mirror of
https://github.com/altlinux/gpupdate.git
synced 2025-03-10 04:58:46 +03:00
115 lines
3.1 KiB
Python
115 lines
3.1 KiB
Python
#
|
|
# GPOA - GPO Applier for Linux
|
|
#
|
|
# Copyright (C) 2019-2020 BaseALT Ltd.
|
|
#
|
|
# This program is free software: you can redistribute it and/or modify
|
|
# it under the terms of the GNU General Public License as published by
|
|
# the Free Software Foundation, either version 3 of the License, or
|
|
# (at your option) any later version.
|
|
#
|
|
# This program is distributed in the hope that it will be useful,
|
|
# but WITHOUT ANY WARRANTY; without even the implied warranty of
|
|
# MERCHANTABILITY or FITNESS FOR A PARTICULAR PURPOSE. See the
|
|
# GNU General Public License for more details.
|
|
#
|
|
# You should have received a copy of the GNU General Public License
|
|
# along with this program. If not, see <http://www.gnu.org/licenses/>.
|
|
|
|
|
|
import logging
|
|
import pathlib
|
|
import subprocess
|
|
|
|
from .logging import slogm
|
|
|
|
|
|
def get_roles(role_dir):
|
|
'''
|
|
Return list of directories in /etc/role named after role plus '.d'
|
|
'''
|
|
directories = list()
|
|
try:
|
|
for item in role_dir.iterdir():
|
|
if item.is_dir():
|
|
role = str(item.name).rpartition('.')
|
|
if role[2] == 'd':
|
|
directories.append(role[0])
|
|
except FileNotFoundError as exc:
|
|
logging.warning(slogm('No role directory present (skipping): {}'.format(exc)))
|
|
|
|
return directories
|
|
|
|
|
|
def read_groups(role_file_path):
|
|
'''
|
|
Read list of whitespace-separated groups from file
|
|
'''
|
|
groups = list()
|
|
|
|
with open(role_file_path, 'r') as role_file:
|
|
lines = role_file.readlines()
|
|
for line in lines:
|
|
linegroups = line.strip().split(' ')
|
|
print(linegroups)
|
|
groups.extend(linegroups)
|
|
|
|
return set(groups)
|
|
|
|
|
|
def get_rolegroups(roledir):
|
|
'''
|
|
Get the list of groups which must be included into role.
|
|
'''
|
|
roledir_path = pathlib.Path(roledir)
|
|
|
|
group_files = list()
|
|
for item in roledir_path.iterdir():
|
|
if item.is_file():
|
|
group_files.append(item)
|
|
|
|
groups = list()
|
|
for item in group_files:
|
|
groups.extend(read_groups(item))
|
|
|
|
return set(groups)
|
|
|
|
def create_role(role_name, privilege_list):
|
|
'''
|
|
Create or update role
|
|
'''
|
|
cmd = ['/usr/sbin/roleadd',
|
|
'--set',
|
|
role_name
|
|
]
|
|
try:
|
|
print(privilege_list)
|
|
cmd.extend(privilege_list)
|
|
subprocess.check_call(cmd)
|
|
except Exception as exc:
|
|
logging.error(slogm('Error creating role \'{}\': {}'.format(role_name, exc)))
|
|
|
|
def fill_roles():
|
|
'''
|
|
Create the necessary roles
|
|
'''
|
|
alterator_roles_dir = pathlib.Path('/etc/alterator/auth')
|
|
nss_roles_dir = pathlib.Path('/etc/role.d')
|
|
|
|
roles = get_roles(nss_roles_dir)
|
|
|
|
# Compatibility with 'alterator-auth' module
|
|
admin_groups = read_groups(pathlib.Path(alterator_roles_dir, 'admin-groups'))
|
|
user_groups = read_groups(pathlib.Path(alterator_roles_dir, 'user-groups'))
|
|
|
|
create_role('localadmins', admin_groups)
|
|
create_role('users', user_groups)
|
|
|
|
for rolename in roles:
|
|
role_path = pathlib.Path(nss_roles_dir, '{}.d'.format(rolename))
|
|
|
|
rolegroups = get_rolegroups(role_path)
|
|
|
|
create_role(rolename, rolegroups)
|
|
|