mirror of
https://github.com/Pardus-LiderAhenk/ahenk
synced 2025-01-12 22:02:21 +03:00
SSSD config and installation python files are copied under registration
This commit is contained in:
parent
00a9bafc55
commit
f3756af73b
3 changed files with 283 additions and 0 deletions
42
src/base/registration/config-files/sssd.conf
Normal file
42
src/base/registration/config-files/sssd.conf
Normal file
|
@ -0,0 +1,42 @@
|
||||||
|
[sssd]
|
||||||
|
config_file_version = 2
|
||||||
|
services = nss, pam, sudo
|
||||||
|
domains = LDAP
|
||||||
|
|
||||||
|
[nss]
|
||||||
|
|
||||||
|
[sudo]
|
||||||
|
|
||||||
|
[pam]
|
||||||
|
pam_verbosity=2
|
||||||
|
pam_account_locked_message = Hesap Kilitli
|
||||||
|
offline_credentials_expiration = 30
|
||||||
|
|
||||||
|
[domain/LDAP]
|
||||||
|
debug_level = 9
|
||||||
|
id_provider = ldap
|
||||||
|
auth_provider = ldap
|
||||||
|
access_provider = ldap
|
||||||
|
#ldap_access_filter = (employeeType=admin)
|
||||||
|
ldap_access_order = ppolicy
|
||||||
|
pam_verbosity=2
|
||||||
|
###ldap_pwdlockout_dn###
|
||||||
|
ldap_schema = rfc2307
|
||||||
|
###ldap_uri###
|
||||||
|
###ldap_default_bind_dn###
|
||||||
|
###ldap_default_authtok###
|
||||||
|
ldap_default_authtok_type = password
|
||||||
|
###ldap_search_base###
|
||||||
|
###ldap_user_search_base###
|
||||||
|
###ldap_group_search_base###
|
||||||
|
ldap_user_object_class = posixAccount
|
||||||
|
ldap_user_gecos = cn
|
||||||
|
ldap_tls_reqcert = never
|
||||||
|
ldap_auth_disable_tls_never_use_in_production = true
|
||||||
|
override_shell = /bin/bash
|
||||||
|
enumerate = true
|
||||||
|
cache_credentials = true
|
||||||
|
sudo_provider = ldap
|
||||||
|
ldap_sudo_search_base = ou=Roles,dc=liderahenk,dc=org
|
||||||
|
ldap_sudo_full_refresh_interval=86400
|
||||||
|
ldap_sudo_smart_refresh_interval=3600
|
91
src/base/registration/execute_cancel_sssd_authentication.py
Normal file
91
src/base/registration/execute_cancel_sssd_authentication.py
Normal file
|
@ -0,0 +1,91 @@
|
||||||
|
#!/usr/bin/python3
|
||||||
|
# -*- coding: utf-8 -*-
|
||||||
|
# Author: Hasan Kara <h.kara27@gmail.com>
|
||||||
|
|
||||||
|
from base.scope import Scope
|
||||||
|
from base.util.util import Util
|
||||||
|
import re
|
||||||
|
|
||||||
|
|
||||||
|
class ExecuteCancelSSSDAuthentication:
|
||||||
|
def __init__(self):
|
||||||
|
scope = Scope().get_instance()
|
||||||
|
self.logger = scope.get_logger()
|
||||||
|
self.util = Util()
|
||||||
|
|
||||||
|
def cancel(self):
|
||||||
|
self.util.execute("apt purge libpam-sss sssd-common -y")
|
||||||
|
self.util.execute("apt autoremove -y")
|
||||||
|
|
||||||
|
if self.util.is_exist("/etc/sssd"):
|
||||||
|
self.util.delete_folder("/etc/sssd")
|
||||||
|
|
||||||
|
# pattern for clearing file data from spaces, tabs and newlines
|
||||||
|
pattern = re.compile(r'\s+')
|
||||||
|
|
||||||
|
# Configure nsswitch.conf
|
||||||
|
file_ns_switch = open("/etc/nsswitch.conf", 'r')
|
||||||
|
file_data = file_ns_switch.read()
|
||||||
|
|
||||||
|
# cleared file data from spaces, tabs and newlines
|
||||||
|
text = pattern.sub('', file_data)
|
||||||
|
|
||||||
|
did_configuration_change = False
|
||||||
|
if "passwd:compatsss" in text:
|
||||||
|
file_data = file_data.replace("passwd: compat sss", "passwd: compat")
|
||||||
|
did_configuration_change = True
|
||||||
|
|
||||||
|
if "group:compatsss" in text:
|
||||||
|
file_data = file_data.replace("group: compat sss", "group: compat")
|
||||||
|
did_configuration_change = True
|
||||||
|
|
||||||
|
if "shadow:compatsss" in text:
|
||||||
|
file_data = file_data.replace("shadow: compat sss", "shadow: compat")
|
||||||
|
did_configuration_change = True
|
||||||
|
|
||||||
|
if "services:dbfilessss" in text:
|
||||||
|
file_data = file_data.replace("services: db files sss", "services: db files")
|
||||||
|
did_configuration_change = True
|
||||||
|
|
||||||
|
if "netgroup:nissss" in text:
|
||||||
|
file_data = file_data.replace("netgroup: nis sss", "netgroup: nis")
|
||||||
|
did_configuration_change = True
|
||||||
|
|
||||||
|
if "sudoers:filessss" in text:
|
||||||
|
file_data = file_data.replace("sudoers: files sss", "")
|
||||||
|
did_configuration_change = True
|
||||||
|
|
||||||
|
if did_configuration_change:
|
||||||
|
self.logger.info("nsswitch.conf configuration has been configured")
|
||||||
|
else:
|
||||||
|
self.logger.info("nsswitch.conf has already been configured")
|
||||||
|
|
||||||
|
file_ns_switch.close()
|
||||||
|
file_ns_switch = open("/etc/nsswitch.conf", 'w')
|
||||||
|
file_ns_switch.write(file_data)
|
||||||
|
file_ns_switch.close()
|
||||||
|
|
||||||
|
common_session_conf_path = "/etc/pam.d/common-session"
|
||||||
|
|
||||||
|
# configure common-session for creating home directories for ldap users
|
||||||
|
file_common_session = open(common_session_conf_path, 'r')
|
||||||
|
file_data = file_common_session.read()
|
||||||
|
|
||||||
|
if "session optional pam_mkhomedir.so skel=/etc/skel umask=077" in file_data:
|
||||||
|
file_data = file_data.replace("session optional pam_mkhomedir.so skel=/etc/skel umask=077", "")
|
||||||
|
self.logger.info("common-session is configured")
|
||||||
|
|
||||||
|
file_common_session.close()
|
||||||
|
file_common_session = open(common_session_conf_path, 'w')
|
||||||
|
file_common_session.write(file_data)
|
||||||
|
file_common_session.close()
|
||||||
|
|
||||||
|
# Configure lightdm.service
|
||||||
|
pardus_xfce_path = "/usr/share/lightdm/lightdm.conf.d/99-pardus-xfce.conf"
|
||||||
|
if self.util.is_exist(pardus_xfce_path):
|
||||||
|
self.logger.info("99-pardus-xfce.conf exists. Deleting file.")
|
||||||
|
self.util.delete_file(pardus_xfce_path)
|
||||||
|
self.util.execute("systemctl restart nscd.service")
|
||||||
|
|
||||||
|
self.logger.info("LDAP Login iptal etme işlemi başarı ile sağlandı.")
|
||||||
|
|
150
src/base/registration/execute_sssd_authentication.py
Normal file
150
src/base/registration/execute_sssd_authentication.py
Normal file
|
@ -0,0 +1,150 @@
|
||||||
|
#!/usr/bin/python3
|
||||||
|
# -*- coding: utf-8 -*-
|
||||||
|
# Author: Hasan Kara <h.kara27@gmail.com>
|
||||||
|
|
||||||
|
from base.scope import Scope
|
||||||
|
from base.util.util import Util
|
||||||
|
import re
|
||||||
|
|
||||||
|
|
||||||
|
class ExecuteSSSDAuthentication:
|
||||||
|
def __init__(self):
|
||||||
|
scope = Scope().get_instance()
|
||||||
|
self.logger = scope.get_logger()
|
||||||
|
self.util = Util()
|
||||||
|
|
||||||
|
def authenticate(self, server_address, dn, admin_dn, admin_password):
|
||||||
|
try:
|
||||||
|
ldap_pwdlockout_dn = "cn=DefaultPolicy,ou=PasswordPolicies" + "," + dn
|
||||||
|
|
||||||
|
# pattern for clearing file data from spaces, tabs and newlines
|
||||||
|
pattern = re.compile(r'\s+')
|
||||||
|
|
||||||
|
sssd_config_template_path = "/usr/share/ahenk/base/registration/config-files/sssd.conf"
|
||||||
|
sssd_config_folder_path = "/etc/sssd"
|
||||||
|
sssd_config_file_path = "/etc/sssd/sssd.conf"
|
||||||
|
|
||||||
|
common_session_conf_path = "/etc/pam.d/common-session"
|
||||||
|
|
||||||
|
# copy configuration file to /etc/sssd/sssd.conf before package installation
|
||||||
|
# create sssd folder in /etc
|
||||||
|
if not self.util.is_exist(sssd_config_folder_path):
|
||||||
|
self.util.create_directory(sssd_config_folder_path)
|
||||||
|
self.logger.info("{0} folder is created".format(sssd_config_folder_path))
|
||||||
|
|
||||||
|
# Copy sssd.conf template under /etc/sssd
|
||||||
|
self.util.copy_file(sssd_config_template_path, sssd_config_folder_path)
|
||||||
|
self.logger.info("{0} config file is copied under {1}".format(sssd_config_template_path, sssd_config_folder_path))
|
||||||
|
|
||||||
|
# Configure sssd.conf
|
||||||
|
file_sssd = open(sssd_config_file_path, 'r')
|
||||||
|
file_data = file_sssd.read()
|
||||||
|
|
||||||
|
file_data = file_data.replace("###ldap_pwdlockout_dn###", "ldap_pwdlockout_dn = " + ldap_pwdlockout_dn)
|
||||||
|
file_data = file_data.replace("###ldap_uri###", "ldap_uri = " + "ldap://" + server_address + "/")
|
||||||
|
file_data = file_data.replace("###ldap_default_bind_dn###", "ldap_default_bind_dn = " + admin_dn)
|
||||||
|
file_data = file_data.replace("###ldap_default_authtok###", "ldap_default_authtok = " + admin_password)
|
||||||
|
file_data = file_data.replace("###ldap_search_base###", "ldap_search_base = " + dn)
|
||||||
|
file_data = file_data.replace("###ldap_user_search_base###", "ldap_user_search_base = " + dn)
|
||||||
|
file_data = file_data.replace("###ldap_group_search_base###", "ldap_group_search_base = " + dn)
|
||||||
|
|
||||||
|
file_sssd.close()
|
||||||
|
file_sssd = open(sssd_config_file_path, 'w')
|
||||||
|
file_sssd.write(file_data)
|
||||||
|
file_sssd.close()
|
||||||
|
|
||||||
|
# Install libpam-sss sssd-common for sssd authentication
|
||||||
|
(result_code, p_out, p_err) = self.util.execute("sudo apt install libpam-sss sssd-common -y")
|
||||||
|
|
||||||
|
if result_code != 0:
|
||||||
|
self.logger.error("SSSD packages couldn't be downloaded.")
|
||||||
|
return False
|
||||||
|
|
||||||
|
# configure common-session for creating home directories for ldap users
|
||||||
|
file_common_session = open(common_session_conf_path, 'r')
|
||||||
|
file_data = file_common_session.read()
|
||||||
|
|
||||||
|
if "session optional pam_mkhomedir.so skel=/etc/skel umask=077" not in file_data :
|
||||||
|
file_data = file_data + "\n" + "session optional pam_mkhomedir.so skel=/etc/skel umask=077"
|
||||||
|
self.logger.info("common-session is configured")
|
||||||
|
|
||||||
|
file_common_session.close()
|
||||||
|
file_common_session = open(common_session_conf_path, 'w')
|
||||||
|
file_common_session.write(file_data)
|
||||||
|
file_common_session.close()
|
||||||
|
|
||||||
|
# Configure nsswitch.conf
|
||||||
|
file_ns_switch = open("/etc/nsswitch.conf", 'r')
|
||||||
|
file_data = file_ns_switch.read()
|
||||||
|
|
||||||
|
# cleared file data from spaces, tabs and newlines
|
||||||
|
text = pattern.sub('', file_data)
|
||||||
|
|
||||||
|
is_configuration_done_before = False
|
||||||
|
if "passwd:compatsss" not in text:
|
||||||
|
file_data = file_data.replace("passwd: compat", "passwd: compat sss")
|
||||||
|
is_configuration_done_before = True
|
||||||
|
|
||||||
|
if "group:compatsss" not in text:
|
||||||
|
file_data = file_data.replace("group: compat", "group: compat sss")
|
||||||
|
is_configuration_done_before = True
|
||||||
|
|
||||||
|
if "shadow:compatsss" not in text:
|
||||||
|
file_data = file_data.replace("shadow: compat", "shadow: compat sss")
|
||||||
|
is_configuration_done_before = True
|
||||||
|
|
||||||
|
if "services:dbfilessss" not in text:
|
||||||
|
file_data = file_data.replace("services: db files", "services: db files sss")
|
||||||
|
is_configuration_done_before = True
|
||||||
|
|
||||||
|
if "netgroup:nissss" not in text:
|
||||||
|
file_data = file_data.replace("netgroup: nis", "netgroup: nis sss")
|
||||||
|
is_configuration_done_before = True
|
||||||
|
|
||||||
|
if "sudoers:filessss" not in text:
|
||||||
|
file_data = file_data.replace("sudoers: files", "sudoers: files sss")
|
||||||
|
is_configuration_done_before = True
|
||||||
|
|
||||||
|
if is_configuration_done_before:
|
||||||
|
self.logger.info("nsswitch.conf configuration has been completed")
|
||||||
|
else:
|
||||||
|
self.logger.info("nsswitch.conf is already configured")
|
||||||
|
|
||||||
|
file_ns_switch.close()
|
||||||
|
file_ns_switch = open("/etc/nsswitch.conf", 'w')
|
||||||
|
file_ns_switch.write(file_data)
|
||||||
|
file_ns_switch.close()
|
||||||
|
|
||||||
|
# Configure lightdm.service
|
||||||
|
# check if 99-pardus-xfce.conf exists if not create
|
||||||
|
pardus_xfce_path = "/usr/share/lightdm/lightdm.conf.d/99-pardus-xfce.conf"
|
||||||
|
if not self.util.is_exist(pardus_xfce_path):
|
||||||
|
self.logger.info("99-pardus-xfce.conf does not exist.")
|
||||||
|
self.util.create_file(pardus_xfce_path)
|
||||||
|
|
||||||
|
file_lightdm = open(pardus_xfce_path, 'a')
|
||||||
|
file_lightdm.write("[Seat:*]\n")
|
||||||
|
file_lightdm.write("greeter-hide-users=true")
|
||||||
|
file_lightdm.close()
|
||||||
|
self.logger.info("lightdm has been configured.")
|
||||||
|
else:
|
||||||
|
self.logger.info("99-pardus-xfce.conf exists. Delete file and create new one.")
|
||||||
|
self.util.delete_file(pardus_xfce_path)
|
||||||
|
self.util.create_file(pardus_xfce_path)
|
||||||
|
|
||||||
|
file_lightdm = open(pardus_xfce_path, 'a')
|
||||||
|
file_lightdm.write("[Seat:*]")
|
||||||
|
file_lightdm.write("greeter-hide-users=true")
|
||||||
|
file_lightdm.close()
|
||||||
|
self.logger.info("lightdm.conf has been configured.")
|
||||||
|
|
||||||
|
self.util.execute("systemctl restart nscd.service")
|
||||||
|
self.util.execute("pam-auth-update --force")
|
||||||
|
self.logger.info("LDAP Login operation has been completed.")
|
||||||
|
|
||||||
|
self.logger.info("LDAP Login işlemi başarı ile sağlandı.")
|
||||||
|
return True
|
||||||
|
except Exception as e:
|
||||||
|
self.logger.error(str(e))
|
||||||
|
self.logger.info("LDAP Login işlemi esnasında hata oluştu.")
|
||||||
|
return False
|
Loading…
Reference in a new issue