diff options
author | Fabian Affolter <fabian@bernewireless.net> | 2010-12-13 23:22:40 +0100 |
---|---|---|
committer | Fabian Affolter <fabian@bernewireless.net> | 2010-12-13 23:22:40 +0100 |
commit | f5792d907e357c90624ec110d908d42b94296a12 (patch) | |
tree | fc4976fb05c8d4026bc2580e48ad8070d85bd7c7 /build/lib/Bcfg2/Server/Plugins/Account.py | |
parent | 18b3b41b3f993b2dd5a10e1bbb8abf959c57c4e2 (diff) | |
download | bcfg2-f5792d907e357c90624ec110d908d42b94296a12.tar.gz bcfg2-f5792d907e357c90624ec110d908d42b94296a12.tar.bz2 bcfg2-f5792d907e357c90624ec110d908d42b94296a12.zip |
Removed build files
Diffstat (limited to 'build/lib/Bcfg2/Server/Plugins/Account.py')
-rw-r--r-- | build/lib/Bcfg2/Server/Plugins/Account.py | 93 |
1 files changed, 0 insertions, 93 deletions
diff --git a/build/lib/Bcfg2/Server/Plugins/Account.py b/build/lib/Bcfg2/Server/Plugins/Account.py deleted file mode 100644 index e3ea58761..000000000 --- a/build/lib/Bcfg2/Server/Plugins/Account.py +++ /dev/null @@ -1,93 +0,0 @@ -"""This handles authentication setup.""" -__revision__ = '$Revision$' - -import Bcfg2.Server.Plugin - -class Account(Bcfg2.Server.Plugin.Plugin, - Bcfg2.Server.Plugin.Generator): - """This module generates account config files, - based on an internal data repo: - static.(passwd|group|limits.conf) -> static entries - dyn.(passwd|group) -> dynamic entries (usually acquired from yp or somesuch) - useraccess -> users to be granted login access on some hosts - superusers -> users to be granted root privs on all hosts - rootlike -> users to be granted root privs on some hosts - - """ - name = 'Account' - __version__ = '$Id$' - __author__ = 'bcfg-dev@mcs.anl.gov' - - def __init__(self, core, datastore): - Bcfg2.Server.Plugin.Plugin.__init__(self, core, datastore) - Bcfg2.Server.Plugin.Generator.__init__(self) - self.Entries = {'ConfigFile':{'/etc/passwd':self.from_yp_cb, - '/etc/group':self.from_yp_cb, - '/etc/security/limits.conf':self.gen_limits_cb, - '/root/.ssh/authorized_keys':self.gen_root_keys_cb, - '/etc/sudoers':self.gen_sudoers}} - try: - self.repository = Bcfg2.Server.Plugin.DirectoryBacked(self.data, self.core.fam) - except: - self.logger.error("Failed to load repos: %s, %s" % \ - (self.data, "%s/ssh" % (self.data))) - raise Bcfg2.Server.Plugin.PluginInitError - - def from_yp_cb(self, entry, metadata): - """Build password file from cached yp data.""" - fname = entry.attrib['name'].split('/')[-1] - entry.text = self.repository.entries["static.%s" % (fname)].data - entry.text += self.repository.entries["dyn.%s" % (fname)].data - perms = {'owner':'root', 'group':'root', 'perms':'0644'} - [entry.attrib.__setitem__(key, value) for (key, value) in \ - perms.iteritems()] - - def gen_limits_cb(self, entry, metadata): - """Build limits entries based on current ACLs.""" - entry.text = self.repository.entries["static.limits.conf"].data - superusers = self.repository.entries["superusers"].data.split() - useraccess = [line.split(':') for line in \ - self.repository.entries["useraccess"].data.split()] - users = [user for (user, host) in \ - useraccess if host == metadata.hostname.split('.')[0]] - perms = {'owner':'root', 'group':'root', 'perms':'0600'} - [entry.attrib.__setitem__(key, value) for (key, value) in \ - perms.iteritems()] - entry.text += "".join(["%s hard maxlogins 1024\n" % uname for uname in superusers + users]) - if "*" not in users: - entry.text += "* hard maxlogins 0\n" - - def gen_root_keys_cb(self, entry, metadata): - """Build root authorized keys file based on current ACLs.""" - superusers = self.repository.entries['superusers'].data.split() - try: - rootlike = [line.split(':', 1) for line in \ - self.repository.entries['rootlike'].data.split()] - superusers += [user for (user, host) in rootlike \ - if host == metadata.hostname.split('.')[0]] - except: - pass - rdata = self.repository.entries - entry.text = "".join([rdata["%s.key" % user].data for user \ - in superusers if \ - ("%s.key" % user) in rdata]) - perms = {'owner':'root', 'group':'root', 'perms':'0600'} - [entry.attrib.__setitem__(key, value) for (key, value) \ - in perms.iteritems()] - - def gen_sudoers(self, entry, metadata): - """Build root authorized keys file based on current ACLs.""" - superusers = self.repository.entries['superusers'].data.split() - try: - rootlike = [line.split(':', 1) for line in \ - self.repository.entries['rootlike'].data.split()] - superusers += [user for (user, host) in rootlike \ - if host == metadata.hostname.split('.')[0]] - except: - pass - entry.text = self.repository.entries['static.sudoers'].data - entry.text += "".join(["%s ALL=(ALL) ALL\n" % uname \ - for uname in superusers]) - perms = {'owner':'root', 'group':'root', 'perms':'0440'} - [entry.attrib.__setitem__(key, value) for (key, value) \ - in perms.iteritems()] |