From 6f641c969b08e2655836ad1cc13abc32d9f98296 Mon Sep 17 00:00:00 2001
From: Rick Bradshow <bradshaw@mcs.anl.gov>
Date: Mon, 12 Mar 2007 21:25:23 +0000
Subject: this is the updated version which also hacks the sudoers file. there
 is a catch where you need a sudoers template or static file, but I will fix
 that in the future.

git-svn-id: https://svn.mcs.anl.gov/repos/bcfg/trunk/bcfg2@2931 ce84e21b-d406-0410-9b95-82705330c041
---
 src/lib/Server/Plugins/Account.py | 13 ++++++++++++-
 1 file changed, 12 insertions(+), 1 deletion(-)

(limited to 'src')

diff --git a/src/lib/Server/Plugins/Account.py b/src/lib/Server/Plugins/Account.py
index 076afa032..bf530af4d 100644
--- a/src/lib/Server/Plugins/Account.py
+++ b/src/lib/Server/Plugins/Account.py
@@ -21,7 +21,8 @@ class Account(Bcfg2.Server.Plugin.Plugin):
         self.Entries = {'ConfigFile':{'/etc/passwd':self.from_yp_cb,
                                            '/etc/group':self.from_yp_cb,
                                            '/etc/security/limits.conf':self.gen_limits_cb,
-                                           '/root/.ssh/authorized_keys':self.gen_root_keys_cb}}
+                                           '/root/.ssh/authorized_keys':self.gen_root_keys_cb,
+					   '/etc/sudoers':self.gen_sudoers}}
         try:
             self.repository = Bcfg2.Server.Plugin.DirectoryBacked(self.data, self.core.fam)
         except:
@@ -57,3 +58,13 @@ class Account(Bcfg2.Server.Plugin.Plugin):
         entry.text = "".join([rdata["%s.key" % user].data for user in superusers if rdata.has_key("%s.key" % user)])
         perms = {'owner':'root', 'group':'root', 'perms':'0600'}
         [entry.attrib.__setitem__(key, value) for (key, value) in perms.iteritems()]
+
+    def gen_sudoers(self, entry, metadata):
+        '''Build root authorized keys file based on current ACLs'''
+        superusers = self.repository.entries['superusers'].data.split()
+        rootlike = [line.split(':', 1) for line in self.repository.entries['rootlike'].data.split()]
+        superusers += [user for (user, host) in rootlike if host == metadata.hostname.split('.')[0]]
+        rdata = self.repository.entries
+        entry.text = self.repository.entries['static.sudoers'].data%",".join(superusers)
+        perms = {'owner':'root', 'group':'root', 'perms':'0400'}
+        [entry.attrib.__setitem__(key, value) for (key, value) in perms.iteritems()]
-- 
cgit v1.2.3-1-g7c22