.py Normal file
View file

@ -0,0 +1,20 @@
#!/usr/bin/python3
# -*- coding: utf-8 -*-
from base.plugin.abstract_plugin import AbstractPlugin
class Init(AbstractPlugin):
def __init__(self, context):
super(Init, self).__init__()
self.context = context
self.logger = self.get_logger()
def handle_mode(self):
# TODO Do what do you want to do!
pass
def handle_mode(context):
init = Init(context)
init.handle_mode()

15
src/plugins/ldap-login/main.py Normal file
View file

@ -0,0 +1,15 @@
#!/usr/bin/python3
# -*- coding: utf-8 -*-
def info():
inf = dict()
inf['name'] = 'ldap-login'
inf['version'] = '1.0.0'
inf['support'] = 'debian'
inf['description'] = 'LDAP user authentication '
inf['task'] = True
inf['user_oriented'] = False
inf['machine_oriented'] = False
inf['developer'] = 'h.kara27@gmail.com'
return inf

66
src/plugins/ldap/delete_agent.py Normal file
View file

@ -0,0 +1,66 @@
#!/usr/bin/python3
# -*- coding: utf-8 -*-
# Author: Edip YILDIZ
# Author: Tuncay ÇOLAK <tuncay.colak@tubitak.gov.tr>
from base.model.enum.content_type import ContentType
import json, threading
from base.plugin.abstract_plugin import AbstractPlugin
import threading
class MoveAgent(AbstractPlugin):
def __init__(self, data, context):
super(AbstractPlugin, self).__init__()
self.data = data
self.context = context
self.logger = self.get_logger()
self.message_code = self.get_message_code()
def update_dn(self, jid, newDn):
cols = ['dn'];
values = [newDn]
return self.db_service.update('registration', cols, values, 'jid=\''+jid+'\'')
def getCnFromDn(self,dn):
if dn !=None and str(dn) !="":
dnStrArr = str(dn).split(",")
if len(dnStrArr)>0:
return dnStrArr[0]
def handle_task(self):
try:
dn = self.data['dn']
newParentDn = self.data['newParentDn']
jid= self.db_service.select_one_result('registration','jid','registered = 1')
newDn=str(dn).replace(dn, self.getCnFromDn(dn)+ str(newParentDn))
self.update_dn(jid,newDn)
self.context.create_response(code=self.message_code.TASK_PROCESSED.value,
message='Ahenk başarı ile taşındı.',
data=json.dumps({'Dn': newDn}),
content_type=ContentType.APPLICATION_JSON.value)
except Exception as e:
self.logger.error(" error on handle xmessage task. Error: " + str(e))
self.context.create_response(code=self.message_code.TASK_ERROR.value,
message='Ahenk taşınırken hata olustu' + str(e),
content_type=ContentType.APPLICATION_JSON.value)
def handle_task(task, context):
cls = MoveAgent(task, context)
cls.handle_task()

20
src/plugins/ldap/init.py Normal file
View file

@ -0,0 +1,20 @@
#!/usr/bin/python3
# -*- coding: utf-8 -*-
from base.plugin.abstract_plugin import AbstractPlugin
class Init(AbstractPlugin):
def __init__(self, context):
super(Init, self).__init__()
self.context = context
self.logger = self.get_logger()
def handle_mode(self):
# TODO Do what do you want to do!
pass
def handle_mode(context):
init = Init(context)
init.handle_mode()

21
src/plugins/ldap/login.py Normal file
View file

@ -0,0 +1,21 @@
#!/usr/bin/python3
# -*- coding: utf-8 -*-
from base.plugin.abstract_plugin import AbstractPlugin
class Login(AbstractPlugin):
def __init__(self, context):
super(Login, self).__init__()
self.context = context
self.username = str(context.get_username())
self.logger = self.get_logger()
def handle_mode(self):
# TODO Do what do you want to do!
pass
def handle_mode(context):
login = Login(context)
login.handle_mode()

21
src/plugins/ldap/logout.py Normal file
View file

@ -0,0 +1,21 @@
#!/usr/bin/python3
# -*- coding: utf-8 -*-
from base.plugin.abstract_plugin import AbstractPlugin
class Logout(AbstractPlugin):
def __init__(self, context):
super(Logout, self).__init__()
self.context = context
self.username = str(context.get_username())
self.logger = self.get_logger()
def handle_mode(self):
# TODO Do what do you want to do!
pass
def handle_mode(context):
logout = Logout(context)
logout.handle_mode()

16
src/plugins/ldap/main.py Normal file
View file

@ -0,0 +1,16 @@
#!/usr/bin/env python3
# -*- coding: utf-8 -*-
def info():
inf = dict()
inf['name'] = 'ldap'
inf['version'] = '1.0.0'
inf['support'] = 'debian'
inf['description'] = 'Ldap management'
inf['task'] = True
inf['user_oriented'] = True
inf['machine_oriented'] = True
inf['developer'] = 'muhammededip.yildiz@tubitak.gov.tr'
return inf

66
src/plugins/ldap/move_agent.py Normal file
View file

@ -0,0 +1,66 @@
#!/usr/bin/python3
# -*- coding: utf-8 -*-
# Author: Edip YILDIZ
# Author: Tuncay ÇOLAK <tuncay.colak@tubitak.gov.tr>
from base.model.enum.content_type import ContentType
import json, threading
from base.plugin.abstract_plugin import AbstractPlugin
import threading
class MoveAgent(AbstractPlugin):
def __init__(self, data, context):
super(AbstractPlugin, self).__init__()
self.data = data
self.context = context
self.logger = self.get_logger()
self.message_code = self.get_message_code()
def update_dn(self, jid, newDn):
cols = ['dn'];
values = [newDn]
return self.db_service.update('registration', cols, values, 'jid=\''+jid+'\'')
def getCnFromDn(self,dn):
if dn !=None and str(dn) !="":
dnStrArr = str(dn).split(",")
if len(dnStrArr)>0:
return dnStrArr[0]
def handle_task(self):
try:
dn = self.data['dn']
newParentDn = self.data['newParentDn']
jid= self.db_service.select_one_result('registration','jid','registered = 1')
newDn=str(dn).replace(dn, self.getCnFromDn(dn)+ str(newParentDn))
self.update_dn(jid,newDn)
self.context.create_response(code=self.message_code.TASK_PROCESSED.value,
message='Ahenk başarı ile taşındı.',
data=json.dumps({'Dn': newDn}),
content_type=ContentType.APPLICATION_JSON.value)
except Exception as e:
self.logger.error(" error on handle xmessage task. Error: " + str(e))
self.context.create_response(code=self.message_code.TASK_ERROR.value,
message='Ahenk taşınırken hata olustu' + str(e),
content_type=ContentType.APPLICATION_JSON.value)
def handle_task(task, context):
cls = MoveAgent(task, context)
cls.handle_task()

155
src/plugins/ldap/policy.py Normal file
View file

@ -0,0 +1,155 @@
# !/usr/bin/python
# -*- coding: utf-8 -*-
# Author: Volkan Şahin <volkansah.in> <bm.volkansahin@gmail.com>
import json
from base.plugin.abstract_plugin import AbstractPlugin
class Conky(AbstractPlugin):
def __init__(self, data, context):
super(Conky, self).__init__()
self.data = data
self.context = context
self.logger = self.get_logger()
self.machine_profile = True
self.conky_config_file_dir = '/etc/conky/'
self.conky_config_file_path = '/etc/conky/conky.conf'
self.command_autorun_conky = 'sleep 3;conky -d {0} -c {1}'
self.username = None
self.autostart_dir_path = '{0}.config/autostart/'
self.autorun_file_path = '{0}conky.desktop'
self.logger.debug('Parameters were initialized.')
def handle_policy(self):
try:
# Checking dependecies
if self.check_dependencies(['conky', 'conky-all']) is True:
self.logger.debug('Dependencies checked.')
else:
return
# Killing conky processes
self.logger.debug('Conky named processes will be killed.')
self.execute('killall -9 conky')
# Is user profile
if 'username' in self.context.data and self.context.get('username') is not None:
self.logger.debug('This is user profile, parameters reinitializing.')
self.username = self.context.get('username')
self.conky_config_file_dir = '{0}.conky/'.format(self.Sessions.user_home_path(self.username))
self.conky_config_file_path = '{0}conky.conf'.format(self.conky_config_file_dir)
self.machine_profile = False
# Creating/checking conky file dir and conky conf file
self.logger.debug('Conky file directory and configuration file is creating/checking')
if self.is_exist(self.conky_config_file_dir):
self.logger.debug('Old config file will be deleted.')
self.delete_file(self.conky_config_file_path)
else:
self.logger.debug(
'Creating directory for conky config at {0}'.format(self.conky_config_file_dir))
self.create_directory(self.conky_config_file_dir)
if self.create_file(self.conky_config_file_path):
self.logger.debug('Config file was created.')
self.write_file(self.conky_config_file_path, json.loads(self.data)['message'])
self.logger.debug('Config file was filled by context.')
else:
self.logger.error('A problen occurred while creating Conky configuration file.')
raise Exception('File {0} could not created.'.format(self.conky_config_file_path))
# Creating autorun
self.logger.debug('Creating autorun file...')
self.initialize_auto_run()
if self.machine_profile is False:
self.execute(
self.command_autorun_conky.format('--display=' + self.Sessions.display(self.username),
self.conky_config_file_path),
as_user=self.username, result=False)
self.execute('chown -hR ' + self.username + ':' + self.username + ' ' + self.conky_config_file_dir)
self.logger.debug('Owner of Conky config file was changed.')
else:
self.execute(self.command_autorun_conky.format('', self.conky_config_file_path), result=False)
self.logger.debug('Autorun command executed successfully')
self.context.create_response(code=self.get_message_code().POLICY_PROCESSED.value,
message='Conky politikası başarıyla çalıştırıldı.')
except Exception as e:
self.logger.error(
'A problem occurred while handling Conky policy. Error Message: {}'.format(str(e)))
self.context.create_response(code=self.get_message_code().POLICY_ERROR.value,
message='Conky politikası uygulanırken bir hata oluştu.')
def check_dependencies(self, packages):
self.logger.debug('Checking dependencies')
for package in packages:
if self.is_installed(package) is False:
self.logger.debug('Could not found {0}. It will be installed'.format(package))
result_code, p_out, p_err = self.install_with_apt_get(package)
if result_code == 0:
self.logger.debug('{0} installed successfully'.format(package))
else:
self.logger.error(
'A problem occurred while installing {0} package. Error Message: {1}'.format(package,
str(
p_err)))
self.context.create_response(code=self.get_message_code().POLICY_ERROR.value,
message='Bağımlılıklardan {0} paketi kurulurken hata oluştu.')
return False
return True
def initialize_auto_run(self):
if self.machine_profile is True:
self.logger.debug('All users conky configuration files will be removed because of machine profile')
if self.Sessions.user_name() is not None and len(self.Sessions.user_name()) > 0:
for username in self.Sessions.user_name():
self.logger.debug(
'Removing conf file of user {0}'.format(username))
self.delete_file(
self.autorun_file_path.format(
self.autostart_dir_path.format(self.Sessions.user_home_path(username))))
else:
self.logger.debug(
'There are no user')
else:
home_path = self.Sessions.user_home_path(self.username)
self.logger.debug(
'Creating autorun file for user {0}'.format(self.username))
self.create_autorun_file(self.autostart_dir_path.format(home_path),
self.conky_config_file_path,
self.autorun_file_path.format(self.autostart_dir_path.format(home_path)))
self.logger.debug(
'Autorun created')
def create_autorun_file(self, autostart_path, conky_config_file_path, autorun_file_path):
if not self.is_exist(autostart_path):
self.logger.debug(
'Creating file: {0}'.format(autostart_path))
self.create_directory(autostart_path)
file_content = '[Desktop Entry]\n' \
'Encoding=UTF-8 \n' \
'Type=Application \n' \
'Name=Conky \n' \
'Comment=Conky Monitor \n' \
'Exec=conky -d -c ' + conky_config_file_path + '\n' \
'StartupNotify=false \n' \
'Terminal=false \n'
self.logger.debug(
'Writing content to autorun file.')
self.write_file(autorun_file_path, file_content, 'w')
def handle_policy(profile_data, context):
plugin = Conky(profile_data, context)
plugin.handle_policy()

59
src/plugins/ldap/rename_entry.py Normal file
View file

@ -0,0 +1,59 @@
#!/usr/bin/python3
# -*- coding: utf-8 -*-
# Author: Edip YILDIZ
# Author: Tuncay ÇOLAK <tuncay.colak@tubitak.gov.tr>
from base.model.enum.content_type import ContentType
import json, threading
from base.plugin.abstract_plugin import AbstractPlugin
import threading
class UpdateEntry(AbstractPlugin):
def __init__(self, data, context):
super(AbstractPlugin, self).__init__()
self.data = data
self.context = context
self.logger = self.get_logger()
self.message_code = self.get_message_code()
def update_dn(self, jid, newDn):
cols = ['dn'];
values = [newDn]
return self.db_service.update('registration', cols, values, 'jid=\''+jid+'\'')
def handle_task(self):
try:
dn = self.data['dn']
jid= self.db_service.select_one_result('registration','jid','registered = 1')
cn = self.data['oldCn']
newCn = self.data['newCn']
newDn=str(dn).replace(cn,newCn)
self.update_dn(jid,newDn)
self.context.create_response(code=self.message_code.TASK_PROCESSED.value,
message='Ahenk adı başarı ile değiştirildi.',
data=json.dumps({'Dn': newDn}),
content_type=ContentType.APPLICATION_JSON.value)
except Exception as e:
self.logger.error(" error on handle xmessage task. Error: " + str(e))
self.context.create_response(code=self.message_code.TASK_ERROR.value,
message='Ahenk adı değiştirilirken hata olustu' + str(e),
content_type=ContentType.APPLICATION_JSON.value)
def handle_task(task, context):
cls = UpdateEntry(task, context)
cls.handle_task()

21
src/plugins/ldap/safe.py Normal file
View file

@ -0,0 +1,21 @@
#!/usr/bin/python3
# -*- coding: utf-8 -*-
from base.plugin.abstract_plugin import AbstractPlugin
class Safe(AbstractPlugin):
def __init__(self, context):
super(Safe, self).__init__()
self.context = context
self.username = str(context.get_username())
self.logger = self.get_logger()
def handle_safe_mode(self):
# TODO Do what do you want to do!
pass
def handle_mode(context):
safe = Safe(context)
safe.handle_safe_mode()

20
src/plugins/ldap/shutdown.py Normal file
View file

@ -0,0 +1,20 @@
#!/usr/bin/python3
# -*- coding: utf-8 -*-
from base.plugin.abstract_plugin import AbstractPlugin
class Shutdown(AbstractPlugin):
def __init__(self, context):
super(Shutdown, self).__init__()
self.context = context
self.logger = self.get_logger()
def handle_mode(self):
# TODO Do what do you want to do!
pass
def handle_mode(context):
shutdown = Shutdown(context)
shutdown.handle_mode()

23
src/plugins/ldap/task_command_id.py Normal file
View file

@ -0,0 +1,23 @@
#!/usr/bin/python3
# -*- coding: utf-8 -*-
from base.plugin.abstract_plugin import AbstractPlugin
class Sample(AbstractPlugin):
def __init__(self, task, context):
super(Sample, self).__init__()
self.task = task
self.context = context
self.logger = self.get_logger()
def handle_task(self):
# TODO Do what do you want to do!
# TODO Don't Forget returning response with <self.context.create_response(..)>
pass
def handle_task(task, context):
print('Sample Plugin Task')
sample = Sample(task, context)
sample.handle_task()

149
src/plugins/local-user/add_user.py Normal file
View file

@ -0,0 +1,149 @@
#!/usr/bin/python3
# -*- coding: utf-8 -*-
# Author:Mine DOGAN <mine.dogan@agem.com.tr>
# Author:Tuncay ÇOLAK <tuncay.colak@tubitak.gov.tr>
from base.plugin.abstract_plugin import AbstractPlugin
from pathlib import Path
class AddUser(AbstractPlugin):
def __init__(self, task, context):
super(AddUser, self).__init__()
self.task = task
self.context = context
self.logger = self.get_logger()
self.message_code = self.get_message_code()
self.username = self.task['username']
self.password = self.task['password']
self.home = self.task['home']
self.active = self.task['active']
self.groups = self.task['groups']
self.desktop_write_permission = self.task['desktop_write_permission']
self.kiosk_mode = self.task['kiosk_mode']
self.script = '/bin/bash ' + self.Ahenk.plugins_path() + 'local-user/scripts/{0}'
self.add_user = 'useradd -d {0} {1}'
self.check_home_owner = 'stat -c \'%U\' {}'
self.enable_user = 'passwd -u {}'
self.disable_user = 'passwd -l {}'
self.add_user_to_groups = 'usermod -a -G {0} {1}'
self.create_shadow_password = 'mkpasswd -m sha-512 {}'
self.change_password = 'usermod -p {0} {1}'
self.change_shell = 'usermod -s /bin/bash {}'
self.change_owner = 'chown {0}.{0} {1}'
self.change_permission = 'chmod 755 {}'
self.desktop_path = ''
self.xfce4_session = "/usr/bin/xfce4-session"
self.gnome_session = "/usr/bin/gnome-session"
self.desktop_env = None
self.logger.debug('Parameters were initialized.')
def handle_task(self):
try:
self.desktop_env = self.get_desktop_env()
self.logger.info("Get desktop environment is {0}".format(self.desktop_env))
if not self.is_exist(self.home):
self.create_directory(self.home)
self.execute(self.add_user.format(self.home, self.username))
self.logger.debug('Added new user: {0}, home: {1}'.format(self.username, self.home))
self.execute(self.change_owner.format(self.username, self.home))
self.execute(self.change_permission.format(self.home))
self.logger.debug('Changed owner and permission for home directory.')
if self.groups != "":
self.execute(self.add_user_to_groups.format(self.groups, self.username))
self.logger.debug('Added user to these groups: {}'.format(self.groups))
if str(self.password).strip() != "":
result_code, p_out, p_err = self.execute(self.create_shadow_password.format(self.password))
shadow_password = p_out.strip()
# shadow_password = crypt.crypt(self.password)
self.execute(self.change_password.format('\'{}\''.format(shadow_password), self.username))
self.logger.debug('Changed password.')
self.execute(self.change_shell.format(self.username))
self.logger.debug('Changed user shell to /bin/bash')
if self.active == "true":
self.execute(self.enable_user.format(self.username))
self.logger.debug('The user has been enabled.')
elif self.active == "false":
self.execute(self.disable_user.format(self.username))
self.logger.debug('The user has been disabled.')
agent_language = self.get_language()
if agent_language == "tr_TR":
desktop_name = "Masaüstü"
else:
desktop_name = "Desktop"
self.execute("mkdir " + self.home + "/" + desktop_name)
self.desktop_path = self.home + "/" + desktop_name
self.execute(self.change_owner.format(self.username, self.desktop_path))
self.logger.debug('owner is changed for user {0} directory'.format(desktop_name))
if self.desktop_write_permission == "true":
self.set_permission(self.desktop_path, 775)
self.logger.debug('Desktop write permission is true')
elif self.desktop_write_permission == "false":
self.set_permission(self.desktop_path, 575)
self.logger.debug('Desktop write permission is false')
#
# Handle kiosk mode
#
if self.desktop_env == "xfce":
result_code, p_out, p_err = self.execute(self.script.format('find_locked_users.sh'), result=True)
if result_code != 0:
self.logger.error(
'Error occurred while managing kiosk mode.')
self.context.create_response(code=self.message_code.TASK_ERROR.value,
message='Masaüstü kilidi ayarlanırken hata oluştu.')
return
locked_users = []
if p_out:
self.logger.debug('pout {0}'.format(str(p_out)))
locked_users = p_out.strip().split(';')
if self.kiosk_mode == "true":
self.logger.debug('Kiosk mode is active {0}'.format(str(locked_users)))
if self.username not in locked_users:
self.logger.debug('Adding user {0} to locked users'.format(self.username))
locked_users.append(self.username)
locked_users_str = ";".join(locked_users)
self.logger.debug('Users: {0}'.format(locked_users_str))
comm = "sed -i 's/^.*" + '<channel name="xfce4-panel"' + ".*$/" + '<channel name="xfce4-panel" version="1.0" locked="' + locked_users_str + '">' + "/' /etc/xdg/xfce4/xfconf/xfce-perchannel-xml/xfce4-panel.xml"
result_code1, p_out1, p_err1 = self.execute(comm)
elif self.kiosk_mode == "false":
self.logger.debug('Kiok mode is NOT active')
if self.username in locked_users:
self.logger.debug('Removing user {0} from locked users'.format(self.username))
locked_users.remove(self.username)
if locked_users:
locked_users_str = ";".join(locked_users)
# if xfce4-panel.xml doesn not exist copy it from ~/.config/xfce4/xfconf/xfce-perchannel-xml/
comm = "sed -i 's/^.*" + '<channel name="xfce4-panel"' + ".*$/" + '<channel name="xfce4-panel" version="1.0" locked="' + locked_users_str + '">' + "/' /etc/xdg/xfce4/xfconf/xfce-perchannel-xml/xfce4-panel.xml"
result_code1, p_out1, p_err1 = self.execute(comm)
else:
self.execute(self.script.format('remove_locked_users.sh '))
else:
self.logger.info("Desktop environ is GNOME. Kiosk mode not setting")
self.logger.info('User has been added successfully.')
self.context.create_response(code=self.message_code.TASK_PROCESSED.value,
message='Kullanıcı başarıyla eklendi.')
except Exception as e:
self.logger.error('A problem occurred while handling Local-User task: {0}'.format(str(e)))
self.context.create_response(code=self.message_code.TASK_ERROR.value,
message='Local-User görevi çalıştırılırken bir hata oluştu.')
def handle_task(task, context):
add_user = AddUser(task, context)
add_user.handle_task()

53
src/plugins/local-user/delete_user.py Normal file
View file

@ -0,0 +1,53 @@
#!/usr/bin/python3
# -*- coding: utf-8 -*-
# Author:Mine DOGAN <mine.dogan@agem.com.tr>
from base.plugin.abstract_plugin import AbstractPlugin
class DeleteUser(AbstractPlugin):
def __init__(self, task, context):
super(DeleteUser, self).__init__()
self.task = task
self.context = context
self.logger = self.get_logger()
self.message_code = self.get_message_code()
self.username = self.task['username']
self.home = self.task['home']
self.delete_home = self.task['delete_home']
self.delete_user_home = 'rm -r {}'
self.delete_user = 'userdel {}'
self.logout_user = 'pkill -u {}'
self.kill_all_process = 'killall -KILL -u {}'
self.logger.debug('Parameters were initialized.')
def handle_task(self):
try:
self.execute(self.logout_user.format(self.username))
self.execute(self.kill_all_process.format(self.username))
self.logger.debug('Killed all processes for {}'.format(self.username))
if self.delete_home is True:
self.execute(self.delete_user.format(self.username))
self.execute(self.delete_user_home.format(self.home))
self.logger.debug('Deleted user with home: {}'.format(self.username))
elif self.delete_home is False:
self.execute(self.delete_user.format(self.username))
self.logger.debug('Deleted user: {}'.format(self.username))
self.logger.info('User has been deleted successfully.')
self.context.create_response(code=self.message_code.TASK_PROCESSED.value,
message='Kullanıcı başarıyla silindi.')
except Exception as e:
self.logger.error(
'A problem occured while handling Local-User task: {0}'.format(str(e)))
self.context.create_response(code=self.message_code.TASK_ERROR.value,
message='Local-User görevi çalıştırılırken bir hata oluştu.')
def handle_task(task, context):
delete_user = DeleteUser(task, context)
delete_user.handle_task()

160
src/plugins/local-user/edit_user.py Normal file
View file

@ -0,0 +1,160 @@
#!/usr/bin/python3
# -*- coding: utf-8 -*-
# Author:Mine DOGAN <mine.dogan@agem.com.tr>
# Author:Tuncay ÇOLAK <tuncay.colak@tubitak.gov.tr>
from base.plugin.abstract_plugin import AbstractPlugin
from pathlib import Path
class EditUser(AbstractPlugin):
def __init__(self, task, context):
super(EditUser, self).__init__()
self.task = task
self.context = context
self.logger = self.get_logger()
self.message_code = self.get_message_code()
self.username = self.task['username']
self.new_username = self.task['new_username']
self.password = self.task['password']
self.home = self.task['home']
self.active = self.task['active']
self.groups = self.task['groups']
self.desktop_write_permission = self.task['desktop_write_permission']
self.kiosk_mode = self.task['kiosk_mode']
self.current_home = self.execute('eval echo ~{0}'.format(self.username))[1]
self.script = '/bin/bash ' + self.Ahenk.plugins_path() + 'local-user/scripts/{0}'
self.kill_processes = 'pkill -u {}'
self.change_username = 'usermod -l {0} {1}'
self.create_shadow_password = 'mkpasswd -m sha-512 {}'
self.change_password = 'usermod -p {0} {1}'
self.change_home = 'usermod -m -d {0} {1}'
self.enable_user = 'passwd -u {}'
self.disable_user = 'passwd -l {}'
self.change_groups = 'usermod -G {0} {1}'
self.remove_all_groups = 'usermod -G "" {}'
self.change_owner = 'chown {0}.{0} {1}'
self.change_permission = 'chmod 755 {}'
self.logout_user = 'pkill -u {}'
self.kill_all_process = 'killall -KILL -u {}'
self.message = ''
self.message_code_level = 1
self.xfce4_session = "/usr/bin/xfce4-session"
self.gnome_session = "/usr/bin/gnome-session"
self.desktop_env = None
self.logger.debug('Parameters were initialized.')
def handle_task(self):
try:
self.desktop_env = self.get_desktop_env()
self.logger.info("Get desktop environment is {0}".format(self.desktop_env))
self.execute(self.logout_user.format(self.username))
self.execute(self.kill_all_process.format(self.username))
self.logger.debug('Killed all processes for {}'.format(self.username))
if str(self.new_username).strip() != "":
self.execute(self.kill_processes.format(self.username))
self.execute(self.change_username.format(self.new_username, self.username))
self.logger.debug('Changed username {0} to {1}'.format(self.username, self.new_username))
self.username = self.new_username
if str(self.password).strip() != "":
result_code, p_out, p_err = self.execute(self.create_shadow_password.format(self.password))
shadow_password = p_out.strip()
self.execute(self.change_password.format('\'{}\''.format(shadow_password), self.username))
self.logger.debug('Changed password.')
if self.current_home != self.home:
self.execute(self.kill_processes.format(self.username))
self.execute(self.change_home.format(self.home, self.username))
self.logger.debug('Changed home directory to: {}'.format(self.home))
self.execute(self.change_owner.format(self.username, self.home))
self.execute(self.change_permission.format(self.home))
self.logger.debug('Changed owner and permission for home directory.')
if self.active == "true":
self.execute(self.enable_user.format(self.username))
self.logger.debug('The user has been enabled.')
elif self.active == "false":
self.execute(self.disable_user.format(self.username))
self.logger.debug('The user has been disabled.')
if self.groups != "":
self.execute(self.change_groups.format(self.groups, self.username))
self.logger.debug('Added user to these groups: {}'.format(self.groups))
else:
self.execute(self.remove_all_groups.format(self.username))
self.logger.debug('Removed all groups for user: {}'.format(self.username))
agent_language = self.get_language()
if agent_language == "tr_TR":
desktop_name = "Masaüstü"
else:
desktop_name = "Desktop"
if self.desktop_write_permission == "true":
self.set_permission(self.current_home.strip() + "/" + desktop_name, 775)
self.logger.debug('Desktop write permission is true')
elif self.desktop_write_permission == "false":
self.set_permission(self.current_home.strip() + "/" + desktop_name, 575)
self.logger.debug('Desktop write permission is false')
#
# Handle kiosk mode
#
if self.desktop_env == "xfce":
result_code, p_out, p_err = self.execute(self.script.format('find_locked_users.sh'), result=True)
if result_code != 0:
self.logger.error('Error occurred while managing kiosk mode.')
self.message_code_level += 1
self.message = 'Masaüstü kilidi ayarlanırken hata oluştu.'
locked_users = []
if p_out:
self.logger.debug('pout {0}'.format(str(p_out)))
locked_users = p_out.strip().split(';')
if self.kiosk_mode == "true":
self.logger.debug('Kiosk mode is active {0}'.format(str(locked_users)))
if self.username not in locked_users:
self.logger.debug('Adding user {0} to locked users'.format(self.username))
locked_users.append(self.username)
locked_users_str = ";".join(locked_users)
self.logger.debug('Users: {0}'.format(locked_users_str))
comm = "sed -i 's/^.*" + '<channel name="xfce4-panel"' + ".*$/" + '<channel name="xfce4-panel" version="1.0" locked="' + locked_users_str + '">' + "/' /etc/xdg/xfce4/xfconf/xfce-perchannel-xml/xfce4-panel.xml"
result_code1, p_out1, p_err1 = self.execute(comm)
elif self.kiosk_mode == "false":
self.logger.debug('Kiok mode is NOT active')
if self.username in locked_users:
self.logger.debug('Removing user {0} from locked users'.format(self.username))
locked_users.remove(self.username)
if locked_users:
locked_users_str = ";".join(locked_users)
comm = "sed -i 's/^.*" + '<channel name="xfce4-panel"' + ".*$/" + '<channel name="xfce4-panel" version="1.0" locked="' + locked_users_str + '">' + "/' /etc/xdg/xfce4/xfconf/xfce-perchannel-xml/xfce4-panel.xml"
result_code1, p_out1, p_err1 = self.execute(comm)
else:
self.execute(self.script.format('remove_locked_users.sh '))
else:
self.logger.info("Desktop environ is GNOME. Kiosk mode not setting")
self.logger.info('User has been edited successfully.')
if self.message_code_level == 1:
response_code = self.message_code.TASK_PROCESSED.value
response_message = 'Kullanıcı başarıyla düzenlendi.'
else:
response_code = self.message_code.TASK_WARNING.value
response_message = 'Kullanıcı düzenlendi; fakat {0}'.format(self.message)
self.context.create_response(code=response_code, message=response_message)
except Exception as e:
self.logger.error('A problem occurred while handling Local-User task: {0}'.format(str(e)))
self.context.create_response(code=self.message_code.TASK_ERROR.value,
message='Local-User görevi çalıştırılırken bir hata oluştu.')
def handle_task(task, context):
edit_user = EditUser(task, context)
edit_user.handle_task()

42
src/plugins/local-user/get_groups.py Normal file
View file

@ -0,0 +1,42 @@
#!/usr/bin/python3
# -*- coding: utf-8 -*-
# Author:Mine DOGAN <mine.dogan@agem.com.tr>
import json
from base.plugin.abstract_plugin import AbstractPlugin
class GetGroups(AbstractPlugin):
def __init__(self, task, context):
super(GetGroups, self).__init__()
self.task = task
self.context = context
self.logger = self.get_logger()
self.message_code = self.get_message_code()
self.command_get_groups = 'cut -d: -f1 /etc/group'
self.logger.debug('Parameters were initialized.')
def handle_task(self):
try:
result_code, p_out, p_err = self.execute(self.command_get_groups)
groups = p_out.split('\n')
groups.pop()
self.logger.debug('groups: {0}'.format(groups))
self.logger.info('Local User \'get_groups\' task is handled successfully')
self.context.create_response(code=self.message_code.TASK_PROCESSED.value,
message='Grup listesi başarıyla getirildi.',
data=json.dumps({'groups': groups}),
content_type=self.get_content_type().APPLICATION_JSON.value)
except Exception as e:
self.logger.error('A problem occurred while handling Local-User \'get_groups\' task: {0}'.format(str(e)))
self.context.create_response(code=self.message_code.TASK_ERROR.value,
message='Local-User \'get_groups\' görevi çalıştırılırken bir hata oluştu.')
def handle_task(task, context):
get_groups = GetGroups(task, context)
get_groups.handle_task()

130
src/plugins/local-user/get_users.py Normal file
View file

@ -0,0 +1,130 @@
#!/usr/bin/python3
# -*- coding: utf-8 -*-
# Author:Mine DOGAN <mine.dogan@agem.com.tr>
# Author:Tuncay ÇOLAK <tuncay.colak@tubitak.gov.tr>
import json
from pathlib import Path
from base.plugin.abstract_plugin import AbstractPlugin
class GetUsers(AbstractPlugin):
def __init__(self, task, context):
super(GetUsers, self).__init__()
self.task = task
self.context = context
self.logger = self.get_logger()
self.message_code = self.get_message_code()
self.script = '/bin/bash ' + self.Ahenk.plugins_path() + 'local-user/scripts/{0}'
self.command_users = 'awk -F: \'{print $1 ":" $6 ":" $7}\' /etc/passwd | grep /bin/bash'
self.command_user_groups = 'groups {}'
self.command_not_active = 'egrep \':\!\' /etc/shadow |awk -F: \'{print $1}\''
self.command_get_groups = 'cut -d: -f1 /etc/group'
self.xfce4_session = "/usr/bin/xfce4-session"
self.gnome_session = "/usr/bin/gnome-session"
self.desktop_env = None
self.logger.debug('Parameters were initialized.')
def handle_task(self):
try:
user_list = []
result_code, p_out, p_err = self.execute(self.command_users)
lines = p_out.split('\n')
lines.pop()
self.desktop_env = self.get_desktop_env()
self.logger.info("Get desktop environment is {0}".format(self.desktop_env))
for line in lines:
detail = line.split(':')
result_code, p_out, p_err = self.execute(self.command_user_groups.format(str(detail[0]).strip()))
groups = p_out.split(':')
groups[1] = str(groups[1]).strip()
groups[1] = groups[1].replace("'", "").replace(" ", ", ")
is_active = 'true'
result_code, p_out, p_err = self.execute(self.command_not_active)
users = p_out.split('\n')
if str(detail[0]).strip() in users:
is_active = 'false'
self.desktop_path = ''
if self.is_exist("{0}/Masaüstü/".format(str(detail[1]).strip())):
self.desktop_path = "{0}/Masaüstü/".format(str(detail[1]).strip())
self.logger.debug("Desktop path for user '{0}' : {1}".format(str(detail[0]).strip(), self.desktop_path))
elif self.is_exist("{0}/Desktop/".format(str(detail[1]).strip())):
self.desktop_path = "{0}/Desktop/".format(str(detail[1]).strip())
self.logger.debug("Desktop path for user '{0}' : {1}".format(str(detail[0]).strip(), self.desktop_path))
else:
self.logger.debug(
'Desktop write permission could not get. Desktop path not found for user "{0}"'.format(
str(detail[0]).strip()))
result_code, p_out, p_err = self.execute(' stat -c "%a %n" ' + self.desktop_path)
self.logger.debug('sudo stat -c "%a %n" ' + self.desktop_path)
is_desktop_write_permission_exists = 'false'
if result_code == 0:
permission_codes = p_out.split()
self.logger.debug("permission codes : " + str(permission_codes))
if len(permission_codes) > 0:
permission_code = permission_codes[0].strip()
self.logger.debug("permission code is : " + permission_code)
if permission_code == "775":
is_desktop_write_permission_exists = 'true'
if self.desktop_env == "xfce":
is_kiosk_mode_on = 'false'
self.logger.debug('Kiosk mode info will be taken')
file_xfce4_panel = Path("/etc/xdg/xfce4/xfconf/xfce-perchannel-xml/xfce4-panel.xml")
if not file_xfce4_panel.exists():
self.logger.error(
'PANEL XML NOT FOUND COPY')
source_path = "{0}local-user/panelconf/xfce4-panel.xml".format(self.Ahenk.plugins_path())
self.logger.info("----->>>>" + source_path)
self.copy_file(source_path, "/etc/xdg/xfce4/xfconf/xfce-perchannel-xml/xfce4-panel.xml")
self.logger.error(
'FILE IS COPIED')
result_code, p_out, p_err = self.execute(self.script.format('find_locked_users.sh'), result=True)
if result_code != 0:
self.logger.error(
'Error occurred while finding locked users.')
if p_out:
self.logger.debug('locked users are {0}'.format(str(p_out)))
locked_users = p_out.strip().split(';')
# self.logger.debug("user is " + str(detail[0]).strip())
# self.logger.debug("locked users are " + str(locked_users))
if str(detail[0]).strip() in locked_users:
is_kiosk_mode_on = 'true'
self.logger.debug('Desktop environ is XFCE. Kiosk mode info is taken')
else:
is_kiosk_mode_on = "true"
self.logger.info("Desktop environ is GNOME. Return kiok mode TRUE")
user = {'user': str(detail[0]).strip(), 'groups': groups[1], 'home': detail[1], 'is_active': is_active, 'is_desktop_write_permission_exists': is_desktop_write_permission_exists, 'is_kiosk_mode_on': is_kiosk_mode_on}
user_list.append(user)
self.logger.debug('user: {0}, groups: {1}, home: {2}, is_active: {3}'.format(str(detail[0]).strip(), groups[1], detail[1], is_active))
self.logger.info('Local User task is handled successfully')
#
# get all groups
#
result_code, p_out, p_err = self.execute(self.command_get_groups)
all_groups = p_out.split('\n')
all_groups.pop()
self.context.create_response(code=self.message_code.TASK_PROCESSED.value,
message='Kullanıcı listesi başarıyla getirildi.',
data=json.dumps({'users': user_list, 'all_groups': all_groups}),
content_type=self.get_content_type().APPLICATION_JSON.value)
except Exception as e:
self.logger.error('A problem occurred while handling Local-User task: {0}'.format(str(e)))
self.context.create_response(code=self.message_code.TASK_ERROR.value,
message='Local-User görevi çalıştırılırken bir hata oluştu.')
def handle_task(task, context):
get_users = GetUsers(task, context)
get_users.handle_task()

24
src/plugins/local-user/init.py Normal file
View file

@ -0,0 +1,24 @@
#!/usr/bin/python3
# -*- coding: utf-8 -*-
# Author:Mine DOGAN <mine.dogan@agem.com.tr>
from base.plugin.abstract_plugin import AbstractPlugin
class Init(AbstractPlugin):
def __init__(self, context):
super(Init, self).__init__()
self.context = context
self.logger = self.get_logger()
self.logger.debug('Parameters were initialized.')
def handle_mode(self):
if self.is_installed('whois') is False:
self.install_with_apt_get('whois')
self.logger.debug('whois has been installed with apt-get.')
def handle_mode(context):
init = Init(context)
init.handle_mode()

15
src/plugins/local-user/main.py Normal file
View file

@ -0,0 +1,15 @@
#!/usr/bin/python3
# -*- coding: utf-8 -*-
def info():
inf = dict()
inf['name'] = 'local-user'
inf['version'] = '1.0.0'
inf['support'] = 'debian'
inf['description'] = 'Local-User plugin provides to listing users and adding, editing, deleting a local user.'
inf['task'] = True
inf['user_oriented'] = False
inf['machine_oriented'] = False
inf['developer'] = 'tuncay.colak@tubitak.gov.tr'
return inf

43
src/plugins/local-user/panelconf/xfce4-panel.xml Normal file
View file

@ -0,0 +1,43 @@
<?xml version="1.0" encoding="UTF-8"?>
<channel name="xfce4-panel" version="1.0">
<property name="configver" type="empty"/>
<property name="panels" type="empty">
<property name="panel-1" type="empty">
<property name="position" type="empty"/>
<property name="position-locked" type="empty"/>
<property name="size" type="empty"/>
<property name="length" type="empty"/>
<property name="plugin-ids" type="empty"/>
</property>
</property>
<property name="plugins" type="empty">
<property name="plugin-1" type="empty">
<property name="names-visible" type="array">
<value type="string" value="networkmanager applet"/>
<value type="string" value="xfce4-power-manager"/>
<value type="string" value="google-chrome-stable"/>
<value type="string" value="software updates"/>
<value type="string" value="thunar"/>
</property>
<property name="show-frame" type="empty"/>
<property name="size-max" type="empty"/>
</property>
<property name="plugin-3" type="empty"/>
<property name="plugin-4" type="empty">
<property name="appearance" type="empty"/>
<property name="items" type="empty"/>
<property name="ask-confirmation" type="empty"/>
</property>
<property name="plugin-7" type="empty">
<property name="expand" type="empty"/>
<property name="style" type="empty"/>
</property>
<property name="plugin-8" type="empty"/>
<property name="plugin-5" type="empty">
<property name="enable-keyboard-shortcuts" type="empty"/>
</property>
<property name="plugin-2" type="empty"/>
<property name="plugin-13" type="empty"/>
</property>
</channel>

3
src/plugins/local-user/scripts/find_locked_users.sh Normal file
View file

@ -0,0 +1,3 @@
#!/bin/bash
sed -n 's/^.*locked="\([A-Za-z0-9; ]*\)".*$/\1/p' /etc/xdg/xfce4/xfconf/xfce-perchannel-xml/xfce4-panel.xml
#sed -n 's/^.*locked="\([A-Za-z0-9; ]*\)".*$/\1/p' ~/.config/xfce4/xfconf/xfce-perchannel-xml/xfce4-panel.xml

4
src/plugins/local-user/scripts/remove_locked_users.sh Normal file
View file

@ -0,0 +1,4 @@
#!/bin/bash
sed -i 's/\(^.*\)\(locked="[A-Za-z; ]*"\)\(.*$\)/\1\3/' /etc/xdg/xfce4/xfconf/xfce-perchannel-xml/xfce4-panel.xml
#sed -i 's/\(^.*\)\(locked="[A-Za-z; ]*"\)\(.*$\)/\1\3/' ~/.config/xfce4/xfconf/xfce-perchannel-xml/xfce4-panel.xml

Some files were not shown because too many files have changed in this diff Show more