summaryrefslogtreecommitdiffstats
diff options
context:
space:
mode:
authorNarayan Desai <desai@mcs.anl.gov>2005-09-07 17:35:15 +0000
committerNarayan Desai <desai@mcs.anl.gov>2005-09-07 17:35:15 +0000
commit4064456e1ed19ce0b6f638e078a2d5ac099da0c3 (patch)
treed16a383e66284f93384390fbb518aaea2475c2b5
parentb1f1d62a944fcb5b4d70b760bbd43c1cd9c944a2 (diff)
downloadbcfg2-4064456e1ed19ce0b6f638e078a2d5ac099da0c3.tar.gz
bcfg2-4064456e1ed19ce0b6f638e078a2d5ac099da0c3.tar.bz2
bcfg2-4064456e1ed19ce0b6f638e078a2d5ac099da0c3.zip
rename self.__provides__ -> self.Entries
2005/09/06 22:28:27-05:00 anl.gov!desai update to new Plugin API 2005/09/06 22:27:39-05:00 anl.gov!desai Rename: src/lib/Server/Generators/Account.py -> src/lib/Server/Plugins/Account.py (Logical change 1.300) git-svn-id: https://svn.mcs.anl.gov/repos/bcfg/trunk/bcfg2@1212 ce84e21b-d406-0410-9b95-82705330c041
-rw-r--r--src/lib/Server/Plugins/Account.py58
1 files changed, 58 insertions, 0 deletions
diff --git a/src/lib/Server/Plugins/Account.py b/src/lib/Server/Plugins/Account.py
index e69de29bb..3f045cb30 100644
--- a/src/lib/Server/Plugins/Account.py
+++ b/src/lib/Server/Plugins/Account.py
@@ -0,0 +1,58 @@
+'''This handles authentication setup'''
+__revision__ = '$Revision$'
+
+from Bcfg2.Server.Plugin import Plugin, PluginInitError, DirectoryBacked
+
+class Account(Plugin):
+ '''This module generates account config files,
+ based on an internal data repo:
+ static.(passwd|group|limits.conf) -> static entries
+ dyn.(passwd|group) -> dynamic entries (usually acquired from yp or somesuch)
+ useraccess -> users to be granted login access on some hosts
+ superusers -> users to be granted root privs on all hosts
+ rootlike -> users to be granted root privs on some hosts
+ '''
+ __name__ = 'Account'
+ __version__ = '$Id$'
+ __author__ = 'bcfg-dev@mcs.anl.gov'
+
+ def __init__(self, core, datastore):
+ Plugin.__init__(self, core, datastore)
+ self.Entries = {'ConfigFile':{'/etc/passwd':self.from_yp_cb,
+ '/etc/group':self.from_yp_cb,
+ '/etc/security/limits.conf':self.gen_limits_cb,
+ '/root/.ssh/authorized_keys':self.gen_root_keys_cb}}
+ try:
+ self.repository = DirectoryBacked(self.data, self.core.fam)
+ except:
+ self.LogError("Failed to load repos: %s, %s" % (self.data, "%s/ssh" % (self.data)))
+ raise PluginInitError
+
+ def from_yp_cb(self, entry, metadata):
+ '''Build password file from cached yp data'''
+ fname = entry.attrib['name'].split('/')[-1]
+ entry.text = self.repository.entries["static.%s" % (fname)].data
+ entry.text += self.repository.entries["dyn.%s" % (fname)].data
+ entry.attrib.update({'owner':'root', 'group':'root', 'perms':'0644'})
+
+ def gen_limits_cb(self, entry, metadata):
+ '''Build limits entries based on current ACLs'''
+ entry.text = self.repository.entries["static.limits.conf"].data
+ superusers = self.repository.entries["superusers"].data.split()
+ useraccess = [line.split(':') for line in self.repository.entries["useraccess"].data.split()]
+ users = [user for (user, host) in useraccess if host == metadata.hostname]
+ entry.attrib.update({'owner':'root', 'group':'root', 'perms':'0600'})
+ entry.text += "".join(["%s hard maxlogins 1024\n" % uname for uname in superusers + users])
+ if "*" not in users:
+ entry.text += "* hard maxlogins 0\n"
+
+ def gen_root_keys_cb(self, entry, metadata):
+ '''Build root authorized keys file based on current ACLs'''
+ entry.text = ''
+ superusers = self.repository.entries['superusers'].data.split()
+ rootlike = [line.split(':', 1) for line in self.repository.entries['rootlike'].data.split()]
+ superusers += [user for (user, host) in rootlike if host == metadata.hostname]
+ for user in superusers:
+ if self.repository.entries.has_key("%s.key" % user):
+ entry.text += self.repository.entries["%s.key" % user].data
+ entry.attrib.update({'owner':'root', 'group':'root', 'perms':'0600'})