3 *e)V@sddlZddlZddlZddlZddlZddlmZddlmZddl m Z ejZ ddZ GdddZ Gd d d ZGd d d ZGd ddZGdddZddZedkredS)N)Options)EnvironmentFile) ConfigSnippetcOst|dtji|dS)Nfile)printsysstderr)argskwargsr /usr/lib/python3.6/authcompat.pyeprint%sr c@s"eZdZdZdddZddZdS) CommandFNTcCs2|g||_|dk r|jnd|_||_d|_dS)N)r encodeinputcheckresult)selfcommandr rrr r r __init__,s zCommand.__init__cCsFttddj|j|jr"dStj|j|j|jtj tj d|_ dS)Nz Executing: %s )rrstdoutr) r_joinr TEST subprocessrunrrPIPEr)rr r r r2s z Command.run)NT)__name__ __module__ __qualname__rrrr r r r r)s rc@s>eZdZddZddZddZddZdd d Zd d ZdS)ServicecCs|d|_dS)Nz.service)name)rr"r r r r?szService.__init__cCsy |jWn|tjk r}z^|rB|j|krBttd|jn6|j|krxttddj|j|jft|j j WYdd}~XnXdS)Nz5Service %s was not found. Please install the service.z$Command [%s] failed with %d, stderr:r) rrCalledProcessError returncoder rr"rcmdrdecode)rrrequiredZ enoent_coderr r r runsystemdBs   zService.runsystemdcCs(ttjdd|jg}|j|dddS)Nz cmd-systemctlenableT)rPathSystemr"r()rr%r r r r)NszService.enablecCs(ttjdd|jg}|j|dddS)Nz cmd-systemctldisableFr*)rr+r,r"r()rr%r r r r-RszService.disableTcCs4|r |jttjdd|jg}|j|dddS)Nz cmd-systemctlstartT)stoprr+r,r"r()rRestartr%r r r r.Vsz Service.startcCs(ttjdd|jg}|j|dddS)Nz cmd-systemctlr0Fr/)rr+r,r"r()rr%r r r r0\sz Service.stopN)T) rrr rr(r)r-r.r0r r r r r!>s   r!c @sbeZdZejjejjeZe edZ dddddddd d d d d d Z e ddZ e ddZdS)r+z/authcompat_pathsz/etc/openldap/ldap.confz$/etc/krb5.conf.d/authconfig-krb.confz%/etc/sssd/conf.d/authconfig-sssd.confz/etc/sysconfig/authconfigz/etc/sysconfig/networkz;/etc/security/pwquality.conf.d/10-authconfig-pwquality.confz /etc/yp.confz/usr/bin/systemctlz/usr/bin/authselectz/usr/sbin/realmz/usr/bin/domainnamez/usr/sbin/setsebool) z ldap.confz krb5.confz sssd.conf authconfignetworkzpwquality.confzyp.confz cmd-systemctlzcmd-authselectz cmd-realmzcmd-domainnamez cmd-setseboolcCsdtj|fS)Nz%s/%s)r+LocalDir)relpathr r r Localtsz Path.LocalcCs tj|S)N)r+Files)r"r r r r,xsz Path.SystemN)rrr ospathdirnamerealpath__file__r4rZConfigr7 staticmethodr6r,r r r r r+as   r+c@seZdZGdddeZGdddeZGdddeZGdddeZGd d d eZGd d d eZ Gd ddeZ GdddeZ GdddeZ dS) Configurationc@sxeZdZdddZddZddZdd Zd d Zd d ZddZ ddZ ddZ ddZ ddZ dddZddZdS)zConfiguration.BaseNcCs"||_d|_|dk rt||_dS)N)optionsservicer!)rr? ServiceNamer r r rszConfiguration.Base.__init__cCsdS)NTr )rr r r isEnabledszConfiguration.Base.isEnabledcCs |j S)N)rB)rr r r isDisabledszConfiguration.Base.isDisabledcCs*|jdkrdS|jj|s&|jjdS)N)r@r)r.)rnostartr r r enableServices   z Configuration.Base.enableServicecCs*|jdkrdS|jj|s&|jjdS)N)r@r-r0)rnostopr r r disableServices   z!Configuration.Base.disableServicecCsdS)Nr )rr r r cleanupszConfiguration.Base.cleanupcCsdS)Nr )rr r r writeszConfiguration.Base.writecCs |jj|S)N)r?get)rr"r r r rJszConfiguration.Base.getcCs |jj|S)N)r?isset)rr"r r r rKszConfiguration.Base.issetcCs |jj|S)N)r? getTrueOrNone)rr"r r r rLsz Configuration.Base.getTrueOrNonecCs |jj|S)N)r?getBool)rr"r r r rMszConfiguration.Base.getBoolFcCs*|r|j| rdS|j|}|r&|S|S)N)rKrM)rr"Zif_trueZif_false AllowNonevaluer r r getBoolAsValues  z!Configuration.Base.getBoolAsValuec CsHttd||jjdr dSytj|Wntk rBdSXdS)NzRemoving file: %sz test-call)rrr?rMr8removeFileNotFoundError)rfilenamer r r removeFiles zConfiguration.Base.removeFile)N)F)rrr rrBrCrErGrHrIrJrKrLrMrPrTr r r r Base~s    rUcs$eZdZfddZddZZS)zConfiguration.LDAPcsttj|j|dS)N)superr>LDAPr)rr?) __class__r r rszConfiguration.LDAP.__init__cCsZttjddddd}|jdr2|jd|jd|jdrN|jd |jd|jdS) Nz ldap.confrz\s\tF)Z delimiter_reZquotes ldapserverZURI ldapbasednZBASE)rr+r,rKsetrJrI)rconfigr r r rIs    zConfiguration.LDAP.write)rrr rrI __classcell__r r )rXr rWs rWcs4eZdZfddZddZddZddZZS) zConfiguration.Kerberoscsttj|j|dS)N)rVr>Kerberosr)rr?)rXr r rszConfiguration.Kerberos.__init__cCs4|jd r|jd rdS|jddkp2|jdS)N krb5realm krb5realmdns)rKrJrM)rr r r rBsz Configuration.Kerberos.isEnabledcCs0|jd r|jd rdS|jtjddS)Nr_r`z krb5.conf)rKrTr+r,)rr r r rHszConfiguration.Kerberos.cleanupcCs|jr dStjd}t|tjd}|jd}|jd|jd|jd|rV|jdnd|rf|jdnd|rt|jndd}|j|dS) Nzsnippets/authconfig-krb.confz krb5.confr_Z krb5kdcdnsr`krb5kdckrb5adminserver)realmzkdc-srvz realm-srvZkdcZ adminserverZdomain)rCr+r6rr,rJlowerrI)rr9r\rdkeysr r r rIs  zConfiguration.Kerberos.write)rrr rrBrHrIr]r r )rXr r^s r^cs$eZdZfddZddZZS)zConfiguration.Networkcsttj|j|dS)N)rVr>Networkr)rr?)rXr r rszConfiguration.Network.__init__cCs<|jd}ttjd}|dkr$dS|jd||jdS)N nisdomainr3Z NISDOMAIN)rJrr+r,r[rI)rrhr\r r r rIs   zConfiguration.Network.write)rrr rrIr]r r )rXr rgs rgcs4eZdZfddZddZddZddZZS) zConfiguration.SSSDcsttj|j|dddS)Nsssd)rA)rVr>SSSDr)rr?)rXr r rszConfiguration.SSSD.__init__cCs0|jd r|jd rdS|jdp.|jdS)Nldapri)rKrM)rr r r rBszConfiguration.SSSD.isEnabledcCs|jtjddS)Nz sssd.conf)rTr+r,)rr r r rHszConfiguration.SSSD.cleanupc Cs|jdsdStjd}t|tjd}|jdr6dnd}|jd|jd|jd||jd|jd |jd |jd |jd |jd d }|j|tj tjddddS)Nrkzsnippets/authconfig-sssd.confz sssd.confZ rfc2307bisrYrZZldaptlskrb5rbrcr_Z cachecreds smartcard) zldap-uriz ldap-basednzldap-tlsz ldap-schemarlzkdc-uriz kpasswd-urirdz cache-credsz cert-authi)mode) rMr+r6rr,rJrLrIr8chmod)rr9r\Zschemarfr r r rIs"   zConfiguration.SSSD.write)rrr rrBrHrIr]r r )rXr rjs rjcs,eZdZfddZddZddZZS)zConfiguration.Winbindcsttj|j|dddS)Nwinbind)rA)rVr>Winbindr)rr?)rXr r r.szConfiguration.Winbind.__init__cCs0|jd r|jd rdS|jdp.|jdS)Nrp winbindauth)rKrM)rr r r rB1szConfiguration.Winbind.isEnabledc Cs|jdsdS|jjdjdd}|d}d}t|dkrF|dd}ddd|d d g}|jd rr|j|jd ttjd ||d }y |j Wn*t k rt t dtjd YnXdS)NZ winbindjoin%r*r rz-Uz"%s"z--client-softwarerpZ smbworkgroupz cmd-realm)rz)%s was not found. Please, install realmd.) rKr?rJsplitlenappendrr+r,rrRr r)rZcredsuserZpasswordr r%r r r rI7s$     zConfiguration.Winbind.write)rrr rrBrIr]r r )rXr rq-s rqcs$eZdZfddZddZZS)zConfiguration.PWQualitycsttj|j|dS)N)rVr> PWQualityr)rr?)rXr r rSsz Configuration.PWQuality.__init__c Csttjd}d}|jd|jd|jd|jd|jddd d d |jd dd d d |jd dd d d |jddd d d d}x@|jD]4\}}|dk rt|dt||j||d }qW|r|j dS)Nzpwquality.confFZ passminlenZ passminclassZ passmaxrepeatZpassmaxclassrepeatZreqlowerr*rT)rNZrequpperZreqdigitZreqother)ZminlenZminclassZ maxrepeatZmaxclassrepeatZlcreditZucreditZdcreditZocredit=r{r{r{) rr+r,rJrPitemsrstrr[rI)rr\Z value_setZpwoptsoptrOr r r rIVs" zConfiguration.PWQuality.write)rrr rrIr]r r )rXr ryRs rycs,eZdZfddZddZddZZS)zConfiguration.MakeHomedircsttj|j|dddS)NZoddjobd)rA)rVr> MakeHomedirr)rr?)rXr r rpsz"Configuration.MakeHomedir.__init__cCs|jdsdS|jdS)N mkhomedir)rKrM)rr r r rBss z#Configuration.MakeHomedir.isEnabledcCsdS)Nr )rrFr r r rGysz(Configuration.MakeHomedir.disableService)rrr rrBrGr]r r )rXr ros rcs<eZdZfddZddZddZddZd d ZZS) zConfiguration.NIScs*ttj|j|td|_td|_dS)Nrpcbindypbind)rVr>NISrr!rr)rr?)rXr r rs zConfiguration.NIS.__init__cCs|jdsdS|jdS)Nnis)rKrM)rr r r rBs zConfiguration.NIS.isEnabledcCs|jdsdS|jd}|s6ttjd|g}|jttjddddg}|j|jj|jj|s|jj dd|jj dS) Nrhzcmd-domainnamez cmd-setseboolz-P allow_ypbind1F)r1) rKrJrr+r,rrr)rr.)rrDZnisdomr%r r r rEs      zConfiguration.NIS.enableServicecCsl|sttjddg}|jttjddddg}|j|jj|jj|sh|jj|jjdS)Nzcmd-domainnamez(none)z cmd-setseboolz-Pr0)rr+r,rrr-rr0)rrFr%r r r rGs     z Configuration.NIS.disableServicec Cs|jdsdSd|jd}g}|jdr\|jdjd}|dd}|d|dd7}n|d 7}x|D]}|d |d7}qjWtjd }|jd rtd |t|td|dSt|d}|j|WdQRXdS)Nrhzdomain Z nisserver,r*z server rrtz broadcast z ypserver zyp.confz test-callz+========== BEGIN Content of [%s] ==========z,========== END Content of [%s] ========== w) rKrJrur+r,rMropenrI)routputZadditional_serversZserversZserverrSfr r r rIs&         zConfiguration.NIS.write) rrr rrBrErGrIr]r r )rXr r~s  rN) rrr objectrUrWr^rgrjrqryrrr r r r r>}sE$)%r>c@sLeZdZddZddZddZddZd d Zd d Zd dZ ddZ dS) AuthCompatcCsBttjd|_t|_|jj|jj|j|jj|jdS)Nr2) rr+r, sysconfigrr?parseZapplysysconfigZupdatesysconfig)rr r r rs  zAuthCompat.__init__cCspttdttdttdttd|jj}|rdttdx|D]}td|qPWtddS)Nz&Running authconfig compatibility tool.zThe purpose of this tool is to enable authentication against chosen services with authselect and minimum configuration. It does not provide all capabilities of authconfig. zLIMPORTANT: authconfig is replaced by authselect, please update your scripts.zHSee man authselect-migration(7) to help you with migration to authselectzDWarning: These options are not supported anymore and have no effect:z --%sra)rrr?ZgetSetButUnsupported)rr?r"r r r printWarnings       zAuthCompat.printWarningcCs(x"tjD]}td|j|jfqWdS)Nz%s=%s)rZListrr"rO)roptionr r r printOptionss zAuthCompat.printOptionscCs,x&|jjD]}td|j|jfq WdS)Nz%s=%s)rZgetallrr"rO)rliner r r printSysconfigszAuthCompat.printSysconfigcCsddddg}dddg}|jjd r@tjdkr@ttd d Sx,|D]$}|jj|rFttd |d SqFW|jjd |jjd krttdd Sx|D]}|jj|rdSqWttdd S)NZtestZprobeZ restorebackupZrestorelastbackupupdateZ updateallZ kickstartrz"authconfig can only be run as rootFzNError: option --%s is no longer supported and we cannot continue if it is set.rprrz@Error: Both --enablewinbind and --enablewinbindauth must be set.Tz*Error: Please, provide --updateall option.)r?rMr8getuidrr)rZ disallowedr'rr r r canContinues$          zAuthCompat.canContinuec CsZdddddddd}|j\}}|jjd sP|jjd sP|jjd sP|jjd rVd }n"|jjd rhd }n|jjdrxd}|dkrd }xV|jD]J\}}|jj|sq|jj|}|r|j|qx||kr|j|qWqW|jjdrt|jjddkr |jdn |jdt t |}d|g}|j ||jdt t jd|}|jdS)Nzwith-smartcardzwith-smartcard-requiredzwith-fingerprintzwith-mkhomedirz with-faillockzwith-pamaccessz with-krb5)rmZrequiresmartcardZ fingerprintrZfaillockZ pamaccessZ winbindkrb5rkZldapauthriZsssdauthrrpZsmartcardactionrzwith-smartcard-lock-on-removalZselectz--forcezcmd-authselect)getCurrentAuthselectConfigr?rMr|rKrwrQintrJlistr[extendrr+r,r) rmapZprofileZfeaturesrZfeatureenabledr r%r r r runAuthselect sJ                zAuthCompat.runAuthselectcCs~ttjddgdd}|j|jdks4|jjdkrrWr?rgr^rjrqryrrrIrMrBrErGrHrr#r rrr%r$rr&)rZconfigsr\rDrrr r r writeConfigurationUs.            zAuthCompat.writeConfigurationN) rrr rrrrrrrrr r r r rs> rcCsytjtjdWn"tjk r4tjjdYnXt}|j|j j dt _ |j j dt _ |j j dt_ |jstjdy|j|j|jjWnPtjk r}z2ttddj|j|jft|jjWYdd}~XnXtjddS)Nraz%Warning: Unsupported locale setting. z test-callr*z$Command [%s] failed with %d, stderr:rr)locale setlocaleLC_ALLErrorrrrIrrr?rMrrrrrexitrrrrr#r rrr%r$r&)Z authcompatrr r r mainzs(  r__main__)r8rrgettextrZauthcompat_OptionsrZauthcompat_EnvironmentFilerZauthcompat_ConfigSnippetrrr rr!r+r>rrrr r r r s(   #P0