Ahenk/usr/share/ahenk/base/registration/execute_sssd_authentication.py

#!/usr/bin/python3
# -*- coding: utf-8 -*-
# Author: Hasan Kara <h.kara27@gmail.com>

from base.scope import Scope
from base.util.util import Util
import re


class ExecuteSSSDAuthentication:
    def __init__(self):
        scope = Scope().get_instance()
        self.logger = scope.get_logger()
        self.util = Util()

    def authenticate(self, server_address, dn, admin_dn, admin_password):
        try:
            ldap_pwdlockout_dn = "cn=DefaultPolicy,ou=PasswordPolicies" + "," + dn

            # pattern for clearing file data from spaces, tabs and newlines
            pattern = re.compile(r'\s+')

            sssd_config_template_path = "/usr/share/ahenk/base/registration/config-files/sssd.conf"
            sssd_config_folder_path = "/etc/sssd"
            sssd_config_file_path = "/etc/sssd/sssd.conf"

            common_session_conf_path = "/etc/pam.d/common-session"

            # copy configuration file to /etc/sssd/sssd.conf before package installation
            # create sssd folder in /etc
            if not self.util.is_exist(sssd_config_folder_path):
                self.util.create_directory(sssd_config_folder_path)
                self.logger.info("{0} folder is created".format(sssd_config_folder_path))

            # Copy sssd.conf template under /etc/sssd
            self.util.copy_file(sssd_config_template_path, sssd_config_folder_path)
            self.logger.info("{0} config file is copied under {1}".format(sssd_config_template_path, sssd_config_folder_path))

            # Configure sssd.conf
            file_sssd = open(sssd_config_file_path, 'r')
            file_data = file_sssd.read()

            file_data = file_data.replace("###ldap_pwdlockout_dn###", "ldap_pwdlockout_dn = " + ldap_pwdlockout_dn)
            file_data = file_data.replace("###ldap_uri###", "ldap_uri = " + "ldap://" + server_address + "/")
            file_data = file_data.replace("###ldap_default_bind_dn###", "ldap_default_bind_dn = " + admin_dn)
            file_data = file_data.replace("###ldap_default_authtok###", "ldap_default_authtok = " + admin_password)
            file_data = file_data.replace("###ldap_search_base###", "ldap_search_base = " + dn)
            file_data = file_data.replace("###ldap_user_search_base###", "ldap_user_search_base = " + dn)
            file_data = file_data.replace("###ldap_group_search_base###", "ldap_group_search_base = " + dn)

            file_sssd.close()
            file_sssd = open(sssd_config_file_path, 'w')
            file_sssd.write(file_data)
            file_sssd.close()

            # Install libpam-sss sssd-common for sssd authentication
            (result_code, p_out, p_err) = self.util.execute("sudo apt install libpam-sss sssd-common -y")

            if result_code != 0:
                self.logger.error("SSSD packages couldn't be downloaded.")
                return False

            # configure common-session for creating home directories for ldap users
            file_common_session = open(common_session_conf_path, 'r')
            file_data = file_common_session.read()

            if "session optional pam_mkhomedir.so skel=/etc/skel umask=077" not in file_data :
                file_data = file_data + "\n" + "session optional pam_mkhomedir.so skel=/etc/skel umask=077"
                self.logger.info("common-session is configured")

            file_common_session.close()
            file_common_session = open(common_session_conf_path, 'w')
            file_common_session.write(file_data)
            file_common_session.close()

            # Configure nsswitch.conf
            file_ns_switch = open("/etc/nsswitch.conf", 'r')
            file_data = file_ns_switch.read()

            # cleared file data from spaces, tabs and newlines
            text = pattern.sub('', file_data)

            is_configuration_done_before = False
            if "passwd:compatsss" not in text:
                file_data = file_data.replace("passwd:         compat", "passwd:         compat sss")
                is_configuration_done_before = True

            if "group:compatsss" not in text:
                file_data = file_data.replace("group:          compat", "group:          compat sss")
                is_configuration_done_before = True

            if "shadow:compatsss" not in text:
                file_data = file_data.replace("shadow:         compat", "shadow:         compat sss")
                is_configuration_done_before = True

            if "services:dbfilessss" not in text:
                file_data = file_data.replace("services:       db files", "services:       db files sss")
                is_configuration_done_before = True

            if "netgroup:nissss" not in text:
                file_data = file_data.replace("netgroup:       nis", "netgroup:       nis sss")
                is_configuration_done_before = True

            if "sudoers:filessss" not in text:
                file_data = file_data.replace("sudoers:        files", "sudoers:        files sss")
                is_configuration_done_before = True

            if is_configuration_done_before:
                self.logger.info("nsswitch.conf configuration has been completed")
            else:
                self.logger.info("nsswitch.conf is already configured")

            file_ns_switch.close()
            file_ns_switch = open("/etc/nsswitch.conf", 'w')
            file_ns_switch.write(file_data)
            file_ns_switch.close()

            # Configure lightdm.service
            # check if 99-pardus-xfce.conf exists if not create
            pardus_xfce_path = "/usr/share/lightdm/lightdm.conf.d/99-pardus-xfce.conf"
            if not self.util.is_exist(pardus_xfce_path):
                self.logger.info("99-pardus-xfce.conf does not exist.")
                self.util.create_file(pardus_xfce_path)

                file_lightdm = open(pardus_xfce_path, 'a')
                file_lightdm.write("[Seat:*]\n")
                file_lightdm.write("greeter-hide-users=true")
                file_lightdm.close()
                self.logger.info("lightdm has been configured.")
            else:
                self.logger.info("99-pardus-xfce.conf exists. Delete file and create new one.")
                self.util.delete_file(pardus_xfce_path)
                self.util.create_file(pardus_xfce_path)

                file_lightdm = open(pardus_xfce_path, 'a')
                file_lightdm.write("[Seat:*]")
                file_lightdm.write("greeter-hide-users=true")
                file_lightdm.close()
                self.logger.info("lightdm.conf has been configured.")

            self.util.execute("systemctl restart nscd.service")
            self.util.execute("pam-auth-update --force")
            self.logger.info("LDAP Login operation has been completed.")

            self.logger.info("LDAP Login işlemi başarı ile sağlandı.")
            return True
        except Exception as e:
            self.logger.error(str(e))
            self.logger.info("LDAP Login işlemi esnasında hata oluştu.")
            return False