summaryrefslogtreecommitdiffstats
path: root/src/lib/Server/Generators/Account.py
diff options
context:
space:
mode:
authorNarayan Desai <desai@mcs.anl.gov>2004-10-30 15:07:47 +0000
committerNarayan Desai <desai@mcs.anl.gov>2004-10-30 15:07:47 +0000
commit497fd3d1b950e773a28cbaf9271689aa38820d19 (patch)
tree5b21d3c57f28477ee6f5e9d7a5b5e4b8a85c5e8a /src/lib/Server/Generators/Account.py
parent815281ec3738ab2efcffea2a1b168cd9ea2eeab3 (diff)
downloadbcfg2-497fd3d1b950e773a28cbaf9271689aa38820d19.tar.gz
bcfg2-497fd3d1b950e773a28cbaf9271689aa38820d19.tar.bz2
bcfg2-497fd3d1b950e773a28cbaf9271689aa38820d19.zip
update internal name
2004/10/30 10:04:04-05:00 anl.gov!desai Change mode to -rw-r--r-- 2004/10/30 10:01:17-05:00 anl.gov!desai Rename: src/lib/Server/Generators/account.py -> src/lib/Server/Generators/Account.py (Logical change 1.136) git-svn-id: https://svn.mcs.anl.gov/repos/bcfg/trunk/bcfg2@614 ce84e21b-d406-0410-9b95-82705330c041
Diffstat (limited to 'src/lib/Server/Generators/Account.py')
-rw-r--r--src/lib/Server/Generators/Account.py58
1 files changed, 58 insertions, 0 deletions
diff --git a/src/lib/Server/Generators/Account.py b/src/lib/Server/Generators/Account.py
index e69de29bb..8797fe08a 100644
--- a/src/lib/Server/Generators/Account.py
+++ b/src/lib/Server/Generators/Account.py
@@ -0,0 +1,58 @@
+'''This handles authentication setup'''
+__revision__ = '$Revision$'
+
+from Bcfg2.Server.Generator import Generator, DirectoryBacked
+
+class Account(Generator):
+ '''This module generates account config files,
+ based on an internal data repo:
+ static.(passwd|group|limits.conf) -> static entries
+ dyn.(passwd|group) -> dynamic entries (usually acquired from yp)
+ useraccess -> users to be granted login access on some hosts
+ superusers -> users to be granted root privs on all hosts
+ rootlike -> users to be granted root privs on some hosts
+ '''
+ __name__ = 'Account'
+ __version__ = '$Id$'
+ __author__ = 'bcfg-dev@mcs.anl.gov'
+ __provides__ = {'ConfigFile':{}}
+
+ def __init__(self, core, datastore):
+ Generator.__init__(self, core, datastore)
+ self.repository = DirectoryBacked(self.data)
+ self.ssh = DirectoryBacked("%s/ssh"%(self.data))
+ self.__provides__['ConfigFile'] = {'/etc/passwd':self.from_yp,
+ '/etc/group':self.from_yp,
+ '/etc/security/limits.conf':self.gen_limits,
+ '/root/.ssh/authorized_keys':self.gen_root_keys}
+
+ def from_yp(self, entry, metadata):
+ '''Build password file from cached yp data'''
+ fname = entry.attrib['name'].split('/')[-1]
+ entry.text = self.repository.entries["static.%s" % (fname)].data
+ entry.text += self.repository.entries["dyn.%s" % (fname)].data
+ entry.attrib.update({'owner':'root', 'group':'root', 'perms':'0644'})
+
+ def gen_limits(self, entry, metadata):
+ '''Build limits entries based on current ACLs'''
+ static = self.repository.entries["static.limits.conf"].data
+ superusers = self.repository.entries["superusers"].data.split()
+ useraccess = self.repository.entries["useraccess"].data
+ users = [x[0] for x in useraccess if x[1] == metadata.hostname]
+ entry.attrib.upate({'owner':'root', 'group':'root', 'perms':'0600'})
+ entry.text = static + "".join(["%s hard maxlogins 1024\n" % x for x in superusers + users])
+ if "*" not in users:
+ entry.text += "* hard maxlogins 0\n"
+
+ def gen_root_keys(self, entry, metadata):
+ '''Build root authorized keys file based on current ACLs'''
+ data = ''
+ su = self.repository.entries['superusers'].data.split()
+ rl = self.repository.entries['rootlike'].data.split()
+ su += [x.split(':')[0] for x in rl if x.split(':')[1] == metadata.hostname]
+ data = ''
+ for user in su:
+ if self.ssh.entries.has_key(user):
+ data += self.ssh.entries[user].data
+ entry.attrib.update({'owner':'root', 'group':'root', 'perms':'0600'})
+ entry.text = data