diff options
| author | Narayan Desai <desai@mcs.anl.gov> | 2004-10-30 15:07:47 +0000 |
|---|---|---|
| committer | Narayan Desai <desai@mcs.anl.gov> | 2004-10-30 15:07:47 +0000 |
| commit | 497fd3d1b950e773a28cbaf9271689aa38820d19 (patch) | |
| tree | 5b21d3c57f28477ee6f5e9d7a5b5e4b8a85c5e8a /src | |
| parent | 815281ec3738ab2efcffea2a1b168cd9ea2eeab3 (diff) | |
| download | bcfg2-497fd3d1b950e773a28cbaf9271689aa38820d19.tar.gz bcfg2-497fd3d1b950e773a28cbaf9271689aa38820d19.tar.bz2 bcfg2-497fd3d1b950e773a28cbaf9271689aa38820d19.zip | |
update internal name
2004/10/30 10:04:04-05:00 anl.gov!desai
Change mode to -rw-r--r--
2004/10/30 10:01:17-05:00 anl.gov!desai
Rename: src/lib/Server/Generators/account.py -> src/lib/Server/Generators/Account.py
(Logical change 1.136)
git-svn-id: https://svn.mcs.anl.gov/repos/bcfg/trunk/bcfg2@614 ce84e21b-d406-0410-9b95-82705330c041
Diffstat (limited to 'src')
| -rw-r--r-- | src/lib/Server/Generators/Account.py | 58 |
1 files changed, 58 insertions, 0 deletions
diff --git a/src/lib/Server/Generators/Account.py b/src/lib/Server/Generators/Account.py index e69de29bb..8797fe08a 100644 --- a/src/lib/Server/Generators/Account.py +++ b/src/lib/Server/Generators/Account.py @@ -0,0 +1,58 @@ +'''This handles authentication setup''' +__revision__ = '$Revision$' + +from Bcfg2.Server.Generator import Generator, DirectoryBacked + +class Account(Generator): + '''This module generates account config files, + based on an internal data repo: + static.(passwd|group|limits.conf) -> static entries + dyn.(passwd|group) -> dynamic entries (usually acquired from yp) + useraccess -> users to be granted login access on some hosts + superusers -> users to be granted root privs on all hosts + rootlike -> users to be granted root privs on some hosts + ''' + __name__ = 'Account' + __version__ = '$Id$' + __author__ = 'bcfg-dev@mcs.anl.gov' + __provides__ = {'ConfigFile':{}} + + def __init__(self, core, datastore): + Generator.__init__(self, core, datastore) + self.repository = DirectoryBacked(self.data) + self.ssh = DirectoryBacked("%s/ssh"%(self.data)) + self.__provides__['ConfigFile'] = {'/etc/passwd':self.from_yp, + '/etc/group':self.from_yp, + '/etc/security/limits.conf':self.gen_limits, + '/root/.ssh/authorized_keys':self.gen_root_keys} + + def from_yp(self, entry, metadata): + '''Build password file from cached yp data''' + fname = entry.attrib['name'].split('/')[-1] + entry.text = self.repository.entries["static.%s" % (fname)].data + entry.text += self.repository.entries["dyn.%s" % (fname)].data + entry.attrib.update({'owner':'root', 'group':'root', 'perms':'0644'}) + + def gen_limits(self, entry, metadata): + '''Build limits entries based on current ACLs''' + static = self.repository.entries["static.limits.conf"].data + superusers = self.repository.entries["superusers"].data.split() + useraccess = self.repository.entries["useraccess"].data + users = [x[0] for x in useraccess if x[1] == metadata.hostname] + entry.attrib.upate({'owner':'root', 'group':'root', 'perms':'0600'}) + entry.text = static + "".join(["%s hard maxlogins 1024\n" % x for x in superusers + users]) + if "*" not in users: + entry.text += "* hard maxlogins 0\n" + + def gen_root_keys(self, entry, metadata): + '''Build root authorized keys file based on current ACLs''' + data = '' + su = self.repository.entries['superusers'].data.split() + rl = self.repository.entries['rootlike'].data.split() + su += [x.split(':')[0] for x in rl if x.split(':')[1] == metadata.hostname] + data = '' + for user in su: + if self.ssh.entries.has_key(user): + data += self.ssh.entries[user].data + entry.attrib.update({'owner':'root', 'group':'root', 'perms':'0600'}) + entry.text = data |