# # GPOA - GPO Applier for Linux # # Copyright (C) 2019-2020 BaseALT Ltd. # # This program is free software: you can redistribute it and/or modify # it under the terms of the GNU General Public License as published by # the Free Software Foundation, either version 3 of the License, or # (at your option) any later version. # # This program is distributed in the hope that it will be useful, # but WITHOUT ANY WARRANTY; without even the implied warranty of # MERCHANTABILITY or FITNESS FOR A PARTICULAR PURPOSE. See the # GNU General Public License for more details. # # You should have received a copy of the GNU General Public License # along with this program. If not, see . import logging import pathlib import subprocess from .logging import slogm def get_roles(role_dir): ''' Return list of directories in /etc/role named after role plus '.d' ''' directories = list() try: for item in role_dir.iterdir(): if item.is_dir(): role = str(item.name).rpartition('.') if role[2] == 'd': directories.append(role[0]) except FileNotFoundError as exc: logging.warning(slogm('No role directory present (skipping): {}'.format(exc))) return directories def read_groups(role_file_path): ''' Read list of whitespace-separated groups from file ''' groups = list() with open(role_file_path, 'r') as role_file: lines = role_file.readlines() for line in lines: linegroups = line.strip().split(' ') print(linegroups) groups.extend(linegroups) return set(groups) def get_rolegroups(roledir): ''' Get the list of groups which must be included into role. ''' roledir_path = pathlib.Path(roledir) group_files = list() for item in roledir_path.iterdir(): if item.is_file(): group_files.append(item) groups = list() for item in group_files: groups.extend(read_groups(item)) return set(groups) def create_role(role_name, privilege_list): ''' Create or update role ''' cmd = ['/usr/sbin/roleadd', '--set', role_name ] try: print(privilege_list) cmd.extend(privilege_list) subprocess.check_call(cmd) except Exception as exc: logging.error(slogm('Error creating role \'{}\': {}'.format(role_name, exc))) def fill_roles(): ''' Create the necessary roles ''' alterator_roles_dir = pathlib.Path('/etc/alterator/auth') nss_roles_dir = pathlib.Path('/etc/role.d') roles = get_roles(nss_roles_dir) # Compatibility with 'alterator-auth' module admin_groups = read_groups(pathlib.Path(alterator_roles_dir, 'admin-groups')) user_groups = read_groups(pathlib.Path(alterator_roles_dir, 'user-groups')) create_role('localadmins', admin_groups) create_role('users', user_groups) for rolename in roles: role_path = pathlib.Path(nss_roles_dir, '{}.d'.format(rolename)) rolegroups = get_rolegroups(role_path) create_role(rolename, rolegroups)