mirror of
https://github.com/Pardus-LiderAhenk/ahenk
synced 2024-12-23 16:52:25 +03:00
257 lines
13 KiB
Python
257 lines
13 KiB
Python
#!/usr/bin/env python3
|
|
# -*- coding: utf-8 -*-
|
|
# Author: Volkan Şahin <volkansah.in> <bm.volkansahin@gmail.com>
|
|
|
|
import json
|
|
import time
|
|
from multiprocessing import Process
|
|
|
|
from base.agreement.agreement import Agreement
|
|
from base.command.command_manager import Commander
|
|
from base.scope import Scope
|
|
from base.system.system import System
|
|
from base.timer.setup_timer import SetupTimer
|
|
from base.timer.timer import Timer
|
|
from base.util.util import Util
|
|
from base.default_policy.default_policy import DefaultPolicy
|
|
|
|
|
|
class CommandRunner(object):
|
|
def __init__(self):
|
|
scope = Scope().get_instance()
|
|
self.logger = scope.get_logger()
|
|
self.plugin_manager = scope.get_plugin_manager()
|
|
self.message_manager = scope.get_message_manager()
|
|
self.messenger = scope.get_messenger()
|
|
self.conf_manager = scope.get_configuration_manager()
|
|
self.db_service = scope.get_db_service()
|
|
self.execute_manager = scope.get_execution_manager()
|
|
self.default_policy = DefaultPolicy()
|
|
|
|
def check_last_login(self):
|
|
last_login_tmstmp = self.db_service.select_one_result('session', 'timestamp')
|
|
if not last_login_tmstmp:
|
|
return True
|
|
|
|
if (int(time.time()) - int(last_login_tmstmp)) < 10:
|
|
return False
|
|
else:
|
|
return True
|
|
|
|
def delete_polkit_user(self):
|
|
content = "[Configuration] \nAdminIdentities=unix-user:root"
|
|
ahenk_policy_file = "/etc/polkit-1/localauthority.conf.d/99-ahenk-policy.conf"
|
|
if not Util.is_exist(ahenk_policy_file):
|
|
self.logger.info('Ahenk polkit file not found')
|
|
else:
|
|
Util.delete_file(ahenk_policy_file)
|
|
self.logger.info("Delete polkit file")
|
|
# Util.write_file(ahenk_policy_file, content)
|
|
# self.logger.info('Root added ahenk polkit file')
|
|
|
|
def run_command_from_fifo(self, num, stack):
|
|
""" docstring"""
|
|
|
|
while True:
|
|
try:
|
|
event = Commander().get_event()
|
|
if event is None:
|
|
break
|
|
json_data = json.loads(event)
|
|
self.logger.info(event)
|
|
|
|
except Exception as e:
|
|
self.logger.error(
|
|
'A problem occurred while loading json. Check json format! Error Message: {0}.'
|
|
' Event = {1}'.format(str(e), str(event)))
|
|
return
|
|
|
|
if json_data is not None:
|
|
self.logger.debug('Signal handled')
|
|
self.logger.debug('Signal is :{0}'.format(str(json_data['event'])))
|
|
|
|
if str(json_data['event']) == 'login' and self.check_last_login():
|
|
username = json_data['username']
|
|
display = json_data['display']
|
|
desktop = json_data['desktop']
|
|
|
|
ip = None
|
|
if 'ip' in json_data:
|
|
ip = json_data['ip']
|
|
|
|
domain = None
|
|
if 'domain' in json_data:
|
|
domain = json_data['domain']
|
|
|
|
self.logger.info('login event is handled for user: {0}'.format(username))
|
|
self.logger.info('login parameters of login user, username: {0}, display: {1}, desktop: {2}, domain: {3}'.format(username, display, desktop, domain))
|
|
|
|
Util.execute("systemctl restart sssd.service")
|
|
login_message = self.message_manager.login_msg(username,ip)
|
|
self.messenger.send_direct_message(login_message)
|
|
agreement = Agreement()
|
|
agreement_choice = None
|
|
|
|
if agreement.check_agreement(username) is not True and System.Ahenk.agreement() == '1':
|
|
self.logger.debug('User {0} has not accepted agreement.'.format(username))
|
|
thread_ask = Process(target=agreement.ask, args=(username, display,))
|
|
thread_ask.start()
|
|
agreement_timeout = self.conf_manager.get('SESSION', 'agreement_timeout')
|
|
timeout = int(agreement_timeout) # sec
|
|
timer = time.time()
|
|
while 1:
|
|
if thread_ask.is_alive() is False:
|
|
self.logger.warning('{0} was answered the question '.format(username))
|
|
if Agreement().check_agreement(username) is True:
|
|
self.logger.warning('Choice of {0} is YES'.format(username))
|
|
agreement_choice = True
|
|
break
|
|
elif Agreement().check_agreement(username) is False:
|
|
self.logger.warning('Choice of {0} is NO'.format(username))
|
|
agreement_choice = False
|
|
Util.close_session(username)
|
|
break
|
|
|
|
if (time.time() - timer) > timeout:
|
|
if thread_ask.is_alive():
|
|
thread_ask.terminate()
|
|
Util.close_session(username)
|
|
self.logger.warning(
|
|
'Session of {0} was ended because of timeout of contract agreement'.format(
|
|
username))
|
|
break
|
|
time.sleep(1)
|
|
|
|
if agreement_choice is not None:
|
|
self.messenger.send_direct_message(
|
|
self.message_manager.agreement_answer_msg(username, agreement_choice))
|
|
else:
|
|
agreement_choice = True
|
|
|
|
if agreement_choice is True or System.Ahenk.agreement() != '1':
|
|
self.db_service.delete('session', '1=1')
|
|
self.logger.info('Display is {0}, desktop env is {1} for {2}'.format(display, desktop, username))
|
|
session_columns = self.db_service.get_cols('session')
|
|
# ['username', 'display', 'desktop', 'timestamp', 'ip', 'domain']
|
|
self.db_service.update('session', session_columns,
|
|
[username, display, desktop, str(int(time.time())), ip, domain])
|
|
|
|
# Default policy for users --->> START
|
|
self.logger.info("Applying default policies for user {0}".format(Util.get_username()))
|
|
self.default_policy.default_firefox_policy(Util.get_username())
|
|
self.default_policy.disable_update_package_notify(Util.get_username())
|
|
# Default policy for users --->> STOP
|
|
|
|
get_policy_message = self.message_manager.policy_request_msg(username)
|
|
self.plugin_manager.process_mode('safe', username)
|
|
self.plugin_manager.process_mode('login', username)
|
|
|
|
kward = dict()
|
|
kward['timeout_args'] = username
|
|
kward['checker_args'] = username
|
|
|
|
SetupTimer.start(Timer(timeout=System.Ahenk.get_policy_timeout(),
|
|
timeout_function=self.execute_manager.execute_default_policy,
|
|
checker_func=self.execute_manager.is_policy_executed, kwargs=kward))
|
|
|
|
self.logger.info('Requesting updated policies from Lider. If Ahenk could not reach updated '
|
|
'policies in {0} sec, booked policies will be executed'.format(
|
|
System.Ahenk.get_policy_timeout()))
|
|
self.messenger.send_direct_message(get_policy_message)
|
|
|
|
elif str(json_data['event']) == 'logout':
|
|
username = json_data['username']
|
|
self.execute_manager.remove_user_executed_policy_dict(username)
|
|
self.plugin_manager.process_mode('logout', username)
|
|
self.plugin_manager.process_mode('safe', username)
|
|
self.db_service.delete('session', '1=1')
|
|
# TODO delete all user records while initializing
|
|
self.logger.info('logout event is handled for user: {0}'.format(username))
|
|
ip = None
|
|
if 'ip' in json_data:
|
|
ip = json_data['ip']
|
|
|
|
logout_message = self.message_manager.logout_msg(username,ip)
|
|
self.messenger.send_direct_message(logout_message)
|
|
self.logger.info('Ahenk polkit file deleting..')
|
|
self.delete_polkit_user()
|
|
# self.db_service.delete('session', 'username=\'{0}\''.format(username))
|
|
|
|
elif str(json_data['event']) == 'send':
|
|
self.logger.info('Sending message over ahenkd command. Response Message: {0}'.format(
|
|
json.dumps(json_data['message'])))
|
|
message = json.dumps(json_data['message'])
|
|
self.messenger.send_direct_message(message)
|
|
|
|
elif str(json_data['event']) == 'unregister' and len(json_data)==1:
|
|
self.logger.info('Unregistering..')
|
|
self.execute_manager.set_unregister_credential_params(None, None)
|
|
unregister_message = self.message_manager.unregister_msg(None,None)
|
|
if unregister_message is not None:
|
|
self.messenger.send_direct_message(unregister_message)
|
|
|
|
elif str(json_data['event']) == 'unregister' and len(json_data)==3:
|
|
self.logger.info('Unregistering..')
|
|
usernameForCheck = json_data['userName']
|
|
passwordForCheck = json_data['password']
|
|
## send user credential info to execution manager for hide user notify when remote unregister
|
|
self.execute_manager.set_unregister_credential_params(usernameForCheck,usernameForCheck)
|
|
self.logger.info('Unregistering by username+'+str(usernameForCheck))
|
|
unregister_message = self.message_manager.unregister_msg(usernameForCheck,passwordForCheck)
|
|
if unregister_message is not None:
|
|
self.messenger.send_direct_message(unregister_message)
|
|
|
|
elif str(json_data['event']) == 'load':
|
|
plugin_name = str(json_data['plugins'])
|
|
|
|
if plugin_name == 'all':
|
|
self.logger.debug('All plugins are loading to ahenk')
|
|
self.plugin_manager.load_plugins()
|
|
else:
|
|
for p_name in plugin_name.split(','):
|
|
self.logger.debug('{0} plugin is loading to ahenk'.format(p_name))
|
|
self.plugin_manager.load_single_plugin(p_name)
|
|
|
|
elif str(json_data['event']) == 'reload':
|
|
plugin_name = str(json_data['plugins'])
|
|
|
|
if plugin_name == 'all':
|
|
self.logger.debug('All plugins are reloading to ahenk')
|
|
self.plugin_manager.reload_plugins()
|
|
else:
|
|
for p_name in plugin_name.split(','):
|
|
self.logger.debug('{0} plugin is reloading to ahenk'.format(p_name))
|
|
self.plugin_manager.reload_single_plugin(p_name)
|
|
|
|
elif str(json_data['event']) == 'remove':
|
|
plugin_name = str(json_data['plugins'])
|
|
|
|
if plugin_name == 'all':
|
|
self.logger.debug('All plugins are removing from ahenk')
|
|
self.plugin_manager.remove_plugins()
|
|
else:
|
|
for p_name in plugin_name.split(','):
|
|
self.logger.debug('{0} plugin is removing from ahenk'.format(p_name))
|
|
self.plugin_manager.remove_single_plugin(p_name)
|
|
|
|
elif str(json_data['event']) == 'stop':
|
|
self.plugin_manager.process_mode('shutdown')
|
|
self.logger.info('Shutdown mode activated.')
|
|
|
|
# TODO timeout
|
|
while self.running_plugin() is False:
|
|
self.logger.debug('Waiting for progress of plugins...')
|
|
time.sleep(0.5)
|
|
|
|
Util.delete_file(System.Ahenk.fifo_file())
|
|
Scope().get_instance().get_custom_param('ahenk_daemon').stop()
|
|
else:
|
|
self.logger.error('Unknown command error. Command:' + json_data['event'])
|
|
self.logger.debug('Processing of handled event is completed')
|
|
|
|
def running_plugin(self):
|
|
""" docstring"""
|
|
for plugin in self.plugin_manager.plugins:
|
|
if plugin.keep_run is True:
|
|
return False
|
|
return True
|