2020-01-22 15:29:55 +04:00
#
2020-02-11 15:23:09 +04:00
# GPOA - GPO Applier for Linux
#
2020-01-22 15:29:55 +04:00
# Copyright (C) 2019-2020 BaseALT Ltd.
#
2020-02-11 15:23:09 +04:00
# This program is free software: you can redistribute it and/or modify
2020-01-22 15:29:55 +04:00
# it under the terms of the GNU General Public License as published by
2020-02-11 15:23:09 +04:00
# the Free Software Foundation, either version 3 of the License, or
2020-01-22 15:29:55 +04:00
# (at your option) any later version.
#
# This program is distributed in the hope that it will be useful,
# but WITHOUT ANY WARRANTY; without even the implied warranty of
# MERCHANTABILITY or FITNESS FOR A PARTICULAR PURPOSE. See the
# GNU General Public License for more details.
#
2020-02-11 15:23:09 +04:00
# You should have received a copy of the GNU General Public License
# along with this program. If not, see <http://www.gnu.org/licenses/>.
2020-01-22 15:29:55 +04:00
2020-01-22 19:00:24 +04:00
import logging
2020-01-22 15:29:55 +04:00
import pathlib
import subprocess
2020-01-22 19:00:24 +04:00
from . logging import slogm
def get_roles ( role_dir ) :
2020-01-22 15:29:55 +04:00
'''
Return list of directories in / etc / role named after role plus ' .d '
'''
directories = list ( )
2020-01-22 19:00:24 +04:00
try :
for item in role_dir . iterdir ( ) :
if item . is_dir ( ) :
role = str ( item . name ) . rpartition ( ' . ' )
if role [ 2 ] == ' d ' :
directories . append ( role [ 0 ] )
except FileNotFoundError as exc :
logging . warning ( slogm ( ' No role directory present (skipping): {} ' . format ( exc ) ) )
2020-01-22 15:29:55 +04:00
return directories
def read_groups ( role_file_path ) :
'''
Read list of whitespace - separated groups from file
'''
groups = list ( )
with open ( role_file_path , ' r ' ) as role_file :
2020-01-22 19:00:24 +04:00
lines = role_file . readlines ( )
for line in lines :
linegroups = line . strip ( ) . split ( ' ' )
print ( linegroups )
2020-01-22 15:29:55 +04:00
groups . extend ( linegroups )
return set ( groups )
def get_rolegroups ( roledir ) :
'''
Get the list of groups which must be included into role .
'''
roledir_path = pathlib . Path ( roledir )
group_files = list ( )
for item in roledir_path . iterdir ( ) :
if item . is_file ( ) :
group_files . append ( item )
groups = list ( )
for item in group_files :
groups . extend ( read_groups ( item ) )
return set ( groups )
def create_role ( role_name , privilege_list ) :
'''
Create or update role
'''
2020-01-22 19:00:24 +04:00
cmd = [ ' /usr/sbin/roleadd ' ,
2020-01-22 15:29:55 +04:00
' --set ' ,
2020-01-22 19:00:24 +04:00
role_name
]
try :
print ( privilege_list )
cmd . extend ( privilege_list )
subprocess . check_call ( cmd )
except Exception as exc :
logging . error ( slogm ( ' Error creating role \' {} \' : {} ' . format ( role_name , exc ) ) )
2020-01-22 15:29:55 +04:00
def fill_roles ( ) :
'''
Create the necessary roles
'''
alterator_roles_dir = pathlib . Path ( ' /etc/alterator/auth ' )
2020-01-22 19:00:24 +04:00
nss_roles_dir = pathlib . Path ( ' /etc/role.d ' )
roles = get_roles ( nss_roles_dir )
2020-01-22 15:29:55 +04:00
# Compatibility with 'alterator-auth' module
2020-01-22 19:00:24 +04:00
admin_groups = read_groups ( pathlib . Path ( alterator_roles_dir , ' admin-groups ' ) )
user_groups = read_groups ( pathlib . Path ( alterator_roles_dir , ' user-groups ' ) )
2020-01-22 15:29:55 +04:00
2020-01-22 19:00:24 +04:00
create_role ( ' localadmins ' , admin_groups )
create_role ( ' users ' , user_groups )
2020-01-22 15:29:55 +04:00
for rolename in roles :
2020-01-22 19:00:24 +04:00
role_path = pathlib . Path ( nss_roles_dir , ' {} .d ' . format ( rolename ) )
2020-01-22 15:29:55 +04:00
rolegroups = get_rolegroups ( role_path )
create_role ( rolename , rolegroups )