From 6e4b2f58840dc5f9acad9faf58db9772e14db0b5 Mon Sep 17 00:00:00 2001 From: =?UTF-8?q?Tuncay=20=C3=87OLAK?= Date: Thu, 23 Jul 2020 14:36:37 +0300 Subject: [PATCH 1/3] Syncing /usr/share/ahenk to src and recreating ahenk.install --- debian/ahenk.install | 1 - usr/share/ahenk/ahenkd.py | 10 +- .../ahenk/base/agreement/ahenkmessage.py | 61 +++++++------ .../ahenk/base/command/command_manager.py | 2 +- .../ahenk/base/execution/execution_manager.py | 2 +- usr/share/ahenk/base/messaging/messaging.py | 5 + usr/share/ahenk/base/messaging/messenger.py | 1 + .../execute_cancel_sssd_ad_authentication.py | 14 ++- .../execute_sssd_ad_authentication.py | 17 +++- .../ahenk/base/registration/registration.py | 51 ++++++----- usr/share/ahenk/base/registration/test.py | 91 ------------------- 11 files changed, 96 insertions(+), 159 deletions(-) delete mode 100644 usr/share/ahenk/base/registration/test.py diff --git a/debian/ahenk.install b/debian/ahenk.install index 4adae69..4a3f824 100644 --- a/debian/ahenk.install +++ b/debian/ahenk.install @@ -108,7 +108,6 @@ usr/share/ahenk/base/scheduler/custom/scheduledb.py usr/share/ahenk/base/scheduler/custom/custom_scheduler.py usr/share/ahenk/base/scheduler/custom usr/share/ahenk/base/scheduler -usr/share/ahenk/base/registration/test.py usr/share/ahenk/base/registration/execute_cancel_sssd_ad_authentication.py usr/share/ahenk/base/registration/config-files/ldap usr/share/ahenk/base/registration/config-files/pam_script diff --git a/usr/share/ahenk/ahenkd.py b/usr/share/ahenk/ahenkd.py index 8f6d8cd..28f9433 100644 --- a/usr/share/ahenk/ahenkd.py +++ b/usr/share/ahenk/ahenkd.py @@ -162,7 +162,8 @@ class AhenkDaemon(BaseDaemon): print("Registration attemp") max_attempt_number -= 1 self.logger.debug('Ahenk is not registered. Attempting for registration') - registration.registration_request(self.register_hostname,self.register_user_name,self.register_user_password,self.register_directory_server) + # registration.registration_request(self.register_hostname,self.register_user_name,self.register_user_password,self.register_directory_server) + registration.registration_request(self.register_hostname,self.register_user_name,self.register_user_password) if max_attempt_number < 0: self.logger.warning('Number of Attempting for registration is over') Util.execute("/etc/init.d/ahenk stop") @@ -248,7 +249,7 @@ class AhenkDaemon(BaseDaemon): self.register_hostname=hostName self.register_user_name=username self.register_user_password=password - self.register_directory_server = directoryServer + # self.register_directory_server = directoryServer # if user_disabled is when ahenk service restarted TRUE disabled local users def disable_local_users(self): @@ -385,8 +386,9 @@ if __name__ == '__main__': hostName = sys.argv[2] userName = sys.argv[3] password = sys.argv[4] - directoryServer = sys.argv[5] - ahenk_daemon.set_register_user(hostName,userName,password,directoryServer) + # directoryServer = sys.argv[5] + # ahenk_daemon.set_register_user(hostName,userName,password,directoryServer) + ahenk_daemon.set_register_user(hostName,userName,password) ahenk_daemon.run() else: diff --git a/usr/share/ahenk/base/agreement/ahenkmessage.py b/usr/share/ahenk/base/agreement/ahenkmessage.py index eedfcb6..71bd5a2 100644 --- a/usr/share/ahenk/base/agreement/ahenkmessage.py +++ b/usr/share/ahenk/base/agreement/ahenkmessage.py @@ -18,28 +18,30 @@ class AskRegister(): self.title = title self.host = host self.master = tk.Tk() + self.text= tk.StringVar() self.master.title(self.title) - if self.host != "": - pass - else: - tk.Label(self.master, text="Etki Alanı Sunucusu : ").grid(row=0) - self.e1 = tk.Entry(self.master) - self.e1.grid(row=0, column=1) + tk.Label(self.master, text="* Etki Alanı: ").grid(row=0) + self.e1 = tk.Entry(self.master) + self.e1.grid(row=0, column=1) - tk.Label(self.master, text="Yetkili Kullanıcı : ").grid(row=1) - tk.Label(self.master, text="Parola : ").grid(row=2) + # if self.host != "": + # pass + # else: + + tk.Label(self.master, text="* Yetkili Kullanıcı : ").grid(row=1) + tk.Label(self.master, text="* Parola : ").grid(row=2) + tk.Label(self.master, textvariable= self.text, fg="red").grid(row=3,columnspan=2) self.e2 = tk.Entry(self.master) self.e3 = tk.Entry(show="*") - self.var1 = IntVar() - Checkbutton(self.master, text="Active Directory", variable=self.var1, command=self.check1).grid(row=3, column=0, stick=tk.W, - pady=4) - self.var2 = IntVar() - self.var2.set(1) - Checkbutton(self.master, text="OpenLDAP", variable=self.var2, command=self.check2).grid(row=3, column=1, stick=tk.W, pady=4) - + # self.var1 = IntVar() + # Checkbutton(self.master, text="Active Directory", variable=self.var1, command=self.check1).grid(row=3, column=0, stick=tk.W, + # pady=4) + # self.var2 = IntVar() + # self.var2.set(1) + # Checkbutton(self.master, text="OpenLDAP", variable=self.var2, command=self.check2).grid(row=3, column=1, stick=tk.W, pady=4) self.e2.grid(row=1, column=1) self.e3.grid(row=2, column=1) @@ -49,20 +51,23 @@ class AskRegister(): tk.mainloop() def show(self): + if(self.e1.get() =='' or self.e2.get()=='' or self.e3.get()==''): + self.text.set("Lütfen zorunlu alanları doldurunuz!") + else: + print(self.e1.get()+" "+self.e2.get()+" "+self.e3.get()) + self.master.quit() + # if self.var2.get() == 1: + # if self.host != "": + # print(self.e2.get()+" "+self.e3.get()+" "+"LDAP") + # else: + # print(self.e1.get()+" "+self.e2.get()+" "+self.e3.get()+" "+"LDAP") + # + # if self.var1.get() == 1: + # if self.host != "": + # print(self.e2.get()+" "+self.e3.get()+" "+"AD") + # else: + # print(self.e1.get()+" "+self.e2.get()+" "+self.e3.get()+" "+"AD") - if self.var2.get() == 1: - if self.host != "": - print(self.e2.get()+" "+self.e3.get()+" "+"LDAP") - else: - print(self.e1.get()+" "+self.e2.get()+" "+self.e3.get()+" "+"LDAP") - - if self.var1.get() == 1: - if self.host != "": - print(self.e2.get()+" "+self.e3.get()+" "+"AD") - else: - print(self.e1.get()+" "+self.e2.get()+" "+self.e3.get()+" "+"AD") - - self.master.quit() def check1(self): self.var2.set(0) diff --git a/usr/share/ahenk/base/command/command_manager.py b/usr/share/ahenk/base/command/command_manager.py index 0b2edbc..e0ac778 100644 --- a/usr/share/ahenk/base/command/command_manager.py +++ b/usr/share/ahenk/base/command/command_manager.py @@ -51,7 +51,7 @@ class Commander(object): print('{0} logging out'.format(str(params[2]))) data['event'] = params[1] data['username'] = params[2] - + elif len(params) == 4 and params[1] == 'logout': print('{0} logging out'.format(str(params[2]))) data['event'] = params[1] diff --git a/usr/share/ahenk/base/execution/execution_manager.py b/usr/share/ahenk/base/execution/execution_manager.py index d4a52f1..c44f4ef 100644 --- a/usr/share/ahenk/base/execution/execution_manager.py +++ b/usr/share/ahenk/base/execution/execution_manager.py @@ -221,6 +221,7 @@ class ExecutionManager(object): def execute_policy(self, arg): try: j = json.loads(str(arg)) + self.policy_executed[j['username']] = True for i in range(len(j['executePolicyList'])): policy = self.json_to_PolicyBean(json.loads(json.dumps(j['executePolicyList'][i]))) self.logger.debug('Updating policies...') @@ -240,7 +241,6 @@ class ExecutionManager(object): self.db_service.delete('policy', 'type = \'U\' and name = \'' + policy.get_username() + '\'' + 'and policy_id = ' + str(policy.get_policy_id())) else: - self.policy_executed[policy.get_username()] = True machine_uid = self.db_service.select_one_result('registration', 'jid', 'registered=1') user_policy_version = self.db_service.select_one_result('policy', 'version', 'type = \'U\' and name = \'' + policy.get_username() + '\'' + diff --git a/usr/share/ahenk/base/messaging/messaging.py b/usr/share/ahenk/base/messaging/messaging.py index d9b7b41..e875b5d 100644 --- a/usr/share/ahenk/base/messaging/messaging.py +++ b/usr/share/ahenk/base/messaging/messaging.py @@ -72,6 +72,11 @@ class Messaging(object): data['ipAddresses'] = str(System.Hardware.Network.ip_addresses()).replace('[', '').replace(']', '') data['timestamp'] = Util.timestamp() data['userIp'] = ip + data['osVersion'] = System.Os.version() + data['diskTotal'] = System.Hardware.Disk.total() + data['diskUsed'] = System.Hardware.Disk.used() + data['diskFree'] = System.Hardware.Disk.free() + data['memory'] = System.Hardware.Memory.total() data['hostname'] = str(System.Os.hostname()) self.logger.debug('USER IP : '+ str(ip)+ ' IPADDRESSES : '+ str(System.Hardware.Network.ip_addresses()).replace('[', '').replace(']', '')) diff --git a/usr/share/ahenk/base/messaging/messenger.py b/usr/share/ahenk/base/messaging/messenger.py index d4f9f2c..f3a3bf7 100644 --- a/usr/share/ahenk/base/messaging/messenger.py +++ b/usr/share/ahenk/base/messaging/messenger.py @@ -50,6 +50,7 @@ class Messenger(ClientXMPP): self.register_extensions() self.add_listeners() + self.roster.auto_subscribe = True def register_extensions(self): try: diff --git a/usr/share/ahenk/base/registration/execute_cancel_sssd_ad_authentication.py b/usr/share/ahenk/base/registration/execute_cancel_sssd_ad_authentication.py index 1af7521..8c58d8b 100644 --- a/usr/share/ahenk/base/registration/execute_cancel_sssd_ad_authentication.py +++ b/usr/share/ahenk/base/registration/execute_cancel_sssd_ad_authentication.py @@ -15,10 +15,6 @@ class ExecuteCancelSSSDAdAuthentication: def cancel(self): try: - # Deleting packages require for AD entegration - self.util.execute( - "apt purge realmd sssd sssd-tools adcli krb5-user packagekit samba-common samba-common-bin samba-libs -y") - self.util.execute("apt autoremove -y") # Read information about AD if self.util.is_exist(self.ad_info_path): @@ -31,11 +27,12 @@ class ExecuteCancelSSSDAdAuthentication: else: self.logger.error("ad_info file not found") - if self.util.is_exist("/etc/sssd"): - # self.util.delete_folder("/etc/sssd") - self.logger.info("SSSD is deleted") + # Leave old domain + (result_code, p_out, p_err) = self.util.execute("realm leave ") + if (result_code == 0): + self.logger.info("Realm Leave komutu başarılı") else: - self.logger.info("SSSD is not exist") + self.logger.error("Realm Leave komutu başarısız : " + str(p_err)) # Re-Configure dhclient.conf deleting AD IP address dhclient_conf_path = "/etc/dhcp/dhclient.conf" @@ -54,6 +51,7 @@ class ExecuteCancelSSSDAdAuthentication: file_dhclient.write(file_data) file_dhclient.close() + # Configure hosts for deleting AD "IP address" and "AD hostname" hosts_conf_path = "/etc/hosts" file_hosts = open(hosts_conf_path, 'r') diff --git a/usr/share/ahenk/base/registration/execute_sssd_ad_authentication.py b/usr/share/ahenk/base/registration/execute_sssd_ad_authentication.py index a54f308..3b43e42 100644 --- a/usr/share/ahenk/base/registration/execute_sssd_ad_authentication.py +++ b/usr/share/ahenk/base/registration/execute_sssd_ad_authentication.py @@ -13,6 +13,21 @@ class ExecuteSSSDAdAuthentication: def authenticate(self, domain_name, host_name, ip_address, password, ad_username): try: + # Installation of required packages + (result_code, p_out, p_err) = self.util.execute( + "sudo apt-get -y install realmd") + if (result_code == 0): + self.logger.info("İndirmeler Başarılı") + else: + self.logger.error("İndirmeler Başarısız : " + str(p_err)) + + # Execute the commands that require for leave + (result_code, p_out, p_err) = self.util.execute("realm leave") + if (result_code == 0): + self.logger.info("Realm Leave komutu başarılı") + else: + self.logger.error("Realm Leave komutu başarısız : " + str(p_err)) + # Create and Configure ad_info file (result_code, p_out, p_err) = self.util.execute("touch /etc/ahenk/ad_info") if (result_code == 0): @@ -102,7 +117,7 @@ class ExecuteSSSDAdAuthentication: self.logger.error("Script başarısız oldu : " + str(p_err)) # Installation of required packages - (result_code, p_out, p_err) = self.util.execute("sudo apt-get -y install realmd sssd sssd-tools adcli packagekit samba-common-bin samba-libs") + (result_code, p_out, p_err) = self.util.execute("sudo apt-get -y install sssd sssd-tools adcli packagekit samba-common-bin samba-libs") if (result_code == 0): self.logger.info("İndirmeler Başarılı") else: diff --git a/usr/share/ahenk/base/registration/registration.py b/usr/share/ahenk/base/registration/registration.py index b857785..b5eef31 100644 --- a/usr/share/ahenk/base/registration/registration.py +++ b/usr/share/ahenk/base/registration/registration.py @@ -50,7 +50,7 @@ class Registration: else: self.register(True) - def registration_request(self, hostname,username,password,directoryserver): + def registration_request(self, hostname,username,password): self.logger.debug('Requesting registration') # SetupTimer.start(Timer(System.Ahenk.registration_timeout(), timeout_function=self.registration_timeout,checker_func=self.is_registered, kwargs=None)) @@ -60,7 +60,7 @@ class Registration: self.host = hostname self.user_name = username self.user_password= password - self.directory_server = directoryserver + # self.directory_server = directoryserver self.showUserNotify = False; if(username is None and password is None and self.host is None ): @@ -79,12 +79,12 @@ class Registration: self.host = user_registration_info[0] self.user_name = user_registration_info[1] self.user_password = user_registration_info[2] - self.directory_server = user_registration_info[3] + # self.directory_server = user_registration_info[3] else: self.user_name = user_registration_info[0] self.user_password = user_registration_info[1] - self.directory_server = user_registration_info[2] + # self.directory_server = user_registration_info[2] #anon_messenger = AnonymousMessenger(self.message_manager.registration_msg(user_name,user_password), self.host,self.servicename) #anon_messenger.connect_to_server() @@ -99,9 +99,10 @@ class Registration: self.messenger.send_Direct_message(self.message_manager.ldap_registration_msg()) def registration_success(self, reg_reply): - try: self.local_user_disable = reg_reply['disableLocalUser'] + self.directory_server = reg_reply['directoryServer'] + if self.local_user_disable is True: self.conf_manager.set('MACHINE', 'user_disabled', 'true') else: @@ -154,19 +155,15 @@ class Registration: new_line = stripped_line.replace("# disable-user-list=true", "disable-user-list=true") new_file_content += new_line + "\n" reading_file.close() - writing_file = open(pardus_gnome_path, "w") writing_file.write(new_file_content) writing_file.close() self.logger.info("gdm.conf has been configured.") - - - # LDAP registration if self.directory_server == "LDAP": self.install_and_config_ldap(reg_reply) # AD registration - else: + elif self.directory_server == "ACTIVE_DIRECTORY": self.install_and_config_ad(reg_reply) except Exception as e: @@ -333,24 +330,26 @@ class Registration: Util.show_message(os.getlogin(),':0',"Lider MYS sistemine ulaşılamadı. Lütfen sunucu adresini kontrol ediniz....","HATA") System.Process.kill_by_pid(int(System.Ahenk.get_pid_number())) - def purge_and_unregister(self): + def purge_and_unregister(self,directory_type): try: - self.logger.info('Ahenk conf cleaned') self.logger.info('Ahenk conf cleaning from db') self.unregister() - - directory_type = "LDAP" - if self.util.is_exist("/etc/ahenk/ad_info"): - directory_type = "AD" - - if directory_type == "LDAP": - self.ldap_login_cancel.cancel() - else: - self.ad_login_cancel.cancel() - + self.logger.info('Ahenk conf cleaned from db') + #directory_type = "LDAP" + #if self.util.is_exist("/etc/ahenk/ad_info"): + # directory_type = "AD" self.logger.info('Cleaning ahenk conf..') self.clean() - self.logger.info('Ahenk conf cleaned from db') + self.logger.info('Ahenk conf cleaned') + + if directory_type == "LDAP": + self.logger.info('Ahenk cleaning LDAP config') + self.ldap_login_cancel.cancel() + self.logger.info('Ahenk cleaned LDAP config') + elif directory_type =="ACTIVE_DIRECTORY": + self.logger.info('Ahenk cleaning ACTIVE_DIRECTORY config') + self.ad_login_cancel.cancel() + self.logger.info('Ahenk cleaned ACTIVE_DIRECTORY config') if self.conf_manager.has_section('MACHINE'): user_disabled = self.conf_manager.get("MACHINE", "user_disabled") @@ -362,12 +361,16 @@ class Registration: self.logger.info('Local users already enabled') # İf desktop env is XFCE configured lightdm.service if self.util.get_desktop_env() == "xfce": + self.logger.info('XFCE conf file deleting') pardus_xfce_path = "/usr/share/lightdm/lightdm.conf.d/99-pardus-xfce.conf" if self.util.is_exist(pardus_xfce_path): self.logger.info("99-pardus-xfce.conf exists. Deleting file.") self.util.delete_file(pardus_xfce_path) + self.logger.info('XFCE conf file deleted') + if self.util.get_desktop_env() == "gnome": + self.logger.info('GNOME conf file deleting') pardus_gnome_path = "/etc/gdm3/greeter.dconf-defaults" if not self.util.is_exist(pardus_gnome_path): self.logger.info("Gnome conf doesn't exist") @@ -386,7 +389,7 @@ class Registration: writing_file.write(new_file_content) writing_file.close() self.logger.info("gdm.conf has been configured.") - + self.logger.info('GNOME conf file deleted') Util.shutdown() except Exception as e: self.logger.error("Error while running purge_and_unregister process.. Error Message " + str(e)) diff --git a/usr/share/ahenk/base/registration/test.py b/usr/share/ahenk/base/registration/test.py deleted file mode 100644 index 52b6e88..0000000 --- a/usr/share/ahenk/base/registration/test.py +++ /dev/null @@ -1,91 +0,0 @@ -#!/usr/bin/python3 -# -*- coding: utf-8 -*- -# Author: Hasan Kara - -from base.scope import Scope -from base.util.util import Util -import re - - -class ExecuteCancelSSSDAuthentication: - def __init__(self): - scope = Scope().get_instance() - self.logger = scope.get_logger() - self.util = Util() - - def cancel(self): - self.util.execute("apt purge libpam-sss sssd-common -y") - self.util.execute("apt autoremove -y") - - if self.util.is_exist("/etc/sssd"): - self.util.delete_folder("/etc/sssd") - - # pattern for clearing file data from spaces, tabs and newlines - pattern = re.compile(r'\s+') - - # Configure nsswitch.conf - file_ns_switch = open("/etc/nsswitch.conf", 'r') - file_data = file_ns_switch.read() - - # cleared file data from spaces, tabs and newlines - text = pattern.sub('', file_data) - - did_configuration_change = False - if "passwd:compatsss" in text: - file_data = file_data.replace("passwd: compat sss", "passwd: compat") - did_configuration_change = True - - if "group:compatsss" in text: - file_data = file_data.replace("group: compat sss", "group: compat") - did_configuration_change = True - - if "shadow:compatsss" in text: - file_data = file_data.replace("shadow: compat sss", "shadow: compat") - did_configuration_change = True - - if "services:dbfilessss" in text: - file_data = file_data.replace("services: db files sss", "services: db files") - did_configuration_change = True - - if "netgroup:nissss" in text: - file_data = file_data.replace("netgroup: nis sss", "netgroup: nis") - did_configuration_change = True - - if "sudoers:filessss" in text: - file_data = file_data.replace("sudoers: files sss", "") - did_configuration_change = True - - if did_configuration_change: - self.logger.info("nsswitch.conf configuration has been configured") - else: - self.logger.info("nsswitch.conf has already been configured") - - file_ns_switch.close() - file_ns_switch = open("/etc/nsswitch.conf", 'w') - file_ns_switch.write(file_data) - file_ns_switch.close() - - common_session_conf_path = "/etc/pam.d/common-session" - - # configure common-session for creating home directories for ldap users - file_common_session = open(common_session_conf_path, 'r') - file_data = file_common_session.read() - - if "session optional pam_mkhomedir.so skel=/etc/skel umask=077" in file_data: - file_data = file_data.replace("session optional pam_mkhomedir.so skel=/etc/skel umask=077", "") - self.logger.info("common-session is configured") - - file_common_session.close() - file_common_session = open(common_session_conf_path, 'w') - file_common_session.write(file_data) - file_common_session.close() - - # Configure lightdm.service - pardus_xfce_path = "/usr/share/lightdm/lightdm.conf.d/99-pardus-xfce.conf" - if self.util.is_exist(pardus_xfce_path): - self.logger.info("99-pardus-xfce.conf exists. Deleting file.") - self.util.delete_file(pardus_xfce_path) - self.util.execute("systemctl restart nscd.service") - - self.logger.info("LDAP Login iptal etme işlemi başarı ile sağlandı.") - From acd0eabd16cdbd95d5d70fb18fe00c2190a6d880 Mon Sep 17 00:00:00 2001 From: =?UTF-8?q?Tuncay=20=C3=87OLAK?= Date: Thu, 23 Jul 2020 14:37:02 +0300 Subject: [PATCH 2/3] Update changelog for 1.1.0-7 release --- debian/changelog | 22 ++++++++++++++++++++++ 1 file changed, 22 insertions(+) diff --git a/debian/changelog b/debian/changelog index a5e37a5..2e289a7 100644 --- a/debian/changelog +++ b/debian/changelog @@ -1,3 +1,25 @@ +ahenk (1.1.0-7) unstable; urgency=medium + + [ Hasan Kara ] + * added extra parameters to login message for updating agent informations + + [ Edip Yıldız ] + * add auto roster accept + + [ Agah Öz ] + * register,unregister and AD swap modified + + [ Hasan Kara ] + * a boolean flag is added if a policy is executed + + [ Edip YILDIZ ] + * directory server disabled and generic + + [ Tuncay ÇOLAK ] + * Syncing /usr/share/ahenk to src and recreating ahenk.install + + -- Tuncay ÇOLAK Thu, 23 Jul 2020 14:36:49 +0300 + ahenk (1.1.0-6) unstable; urgency=medium [ Edip YILDIZ ] From a1e5c057ed5ed9b4b8597a031bf93b34baac8807 Mon Sep 17 00:00:00 2001 From: =?UTF-8?q?Tuncay=20=C3=87OLAK?= Date: Thu, 23 Jul 2020 14:39:04 +0300 Subject: [PATCH 3/3] Update changelog for 1.1.0-8 release --- debian/changelog | 14 ++++++++++++++ 1 file changed, 14 insertions(+) diff --git a/debian/changelog b/debian/changelog index 2e289a7..94de12f 100644 --- a/debian/changelog +++ b/debian/changelog @@ -1,3 +1,17 @@ +ahenk (1.1.0-8) unstable; urgency=medium + + [ Hasan Kara ] + * a boolean flag is added if a policy is executed + + [ Edip YILDIZ ] + * directory server disabled and generic + + [ Tuncay ÇOLAK ] + * Syncing /usr/share/ahenk to src and recreating ahenk.install + * Update changelog for 1.1.0-7 release + + -- Tuncay ÇOLAK Thu, 23 Jul 2020 14:39:02 +0300 + ahenk (1.1.0-7) unstable; urgency=medium [ Hasan Kara ]