193 lines
6.6 KiB
Python
193 lines
6.6 KiB
Python
|
#
|
||
|
# Copyright (C) 2019 Red Hat, Inc.
|
||
|
#
|
||
|
# This copyrighted material is made available to anyone wishing to use,
|
||
|
# modify, copy, or redistribute it subject to the terms and conditions of
|
||
|
# the GNU General Public License v.2, or (at your option) any later version.
|
||
|
# This program is distributed in the hope that it will be useful, but WITHOUT
|
||
|
# ANY WARRANTY expressed or implied, including the implied warranties of
|
||
|
# MERCHANTABILITY or FITNESS FOR A PARTICULAR PURPOSE. See the GNU General
|
||
|
# Public License for more details. You should have received a copy of the
|
||
|
# GNU General Public License along with this program; if not, write to the
|
||
|
# Free Software Foundation, Inc., 51 Franklin Street, Fifth Floor, Boston, MA
|
||
|
# 02110-1301, USA. Any Red Hat trademarks that are incorporated in the
|
||
|
# source code or documentation are not subject to the GNU General Public
|
||
|
# License and may only be used or replicated with the express permission of
|
||
|
# Red Hat, Inc.
|
||
|
#
|
||
|
|
||
|
import os
|
||
|
|
||
|
from pyanaconda.core import users
|
||
|
|
||
|
from pyanaconda.modules.common.task import Task
|
||
|
|
||
|
from pyanaconda.anaconda_loggers import get_module_logger
|
||
|
log = get_module_logger(__name__)
|
||
|
|
||
|
__all__ = ["SetRootPasswordTask", "CreateUsersTask", "CreateGroupsTask", "SetSshKeysTask",
|
||
|
"ConfigureRootPasswordSSHLoginTask"]
|
||
|
|
||
|
|
||
|
class SetRootPasswordTask(Task):
|
||
|
"""Installation task fot setting the root password."""
|
||
|
|
||
|
def __init__(self, sysroot, password, crypted, locked):
|
||
|
"""Create a new root password configuration task.
|
||
|
|
||
|
:param str sysroot: a path to the root of the target system
|
||
|
:param str password: root password to be set
|
||
|
:param bool crypted: is the root password already encrypted ?
|
||
|
:param bool locked: should the root password be locked ?
|
||
|
"""
|
||
|
super().__init__()
|
||
|
self._sysroot = sysroot
|
||
|
self._password = password
|
||
|
self._crypted = crypted
|
||
|
self._locked = locked
|
||
|
|
||
|
@property
|
||
|
def name(self):
|
||
|
return "Configure root password"
|
||
|
|
||
|
def run(self):
|
||
|
self._set_root_password()
|
||
|
|
||
|
def _set_root_password(self):
|
||
|
users.set_root_password(self._password,
|
||
|
self._crypted,
|
||
|
self._locked,
|
||
|
self._sysroot)
|
||
|
|
||
|
|
||
|
class CreateUsersTask(Task):
|
||
|
"""Create users on the target system."""
|
||
|
|
||
|
def __init__(self, sysroot, user_data_list):
|
||
|
"""Create a new user creation task.
|
||
|
|
||
|
:param str sysroot: a path to the root of the installed system
|
||
|
:param user_data_list: list of users to create
|
||
|
:type user_data_list: list of UserData instances
|
||
|
"""
|
||
|
super().__init__()
|
||
|
self._sysroot = sysroot
|
||
|
self._user_data_list = user_data_list
|
||
|
|
||
|
@property
|
||
|
def name(self):
|
||
|
return "Create users"
|
||
|
|
||
|
def run(self):
|
||
|
self._create_users()
|
||
|
|
||
|
def _create_users(self):
|
||
|
for user_data in self._user_data_list:
|
||
|
uid = user_data.get_uid()
|
||
|
gid = user_data.get_gid()
|
||
|
|
||
|
try:
|
||
|
users.create_user(username=user_data.name,
|
||
|
password=user_data.password,
|
||
|
is_crypted=user_data.is_crypted,
|
||
|
lock=user_data.lock,
|
||
|
homedir=user_data.homedir,
|
||
|
uid=uid, gid=gid,
|
||
|
groups=user_data.groups,
|
||
|
shell=user_data.shell,
|
||
|
gecos=user_data.gecos,
|
||
|
root=self._sysroot)
|
||
|
except ValueError as e:
|
||
|
log.warning(str(e))
|
||
|
|
||
|
|
||
|
class CreateGroupsTask(Task):
|
||
|
"""Create groups on the target system."""
|
||
|
|
||
|
def __init__(self, sysroot, group_data_list):
|
||
|
"""Create a new group creation task.
|
||
|
|
||
|
:param str sysroot: a path to the root of the installed system
|
||
|
:param group_data_list: list of groups to create
|
||
|
:type group_data_list: list of GroupData instances
|
||
|
"""
|
||
|
super().__init__()
|
||
|
self._sysroot = sysroot
|
||
|
self._group_data_list = group_data_list
|
||
|
|
||
|
@property
|
||
|
def name(self):
|
||
|
return "Create groups"
|
||
|
|
||
|
def run(self):
|
||
|
self._create_groups()
|
||
|
|
||
|
def _create_groups(self):
|
||
|
for group_data in self._group_data_list:
|
||
|
gid = group_data.get_gid()
|
||
|
try:
|
||
|
users.create_group(group_name=group_data.name, gid=gid, root=self._sysroot)
|
||
|
except ValueError as e:
|
||
|
log.warning(str(e))
|
||
|
|
||
|
|
||
|
class SetSshKeysTask(Task):
|
||
|
"""Install specified SSH keys to the target system."""
|
||
|
|
||
|
def __init__(self, sysroot, ssh_key_data_list):
|
||
|
"""Create a new SSH key installation task.
|
||
|
|
||
|
:param str sysroot: a path to the root of the installed system
|
||
|
:param ssh_key_data_list: list of keys to install
|
||
|
:type ssh_key_data_list: list of SshKeyData instances
|
||
|
"""
|
||
|
super().__init__()
|
||
|
self._sysroot = sysroot
|
||
|
self._ssh_key_data_list = ssh_key_data_list
|
||
|
|
||
|
@property
|
||
|
def name(self):
|
||
|
return "Set SSH keys"
|
||
|
|
||
|
def run(self):
|
||
|
self._set_ssh_keys()
|
||
|
|
||
|
def _set_ssh_keys(self):
|
||
|
for key_data in self._ssh_key_data_list:
|
||
|
users.set_user_ssh_key(key_data.username, key_data.key)
|
||
|
|
||
|
|
||
|
class ConfigureRootPasswordSSHLoginTask(Task):
|
||
|
"""Optionally add an override allowing root to login with password over SSH."""
|
||
|
|
||
|
CONFIG_PATH = "etc/ssh/sshd_config.d/01-permitrootlogin.conf"
|
||
|
|
||
|
def __init__(self, sysroot, password_allowed):
|
||
|
"""Create a new root password SSH login configuration task.
|
||
|
|
||
|
:param str sysroot: a path to the root of the installed system
|
||
|
:param bool password_allowed: True allows root to login via SSH with password auth.
|
||
|
False prevents it by not changing the default OpenSSH
|
||
|
behavior
|
||
|
"""
|
||
|
super().__init__()
|
||
|
self._sysroot = sysroot
|
||
|
self._password_allowed = password_allowed
|
||
|
|
||
|
@property
|
||
|
def name(self):
|
||
|
return "Configure optional root password SSH login"
|
||
|
|
||
|
def run(self):
|
||
|
"""Run the task."""
|
||
|
if self._password_allowed:
|
||
|
log.debug("Adding an override allowing root login with password via SSH.")
|
||
|
with open(os.path.join(self._sysroot, self.CONFIG_PATH), "wt") as f:
|
||
|
f.write(
|
||
|
'# This file has been generated by the Anaconda Installer.\n'
|
||
|
'# Allow root to log in using ssh. Remove this file to opt-out.\n'
|
||
|
'PermitRootLogin yes\n'
|
||
|
)
|
||
|
else:
|
||
|
log.debug("Not adding an override allowing root login with password via SSH.")
|