asda?‰PNG  IHDR ? f ??C1 sRGB ??é gAMA ±? üa pHYs ? ??o¨d GIDATx^íüL”÷e÷Y?a?("Bh?_ò???¢§?q5k?*:t0A-o??¥]VkJ¢M??f?±8\k2íll£1]q?ù???T PKEhe[#  authcompat_ConfigSnippet.pynu[# -*- coding: utf-8 -*- # # Authors: # Pavel Březina # # Copyright (C) 2018 Red Hat # # This program is free software; you can redistribute it and/or modify # it under the terms of the GNU General Public License as published by # the Free Software Foundation; either version 3 of the License, or # (at your option) any later version. # # This program is distributed in the hope that it will be useful, # but WITHOUT ANY WARRANTY; without even the implied warranty of # MERCHANTABILITY or FITNESS FOR A PARTICULAR PURPOSE. See the # GNU General Public License for more details. # # You should have received a copy of the GNU General Public License # along with this program. If not, see . # import errno import os import re class ConfigSnippet: TEST = False AllKeysRE = re.compile(r'\${\??(?P[\w-]*)}') DummyKeysRE = re.compile(r'\${\?[\w-]*}') def __init__(self, template, destination): with open(template, "r") as f: self.template = f.read() self.destination = destination def generate(self, values): # First remove lines containing key that is not set lines = self.template.split('\n') remove = [] for idx, line in enumerate(lines): for match in self.AllKeysRE.finditer(line): key = match.group("key") if key not in values or values[key] is None: remove.append(idx) break for idx in sorted(remove, reverse=True): del lines[idx] # Build output string output = '\n'.join(lines) # Remove all dummy keys ${?key} output = self.DummyKeysRE.sub("", output) # Replace values for key, value in values.items(): if value is None: continue if type(value) is bool: value = "true" if value else "false" output = output.replace("${%s}" % key, value) return output def write(self, values, to_stdout=False): output = self.generate(values) if self.TEST: print("========== BEGIN Content of [%s] ==========" % self.destination) print(output) print("========== END Content of [%s] ==========\n" % self.destination) return dirname = os.path.dirname(self.destination) if not os.path.exists(dirname): try: os.makedirs(dirname) except OSError as exception: if exception.errno == errno.EEXIST and os.path.isdir(dirname): pass else: raise with open(self.destination, "w") as f: f.write(output) PKEhe[ݛl)V)V authcompat.pynuȯ#!/usr/libexec/platform-python # -*- coding: utf-8 -*- # # Authors: # Pavel Březina # # Copyright (C) 2018 Red Hat # # This program is free software; you can redistribute it and/or modify # it under the terms of the GNU General Public License as published by # the Free Software Foundation; either version 3 of the License, or # (at your option) any later version. # # This program is distributed in the hope that it will be useful, # but WITHOUT ANY WARRANTY; without even the implied warranty of # MERCHANTABILITY or FITNESS FOR A PARTICULAR PURPOSE. See the # GNU General Public License for more details. # # You should have received a copy of the GNU General Public License # along with this program. If not, see . # import os import sys import locale import gettext import subprocess from authcompat_Options import Options from authcompat_EnvironmentFile import EnvironmentFile from authcompat_ConfigSnippet import ConfigSnippet _ = gettext.gettext def eprint(*args, **kwargs): print(*args, file=sys.stderr, **kwargs) class Command: TEST = False def __init__(self, command, args, input=None, check=True): self.args = [command] + args self.input = input.encode() if input is not None else None self.check = check self.result = None def run(self): print(_("Executing: %s") % ' '.join(self.args)) if self.TEST: return self.result = subprocess.run(self.args, check=self.check, input=self.input, stdout=subprocess.PIPE, stderr=subprocess.PIPE) class Service: def __init__(self, name): self.name = name + '.service' def runsystemd(self, command, required, enoent_code): try: command.run() except subprocess.CalledProcessError as result: if required and result.returncode == enoent_code: eprint(_("Service %s was not found. Please install the service.") % self.name) elif result.returncode != enoent_code: eprint(_("Command [%s] failed with %d, stderr:") % (' '.join(result.cmd), result.returncode)) eprint(result.stderr.decode()) def enable(self): cmd = Command(Path.System("cmd-systemctl"), ["enable", self.name]) self.runsystemd(cmd, True, 1) def disable(self): cmd = Command(Path.System("cmd-systemctl"), ["disable", self.name]) self.runsystemd(cmd, False, 1) def start(self, Restart=True): if Restart: self.stop() cmd = Command(Path.System("cmd-systemctl"), ["start", self.name]) self.runsystemd(cmd, True, 5) def stop(self): cmd = Command(Path.System("cmd-systemctl"), ["stop", self.name]) self.runsystemd(cmd, False, 5) class Path: LocalDir = os.path.dirname(os.path.realpath(__file__)) Config = EnvironmentFile(LocalDir + "/authcompat_paths") Files = { 'ldap.conf': '/etc/openldap/ldap.conf', 'krb5.conf': '/etc/krb5.conf.d/authconfig-krb.conf', 'sssd.conf': '/etc/sssd/conf.d/authconfig-sssd.conf', 'authconfig': '/etc/sysconfig/authconfig', 'network': '/etc/sysconfig/network', 'pwquality.conf': '/etc/security/pwquality.conf.d/10-authconfig-pwquality.conf', 'yp.conf': '/etc/yp.conf', 'cmd-systemctl': '/usr/bin/systemctl', 'cmd-authselect': '/usr/bin/authselect', 'cmd-realm': '/usr/sbin/realm', 'cmd-domainname': '/usr/bin/domainname', 'cmd-setsebool': '/usr/sbin/setsebool' } @staticmethod def Local(relpath): return "%s/%s" % (Path.LocalDir, relpath) @staticmethod def System(name): return Path.Files[name] class Configuration: class Base(object): def __init__(self, options, ServiceName=None): self.options = options self.service = None if ServiceName is not None: self.service = Service(ServiceName) def isEnabled(self): return True def isDisabled(self): return not self.isEnabled() def enableService(self, nostart): if self.service is None: return self.service.enable() if not nostart: self.service.start() def disableService(self, nostop): if self.service is None: return self.service.disable() if not nostop: self.service.stop() def cleanup(self): return def write(self): return def get(self, name): return self.options.get(name) def isset(self, name): return self.options.isset(name) def getTrueOrNone(self, name): return self.options.getTrueOrNone(name) def getBool(self, name): return self.options.getBool(name) def getBoolAsValue(self, name, if_true, if_false, AllowNone=False): if AllowNone and not self.isset(name): return None value = self.getBool(name) if value: return if_true return if_false def removeFile(self, filename): print(_("Removing file: %s") % filename) if self.options.getBool("test-call"): return try: os.remove(filename) except FileNotFoundError: return class LDAP(Base): def __init__(self, options): super(Configuration.LDAP, self).__init__(options) def write(self): config = EnvironmentFile(Path.System('ldap.conf'), " ", delimiter_re=r"\s\t", quotes=False) if self.isset("ldapserver"): config.set("URI", self.get("ldapserver")) if self.isset("ldapbasedn"): config.set("BASE", self.get("ldapbasedn")) config.write() class Kerberos(Base): def __init__(self, options): super(Configuration.Kerberos, self).__init__(options) def isEnabled(self): if not self.isset("krb5realm") and not self.isset("krb5realmdns"): return None return self.get("krb5realm") != "" or self.getBool("krb5realmdns") def cleanup(self): # Do not remove the file if these options are not set if not self.isset("krb5realm") and not self.isset("krb5realmdns"): return self.removeFile(Path.System('krb5.conf')) def write(self): if self.isDisabled(): return path = Path.Local("snippets/authconfig-krb.conf") config = ConfigSnippet(path, Path.System('krb5.conf')) realm = self.get("krb5realm") keys = { 'realm': self.get("krb5realm"), 'kdc-srv': self.get("krb5kdcdns"), 'realm-srv': self.get("krb5realmdns"), 'kdc': self.get("krb5kdc") if realm else None, 'adminserver': self.get("krb5adminserver") if realm else None, 'domain': realm.lower() if realm else None } config.write(keys) class Network(Base): def __init__(self, options): super(Configuration.Network, self).__init__(options) def write(self): nisdomain = self.get("nisdomain") config = EnvironmentFile(Path.System('network')) if nisdomain is None: return config.set("NISDOMAIN", nisdomain) config.write() class SSSD(Base): def __init__(self, options): super(Configuration.SSSD, self).__init__(options, ServiceName="sssd") def isEnabled(self): if not self.isset("ldap") and not self.isset("sssd"): return None return self.getBool("ldap") or self.getBool("sssd") def cleanup(self): self.removeFile(Path.System('sssd.conf')) def write(self): # Authconfig would not generate sssd in this case so we should not # either. Even if --enablesssd[auth] was provided the configuration # would not be generated. if not self.getBool("ldap"): return path = Path.Local("snippets/authconfig-sssd.conf") config = ConfigSnippet(path, Path.System('sssd.conf')) schema = "rfc2307bis" if self.getBool("rfc2307bis") else None keys = { 'ldap-uri': self.get("ldapserver"), 'ldap-basedn': self.get("ldapbasedn"), 'ldap-tls': self.getTrueOrNone("ldaptls"), 'ldap-schema': schema, 'krb5': self.getTrueOrNone("krb5"), 'kdc-uri': self.get("krb5kdc"), 'kpasswd-uri': self.get("krb5adminserver"), 'realm': self.get("krb5realm"), 'cache-creds': self.getTrueOrNone("cachecreds"), 'cert-auth': self.getTrueOrNone("smartcard") } config.write(keys) os.chmod(Path.System('sssd.conf'), mode=0o600) class Winbind(Base): def __init__(self, options): super(Configuration.Winbind, self).__init__(options, ServiceName="winbind") def isEnabled(self): if not self.isset("winbind") and not self.isset("winbindauth"): return None return self.getBool("winbind") or self.getBool("winbindauth") def write(self): if not self.isset("winbindjoin"): return creds = self.options.get("winbindjoin").split("%", 1) user = creds[0] password = None if len(creds) > 1: password = creds[1] + '\n' args = [ 'join', '-U', '"%s"' % user, '--client-software', 'winbind' ] if self.isset("smbworkgroup"): args.append(self.get("smbworkgroup")) cmd = Command(Path.System('cmd-realm'), args, input=password) try: cmd.run() except FileNotFoundError: eprint(_("%s was not found. Please, install realmd.") % Path.System('cmd-realm')) class PWQuality(Base): def __init__(self, options): super(Configuration.PWQuality, self).__init__(options) def write(self): config = EnvironmentFile(Path.System('pwquality.conf')) value_set = False pwopts = { "minlen": self.get("passminlen"), "minclass": self.get("passminclass"), "maxrepeat": self.get("passmaxrepeat"), "maxclassrepeat": self.get("passmaxclassrepeat"), "lcredit": self.getBoolAsValue("reqlower", -1, 0, AllowNone=True), "ucredit": self.getBoolAsValue("requpper", -1, 0, AllowNone=True), "dcredit": self.getBoolAsValue("reqdigit", -1, 0, AllowNone=True), "ocredit": self.getBoolAsValue("reqother", -1, 0, AllowNone=True) } # Write options only if their are actually set for opt, value in pwopts.items(): if value is not None: print(opt + "=" + str(value)) config.set(opt, value) value_set = True if value_set: config.write() class MakeHomedir(Base): def __init__(self, options): super(Configuration.MakeHomedir, self).__init__(options, ServiceName="oddjobd") def isEnabled(self): if not self.isset("mkhomedir"): return None return self.getBool("mkhomedir") def disableService(self, nostop): # Never disable the service in case it is already running as # other applications may depend on it. return class NIS(Base): def __init__(self, options): super(Configuration.NIS, self).__init__(options) self.rpcbind = Service("rpcbind") self.ypbind = Service("ypbind") def isEnabled(self): if not self.isset("nis"): return None return self.getBool("nis") def enableService(self, nostart): if not self.isset("nisdomain"): return nisdom = self.get("nisdomain") if not nostart: cmd = Command(Path.System('cmd-domainname'), [nisdom]) cmd.run() cmd = Command(Path.System('cmd-setsebool'), ['-P', 'allow_ypbind', '1']) cmd.run() self.rpcbind.enable() self.ypbind.enable() if not nostart: self.rpcbind.start(Restart=False) self.ypbind.start() def disableService(self, nostop): if not nostop: cmd = Command(Path.System('cmd-domainname'), ["(none)"]) cmd.run() cmd = Command(Path.System('cmd-setsebool'), ['-P', 'allow_ypbind', '0']) cmd.run() self.rpcbind.disable() self.ypbind.disable() if not nostop: self.rpcbind.stop() self.ypbind.stop() def write(self): if not self.isset("nisdomain"): return output = "domain " + self.get("nisdomain") additional_servers = [] if self.isset("nisserver"): servers = self.get("nisserver").split(",") additional_servers = servers[1:] output += " server " + servers[0] + "\n" else: output += " broadcast\n" for server in additional_servers: output += "ypserver " + server + "\n" filename = Path.System('yp.conf') if self.getBool("test-call"): print("========== BEGIN Content of [%s] ==========" % filename) print(output) print("========== END Content of [%s] ==========\n" % filename) return with open(filename, "w") as f: f.write(output) class AuthCompat: def __init__(self): self.sysconfig = EnvironmentFile(Path.System('authconfig')) self.options = Options() self.options.parse() self.options.applysysconfig(self.sysconfig) self.options.updatesysconfig(self.sysconfig) def printWarning(self): print(_("Running authconfig compatibility tool.")) print(_("The purpose of this tool is to enable authentication against " "chosen services with authselect and minimum configuration. " "It does not provide all capabilities of authconfig.\n")) print(_("IMPORTANT: authconfig is replaced by authselect, " "please update your scripts.")) print(_("See man authselect-migration(7) to help you with migration to authselect")) options = self.options.getSetButUnsupported() if options: print(_("Warning: These options are not supported anymore " "and have no effect:")) for name in options: print(" --%s" % name) print("") def printOptions(self): for option in Options.List: print("%s=%s" % (option.name, option.value)) def printSysconfig(self): for line in self.sysconfig.getall(): print("%s=%s" % (line.name, line.value)) def canContinue(self): disallowed = ["test", "probe", "restorebackup", "restorelastbackup"] required = ["update", "updateall", "kickstart"] if not self.options.getBool("test") and os.getuid() != 0: print(_("authconfig can only be run as root")) return False for option in disallowed: if self.options.getBool(option): print(_("Error: option --%s is no longer supported and we " "cannot continue if it is set." % option)) return False if self.options.getBool("winbind") != self.options.getBool("winbindauth"): print(_("Error: Both --enablewinbind and --enablewinbindauth must be set.")) return False # We require one of these options to perform changes # We encourage to use --updateall since we no longer support just pure # --update or --kickstart, they will act as --updateall. for option in required: if self.options.getBool(option): return True print(_("Error: Please, provide --updateall option.")) return False def runAuthselect(self): map = { 'smartcard': 'with-smartcard', 'requiresmartcard': 'with-smartcard-required', 'fingerprint': 'with-fingerprint', 'mkhomedir': 'with-mkhomedir', 'faillock': 'with-faillock', 'pamaccess': 'with-pamaccess', 'winbindkrb5': 'with-krb5' } # Read current configuration first. (profile, features) = self.getCurrentAuthselectConfig() # Change profile if requested. if (self.options.getBool("ldap") or self.options.getBool("ldapauth") or self.options.getBool("sssd") or self.options.getBool("sssdauth")): profile = "sssd" elif self.options.getBool("nis"): profile = "nis" elif self.options.getBool("winbind"): profile = "winbind" # Default to sssd if profile is None: profile = "sssd" # Add enabled and remove disabled features. for option, feature in map.items(): if not self.options.isset(option): continue enabled = self.options.getBool(option) if enabled: features.append(feature) else: while feature in features: features.remove(feature) # Add lock-on-smartcard-removal if requested if self.options.isset("smartcardaction"): if int(self.options.get("smartcardaction")) == 0: features.append("with-smartcard-lock-on-removal") else: features.remove("with-smartcard-lock-on-removal") # Remove duplicates. The order is not kept but that does not matter. features = list(set(features)) # Always run with --force. This is either first call of authconfig # in installation script or it is run on already configured system. # We want to use authselect in both cases anyway, since authconfig # would change the configuration either way. args = ["select", profile] args.extend(features) args.append("--force") cmd = Command(Path.System('cmd-authselect'), args) cmd.run() def getCurrentAuthselectConfig(self): cmd = Command(Path.System('cmd-authselect'), ['check'], check=False) cmd.run() if cmd.result is None or cmd.result.returncode != 0: return (None, []) cmd = Command(Path.System('cmd-authselect'), ['current', '--raw']) cmd.run() current = cmd.result.stdout.decode("utf-8").split() return (current[0], current[1:]) def writeConfiguration(self): configs = [ Configuration.LDAP(self.options), Configuration.Network(self.options), Configuration.Kerberos(self.options), Configuration.SSSD(self.options), Configuration.Winbind(self.options), Configuration.PWQuality(self.options), Configuration.MakeHomedir(self.options), Configuration.NIS(self.options) ] for config in configs: # Configuration decides if it needs to write something or not config.write() # Enable or disable service if needed nostart = self.options.getBool("nostart") try: enabled = config.isEnabled() # Skip service management if it can not be decided if enabled is None: continue if enabled: config.enableService(nostart) else: config.disableService(nostart) config.cleanup() except subprocess.CalledProcessError as result: # This is not fatal error. eprint(_("Command [%s] failed with %d, stderr:") % (' '.join(result.cmd), result.returncode)) eprint(result.stderr.decode()) def main(): try: locale.setlocale(locale.LC_ALL, '') except locale.Error: sys.stderr.write('Warning: Unsupported locale setting.\n') authcompat = AuthCompat() authcompat.printWarning() Command.TEST = authcompat.options.getBool("test-call") EnvironmentFile.TEST = authcompat.options.getBool("test-call") ConfigSnippet.TEST = authcompat.options.getBool("test-call") if not authcompat.canContinue(): sys.exit(1) try: authcompat.runAuthselect() authcompat.writeConfiguration() authcompat.sysconfig.write() except subprocess.CalledProcessError as result: eprint(_("Command [%s] failed with %d, stderr:") % (' '.join(result.cmd), result.returncode)) eprint(result.stderr.decode()) sys.exit(0) if __name__ == "__main__": main() PKEhe[OLLauthcompat_EnvironmentFile.pynu[# -*- coding: utf-8 -*- # # Authors: # Pavel Březina # # Copyright (C) 2018 Red Hat # # This program is free software; you can redistribute it and/or modify # it under the terms of the GNU General Public License as published by # the Free Software Foundation; either version 3 of the License, or # (at your option) any later version. # # This program is distributed in the hope that it will be useful, # but WITHOUT ANY WARRANTY; without even the implied warranty of # MERCHANTABILITY or FITNESS FOR A PARTICULAR PURPOSE. See the # GNU General Public License for more details. # # You should have received a copy of the GNU General Public License # along with this program. If not, see . # import errno import os import re class EnvironmentFile: TEST = False def __init__(self, filename, delimiter='=', delimiter_re=None, quotes=True): self.filename = filename self.delimiter = delimiter self.quotes = quotes self.environment = [] delimiter_re = delimiter_re if delimiter_re is not None else delimiter self.pattern = re.compile(r'^(\s*)(\S*)([^\n\S]*)(' + delimiter_re + r')([^\n\S]*)(.*)$', re.MULTILINE) self.read() def read(self): try: with open(self.filename, "r") as f: lines = f.readlines() except FileNotFoundError: return for line in lines: parsed = self.Line.Parse(line, self.pattern, self.delimiter, self.quotes) self.environment.append(parsed) def write(self): output = "" for line in self.environment: output = output + line.getLine() if self.TEST: print("========== BEGIN Content of [%s] ==========" % self.filename) print(output) print("========== END Content of [%s] ==========\n" % self.filename) return dirname = os.path.dirname(self.filename) if not os.path.exists(dirname): try: os.makedirs(dirname) except OSError as exception: if exception.errno == errno.EEXIST and os.path.isdir(dirname): pass else: raise with open(self.filename, "w") as f: f.write(output) def get(self, name, default=None): value = None for line in self.environment: if line.isVariable() and line.name == name: value = line.value if value is None: return default if value.lower() in [None, "no", "false", "f", "n"]: return False elif value.lower() in ["yes", "true", "t", "y"]: return True return value def getall(self): lines = [] for line in self.environment: if line.isVariable(): lines.append(line) return lines def set(self, name, value): if type(value) is bool: value = "yes" if value else "no" for line in self.environment: if line.isVariable() and line.name == name: line.set(name, value) return line = self.Line(self.delimiter, self.quotes) line.set(name, value) self.environment.append(line) class Line: def __init__(self, delimiter, quotes, name=None, value=None, original=None, fmt=None): self.delimiter = delimiter self.quotes = quotes self.name = name self.value = value self.original = original self.fmt = fmt def isVariable(self): return self.fmt is not None def isOriginal(self): return self.original is not None def set(self, name, value): self.name = name self.value = value if self.fmt is None: self.fmt = "${name}%s${value}\n" % self.delimiter def getLine(self): if self.isOriginal(): return self.original value = self.value if self.value is not None else "" replacement = { 'name': self.name, 'value': self.Escape(value, self.quotes) } line = self.fmt for key, value in replacement.items(): line = line.replace("${" + key + "}", str(value)) return line @staticmethod def Parse(line, pattern, delimiter, quotes): match = pattern.match(line) if line.startswith('#') or not line.strip() or not match: return EnvironmentFile.Line(delimiter, quotes, original=line) name = match.group(2) value = EnvironmentFile.Line.Unescape(match.group(6), quotes) fmt = "%s${name}%s%s%s${value}\n" % (match.group(1), match.group(3), match.group(4), match.group(5)) return EnvironmentFile.Line(delimiter, quotes, name=name, value=value, fmt=fmt) @staticmethod def Escape(value, quotes): if value is None: return "" value = str(value) value = value.replace("\\", "\\\\") value = value.replace("\"", "\\\"") value = value.replace("'", "\\\'") value = value.replace("$", "\\$") value = value.replace("~", "\\~") value = value.replace("`", "\\`") if quotes: if value.find(" ") > 0 or value.find("\t") > 0: value = "\"" + value + "\"" return value @staticmethod def Unescape(value, quotes): if not value: return value value = str(value) length = len(value) if quotes: if (value[0] == "\"" or value[0] == "'") and value[0] == value[length - 1]: value = value[1:length - 1] i = 0 while True: i = value.find("\\", i) if i < 0: break if i + 1 >= len(value): value = value[0:i] break value = value[0:i] + value[i + 1:] i += 1 return value PKEhe[2ssnippets/authconfig-krb.confnu[[libdefaults] dns_lookup_kdc = ${kdc-srv} dns_lookup_realm = ${realm-srv} default_realm = ${realm} [realms] ${realm} = { kdc = ${kdc} admin_server = ${adminserver} ${?realm}} [domain_realm] ${domain} = ${realm} .${domain} = ${realm} PKEhe[ 26snippets/authconfig-sssd.confnu[[sssd] domains = default [domain/default] id_provider = ldap auth_provider${?krb5} = krb5 ldap_uri = ${ldap-uri} ldap_search_base = ${ldap-basedn} ldap_id_use_start_tls = ${ldap-tls} ldap_schema = ${ldap-schema} krb5_server${?krb5} = ${kdc-uri} krb5_kpasswd${?krb5} = ${kpasswd-uri} krb5_realm${?krb5} = ${realm} krb5_store_password_if_offline${?krb5} = ${cache-credentials} cache_credentials = ${cache-credentials} [pam]${?cert-auth} pam_cert_auth = ${cert-auth} PKEhe[s"9__pycache__/authcompat_ConfigSnippet.cpython-36.opt-1.pycnu[3 ٥c @s*ddlZddlZddlZGdddZdS)Nc@s>eZdZdZejdZejdZddZddZ d dd Z d S) ConfigSnippetFz\${\??(?P[\w-]*)}z \${\?[\w-]*}c Cs*t|d}|j|_WdQRX||_dS)Nr)openreadtemplate destination)selfrrfr ./usr/lib/python3.6/authcompat_ConfigSnippet.py__init__!s zConfigSnippet.__init__c Cs|jjd}g}xTt|D]H\}}x>|jj|D].}|jd}||ksR||dkr0|j|Pq0WqWxt|ddD] }||=qtWdj|}|j j d|}xF|j D]:\}} | dkrqt | t kr| rdnd} |jd|| }qW|S) N keyT)reversetrueZfalsez${%s})rsplit enumerate AllKeysREfinditergroupappendsortedjoin DummyKeysREsubitemstypeboolreplace) rvalueslinesremoveidxlinematchroutputvaluer r r generate's&        zConfigSnippet.generatecCs|j|}|jr8td|jt|td|jdStjj|j}tjj|sytj|Wn>t k r}z"|j t j krtjj |rnWYdd}~XnXt |jd}|j|WdQRXdS)Nz+========== BEGIN Content of [%s] ==========z,========== END Content of [%s] ========== w)r(TESTprintrospathdirnameexistsmakedirsOSErrorerrnoZEEXISTisdirrwrite)rr Z to_stdoutr&r.Z exceptionr r r r r4Hs   zConfigSnippet.writeN)F) __name__ __module__ __qualname__r*recompilerrr r(r4r r r r rs   !r)r2r,r8rr r r r sPKEhe[''-__pycache__/authcompat_Options.cpython-36.pycnu[3 [*e6@s6ddlZddlZejZGdddZGdddZdS)Nc@steZdZddZddZddZddZed d Zed d Z ed dZ eddZ eddZ eddZ dS)OptioncCs.||_||_||_||_||_d|_d|_dS)NF)namemetavarhelpfeature supportedvaluefrom_sysconfig)selfrrrrrr (/usr/lib/python3.6/authcompat_Options.py__init__szOption.__init__cCs ||_dS)N)r)r new_valuer r r set&sz Option.setcCs|j|d|_dS)NT)rr )r rr r r set_from_sysconfig)s zOption.set_from_sysconfigcCs |jdk S)N)r)r r r r isset-sz Option.issetcCst|||dddS)NFT)rr)r)rrrr r r Valued0sz Option.ValuedcCst|d|dddS)NFT)rr)r)rrr r r Switch4sz Option.SwitchcCst|d|dddS)NT)rr)r)rrr r r Feature8szOption.FeaturecCst||ddddS)NF)rr)r)rrr r r UnsupportedValued<szOption.UnsupportedValuedcCst|dddddS)NTF)rr)r)rr r r UnsupportedFeature@szOption.UnsupportedFeaturecCst|dddddS)NF)rr)r)rr r r UnsupportedSwitchDszOption.UnsupportedSwitchN)__name__ __module__ __qualname__r rrr staticmethodrrrrrrr r r r rs      rcM@seZdZejdedejdededejdededejd ed ejd ed ejd ededejdededejdedejdedejdedejdedejdededejdedejded ejd!ed"ejd#eded$ejd%eded&ejd'ed(ed)ejd*ed+ejd,ed-ejd.ed/ejd0ed1ejd2ed3ed4ejd5ed6ejd7ed8ed9ejd:ed;ejded?ejd@edAejdBedCejdDedEejdFedGedHejdIedGedJejdKedGedLejdMedGedNejdOedPejdQedRejdSedTejdUedVejdWedXejdYedZejd[ed\ejd]ed\ejd^ej ej d_ej d`ej daedbej dcedbej ddej deej dfej dgej dhej diej djej dkedlej dmednej doedpej dqedrej dsed(ej dteduej dvedwej dxedwej dyedwej dzed{ej d|ed}ej d~edej dej dej dej dej dej dej dedgJZ dDdd ddfd.d5d:d!d ddddkdidgd0ddZddZddZddZddZddZddZddZddZddZddZddZddZddZddZdS)OptionsZnisz#NIS for user information by defaultZ nisdomainzzdefault NIS domainZ nisserverzzdefault NIS serverZldapz$LDAP for user information by defaultZldapauthz"LDAP for authentication by defaultZ ldapserverz#default LDAP server hostname or URIZ ldapbasednzzdefault LDAP base DNldaptlszuse of TLS with LDAP (RFC-2830) ldapstarttlsz4use of TLS for identity lookups with LDAP (RFC-2830)Z rfc2307bisz;use of RFC-2307bis schema for LDAP user information lookupsZ smartcardz)authentication with smart card by defaultZsmartcardactionz<0=Lock|1=Ignore>z(action to be taken on smart card removalZrequiresmartcardz0require smart card for authentication by defaultZ fingerprintz2authentication with fingerprint readers by defaultZkrb5z"Kerberos authentication by defaultZkrb5kdczdefault Kerberos KDCZkrb5adminserverzdefault Kerberos admin serverZ krb5realmzzdefault Kerberos realmZ krb5kdcdnsz use of DNS to find Kerberos KDCsZ krb5realmdnsz"use of DNS to find Kerberos realmsZwinbindz'winbind for user information by defaultZ winbindauthz%winbind for authentication by defaultZ winbindjoinzz>join the winbind domain or ads realm now as this administratorZ winbindkrb5z(Kerberos 5 for authenticate with winbindZ smbworkgroupz z'workgroup authentication servers are inZsssdzHSSSD for user information by default with manually managed configurationZsssdauthzFSSSD for authentication by default with manually managed configurationZ cachecredsz.caching of user credentials in SSSD by defaultZ pamaccessz1check of access.conf during account authorizationZ mkhomedirz;creation of home directories for users on their first loginZfaillockzGaccount locking in case of too many consecutive authentication failuresZ passminlenzzminimum length of a passwordZ passminclassz1minimum number of character classes in a passwordZ passmaxrepeatz;maximum number of same consecutive characters in a passwordZpassmaxclassrepeatzDmaximum number of consecutive characters of same class in a passwordZreqlowerz6require at least one lowercase character in a passwordZrequpperz6require at least one uppercase character in a passwordZreqdigitz(require at least one digit in a passwordZreqotherz2require at least one other character in a passwordZnostartzdo not start/stop servicesZ updateallzupdate all configuration filesupdatezthe same as --updateallZ kickstartz test-callZtestZprobeZ savebackupzZ restorebackupZrestorelastbackupcacheZecryptfsshadow useshadowmd5usemd5Zpassalgoz%ZldaploadcacertzZsmartcardmodulezZ smbsecurityzZsmbrealmZ smbserversz Z smbidmaprangezZ smbidmapuidZ smbidmapgidZwinbindseparatorz<\>Zwinbindtemplatehomedirz Zwinbindtemplateshellz ZwinbindusedefaultdomainZwinbindofflineZ preferdnsZ forcelegacyZ locauthorizeZ sysnetauthZ faillockargsz )Z USEFAILLOCKZ FAILLOCKARGSZUSELDAPZUSENISZ USEECRYPTFSZ USEWINBINDZ WINBINDKRB5ZUSESSSDZ USEKERBEROSZ USELDAPAUTHZ USESMARTCARDZFORCESMARTCARDZ USEFPRINTDZPASSWDALGORITHMZUSEMD5Z USESHADOWZUSEWINBINDAUTHZ USESSSDAUTHZUSELOCAUTHORIZEZ USEPAMACCESSZ USEMKHOMEDIRZ USESYSNETAUTHZ FORCELEGACYZCACHECREDENTIALScCs&i|_x|jD]}||j|j<qWdS)N)optionsListr)r optionr r r r s zOptions.__init__cCs tjdd}|jtd|jtdd}x,|jD]"}|jr@dnd}|j|||q2W|j}x*|jj D]\}}t ||}|j |qlW|j d r|j d r|j d|j d |j d  r|j d r|j d |j d |j d o|j d  r|j d |j d dS)NzAuthconfig Compatibility Tool.) descriptionz(These options have a compatibility layerz8These options are no longer supported and have no effect)r unsupportedrr)r#r$r!r"rr)argparseArgumentParserZadd_argument_group_r&r add_option parse_argsr%itemsgetattrrrget)r parserZparsersr'groupZcmdlinerrr r r parses     z Options.parsecCs<x6|jjD](\}}|j|s |j|j|j|q WdS)N)Mapr/rr%rr1)r sysconfigrr'r r r applysysconfigs zOptions.applysysconfigcCs8x2|jjD]$\}}|j|r |j||j|q WdS)N)r5r/rrr1)r r6rr'r r r updatesysconfigs zOptions.updatesysconfigcCs |j|jS)N)r%r)r rr r r r1sz Options.getcCs|j|j|dS)N)r%r)r rrr r r rsz Options.setcCs|j|jS)N)r%r)r rr r r rsz Options.issetcCs |j|}|dks| rdSdS)NFT)r1)r rrr r r getBools zOptions.getBoolcCs |j|}|dks| rdSdS)NT)r1)r rrr r r getTrueOrNones zOptions.getTrueOrNonecCs^g}xTtjD]J}|jrq |js"q |jr*q |j}|jrL|jrDd|nd|}|j|q W|S)Nenabledisable) rr&rrr rrrappend)r r%r'rr r r getSetButUnsupported s zOptions.getSetButUnsupportedcCs<|jdk r|j||n |jr,|j||n |j||dS)N)r add_valuedr add_feature add_switch)r r2r'r r r r-s  zOptions.add_optioncCs$|jd|jd|j|j|jddS)Nz--Zstore)actionrdestr) add_argumentrrr)r r2r'r r r r?&s  zOptions.add_valuedcCs"|jd|jdd|j|jddS)Nz-- store_constT)rBconstrrC)rDrr)r r2r'r r r rA-s  zOptions.add_switchcCsrd}d}|jdk r6tdd|j}tdd|j}|jd|jdd||jd|jd|jdd ||jddS) Nr; r<z--enablerET)rBrFrrCz --disableF)rr,rDr)r r2r'Z help_enableZ help_disabler r r r@4s    zOptions.add_featureN)rrrrrr,rrr*ZSUPPRESSrrrr&r5r r4r7r8r1rrr9r:r>r-r?rAr@r r r r rIs  r)r*gettextr,rrr r r r s-PKEhe[cc5__pycache__/authcompat_EnvironmentFile.cpython-36.pycnu[3 ٥cL@s*ddlZddlZddlZGdddZdS)Nc@sReZdZdZdddZddZd d Zdd d Zd dZddZ GdddZ dS)EnvironmentFileF=NTcCsL||_||_||_g|_|dk r$|n|}tjd|dtj|_|jdS)Nz^(\s*)(\S*)([^\n\S]*)(z)([^\n\S]*)(.*)$) filename delimiterquotes environmentrecompile MULTILINEpatternread)selfrrZ delimiter_rerr0/usr/lib/python3.6/authcompat_EnvironmentFile.py__init__s  zEnvironmentFile.__init__cCspy$t|jd}|j}WdQRXWntk r8dSXx0|D](}|jj||j|j|j}|j j |q@WdS)Nr) openr readlinesFileNotFoundErrorLineParser rrrappend)r flineslineZparsedrrrr .s   zEnvironmentFile.readcCsd}x|jD]}||j}q W|jrNtd|jt|td|jdStjj|j}tjj|sytj |Wn>t k r}z"|j t j krtjj |rnWYdd}~XnXt|jd}|j|WdQRXdS)Nz+========== BEGIN Content of [%s] ==========z,========== END Content of [%s] ========== w)rgetLineTESTprintrospathdirnameexistsmakedirsOSErrorerrnoZEEXISTisdirrwrite)r outputrr"Z exceptionrrrrr(:s$  zEnvironmentFile.writecCs\d}x&|jD]}|jr |j|kr |j}q W|dkr8|S|jd krHdS|jd krXd S|S) NnofalsernFyestruetyT)Nr*r+rr,)r-r.r/r0)r isVariablenamevaluelower)r r2defaultr3rrrrgetRs    zEnvironmentFile.getcCs*g}x |jD]}|jr |j|q W|S)N)rr1r)r rrrrrgetallbs  zEnvironmentFile.getallcCsvt|tkr|rdnd}x0|jD]&}|jr |j|kr |j||dSq W|j|j|j}|j|||jj |dS)Nr-r*) typeboolrr1r2setrrrr)r r2r3rrrrr:js     zEnvironmentFile.setc@sZeZdZdddZddZddZdd Zd d Zed d Z eddZ eddZ dS)zEnvironmentFile.LineNcCs(||_||_||_||_||_||_dS)N)rrr2r3originalfmt)r rrr2r3r;r<rrrrxs zEnvironmentFile.Line.__init__cCs |jdk S)N)r<)r rrrr1szEnvironmentFile.Line.isVariablecCs |jdk S)N)r;)r rrr isOriginalszEnvironmentFile.Line.isOriginalcCs&||_||_|jdkr"d|j|_dS)Nz${name}%s${value} )r2r3r<r)r r2r3rrrr:s zEnvironmentFile.Line.setcCsp|jr|jS|jdk r|jnd}|j|j||jd}|j}x,|jD] \}}|jd|dt |}qHW|S)Nr)r2r3z${}) r=r;r3r2Escaperr<itemsreplacestr)r r3Z replacementrkeyrrrrszEnvironmentFile.Line.getLinecCs|j|}|jds$|j s$| r4tj|||dS|jd}tjj|jd|}d|jd|jd|jd|jd f}tj|||||d S) N#)r;z%s${name}%s%s%s${value} )r2r3r<)match startswithstriprrgroupUnescape)rr rrrKr2r3r<rrrrs    zEnvironmentFile.Line.ParsecCs|dkr dSt|}|jdd}|jdd}|jdd}|jdd }|jd d }|jd d }|r|jddks||jddkrd|d}|S)Nr\z\\"z\"'z\'$z\$~z\~`z\` r )rBrAfind)r3rrrrr?s       zEnvironmentFile.Line.EscapecCs|s|St|}t|}|rX|ddks4|ddkrX|d||dkrX|d|d}d}x\|jd|}|dkrtP|dt|kr|d|}P|d|||dd}|d7}q^W|S)NrrQrRrGrP)rBlenrX)r3rZlengthirrrrOs$,   zEnvironmentFile.Line.Unescape)NNNN) __name__ __module__ __qualname__rr1r=r:r staticmethodrr?rOrrrrrws   r)rNT)N) r[r\r]rrr r(r6r7r:rrrrrrs    r)r&r rrrrrrsPKEhe[MM+__pycache__/authcompat.cpython-36.opt-1.pycnu[3 *e)V@sddlZddlZddlZddlZddlZddlmZddlmZddl m Z ejZ ddZ GdddZ Gd d d ZGd d d ZGd ddZGdddZddZedkredS)N)Options)EnvironmentFile) ConfigSnippetcOst|dtji|dS)Nfile)printsysstderr)argskwargsr /usr/lib/python3.6/authcompat.pyeprint%sr c@s"eZdZdZdddZddZdS) CommandFNTcCs2|g||_|dk r|jnd|_||_d|_dS)N)r encodeinputcheckresult)selfcommandr rrr r r __init__,s zCommand.__init__cCsFttddj|j|jr"dStj|j|j|jtj tj d|_ dS)Nz Executing: %s )rrstdoutr) r_joinr TEST subprocessrunrrPIPEr)rr r r r2s z Command.run)NT)__name__ __module__ __qualname__rrrr r r r r)s rc@s>eZdZddZddZddZddZdd d Zd d ZdS)ServicecCs|d|_dS)Nz.service)name)rr"r r r r?szService.__init__cCsy |jWn|tjk r}z^|rB|j|krBttd|jn6|j|krxttddj|j|jft|j j WYdd}~XnXdS)Nz5Service %s was not found. Please install the service.z$Command [%s] failed with %d, stderr:r) rrCalledProcessError returncoder rr"rcmdrdecode)rrrequiredZ enoent_coderr r r runsystemdBs   zService.runsystemdcCs(ttjdd|jg}|j|dddS)Nz cmd-systemctlenableT)rPathSystemr"r()rr%r r r r)NszService.enablecCs(ttjdd|jg}|j|dddS)Nz cmd-systemctldisableFr*)rr+r,r"r()rr%r r r r-RszService.disableTcCs4|r |jttjdd|jg}|j|dddS)Nz cmd-systemctlstartT)stoprr+r,r"r()rRestartr%r r r r.Vsz Service.startcCs(ttjdd|jg}|j|dddS)Nz cmd-systemctlr0Fr/)rr+r,r"r()rr%r r r r0\sz Service.stopN)T) rrr rr(r)r-r.r0r r r r r!>s   r!c @sbeZdZejjejjeZe edZ dddddddd d d d d d Z e ddZ e ddZdS)r+z/authcompat_pathsz/etc/openldap/ldap.confz$/etc/krb5.conf.d/authconfig-krb.confz%/etc/sssd/conf.d/authconfig-sssd.confz/etc/sysconfig/authconfigz/etc/sysconfig/networkz;/etc/security/pwquality.conf.d/10-authconfig-pwquality.confz /etc/yp.confz/usr/bin/systemctlz/usr/bin/authselectz/usr/sbin/realmz/usr/bin/domainnamez/usr/sbin/setsebool) z ldap.confz krb5.confz sssd.conf authconfignetworkzpwquality.confzyp.confz cmd-systemctlzcmd-authselectz cmd-realmzcmd-domainnamez cmd-setseboolcCsdtj|fS)Nz%s/%s)r+LocalDir)relpathr r r Localtsz Path.LocalcCs tj|S)N)r+Files)r"r r r r,xsz Path.SystemN)rrr ospathdirnamerealpath__file__r4rZConfigr7 staticmethodr6r,r r r r r+as   r+c@seZdZGdddeZGdddeZGdddeZGdddeZGd d d eZGd d d eZ Gd ddeZ GdddeZ GdddeZ dS) Configurationc@sxeZdZdddZddZddZdd Zd d Zd d ZddZ ddZ ddZ ddZ ddZ dddZddZdS)zConfiguration.BaseNcCs"||_d|_|dk rt||_dS)N)optionsservicer!)rr? ServiceNamer r r rszConfiguration.Base.__init__cCsdS)NTr )rr r r isEnabledszConfiguration.Base.isEnabledcCs |j S)N)rB)rr r r isDisabledszConfiguration.Base.isDisabledcCs*|jdkrdS|jj|s&|jjdS)N)r@r)r.)rnostartr r r enableServices   z Configuration.Base.enableServicecCs*|jdkrdS|jj|s&|jjdS)N)r@r-r0)rnostopr r r disableServices   z!Configuration.Base.disableServicecCsdS)Nr )rr r r cleanupszConfiguration.Base.cleanupcCsdS)Nr )rr r r writeszConfiguration.Base.writecCs |jj|S)N)r?get)rr"r r r rJszConfiguration.Base.getcCs |jj|S)N)r?isset)rr"r r r rKszConfiguration.Base.issetcCs |jj|S)N)r? getTrueOrNone)rr"r r r rLsz Configuration.Base.getTrueOrNonecCs |jj|S)N)r?getBool)rr"r r r rMszConfiguration.Base.getBoolFcCs*|r|j| rdS|j|}|r&|S|S)N)rKrM)rr"Zif_trueZif_false AllowNonevaluer r r getBoolAsValues  z!Configuration.Base.getBoolAsValuec CsHttd||jjdr dSytj|Wntk rBdSXdS)NzRemoving file: %sz test-call)rrr?rMr8removeFileNotFoundError)rfilenamer r r removeFiles zConfiguration.Base.removeFile)N)F)rrr rrBrCrErGrHrIrJrKrLrMrPrTr r r r Base~s    rUcs$eZdZfddZddZZS)zConfiguration.LDAPcsttj|j|dS)N)superr>LDAPr)rr?) __class__r r rszConfiguration.LDAP.__init__cCsZttjddddd}|jdr2|jd|jd|jdrN|jd |jd|jdS) Nz ldap.confrz\s\tF)Z delimiter_reZquotes ldapserverZURI ldapbasednZBASE)rr+r,rKsetrJrI)rconfigr r r rIs    zConfiguration.LDAP.write)rrr rrI __classcell__r r )rXr rWs rWcs4eZdZfddZddZddZddZZS) zConfiguration.Kerberoscsttj|j|dS)N)rVr>Kerberosr)rr?)rXr r rszConfiguration.Kerberos.__init__cCs4|jd r|jd rdS|jddkp2|jdS)N krb5realm krb5realmdns)rKrJrM)rr r r rBsz Configuration.Kerberos.isEnabledcCs0|jd r|jd rdS|jtjddS)Nr_r`z krb5.conf)rKrTr+r,)rr r r rHszConfiguration.Kerberos.cleanupcCs|jr dStjd}t|tjd}|jd}|jd|jd|jd|rV|jdnd|rf|jdnd|rt|jndd}|j|dS) Nzsnippets/authconfig-krb.confz krb5.confr_Z krb5kdcdnsr`krb5kdckrb5adminserver)realmzkdc-srvz realm-srvZkdcZ adminserverZdomain)rCr+r6rr,rJlowerrI)rr9r\rdkeysr r r rIs  zConfiguration.Kerberos.write)rrr rrBrHrIr]r r )rXr r^s r^cs$eZdZfddZddZZS)zConfiguration.Networkcsttj|j|dS)N)rVr>Networkr)rr?)rXr r rszConfiguration.Network.__init__cCs<|jd}ttjd}|dkr$dS|jd||jdS)N nisdomainr3Z NISDOMAIN)rJrr+r,r[rI)rrhr\r r r rIs   zConfiguration.Network.write)rrr rrIr]r r )rXr rgs rgcs4eZdZfddZddZddZddZZS) zConfiguration.SSSDcsttj|j|dddS)Nsssd)rA)rVr>SSSDr)rr?)rXr r rszConfiguration.SSSD.__init__cCs0|jd r|jd rdS|jdp.|jdS)Nldapri)rKrM)rr r r rBszConfiguration.SSSD.isEnabledcCs|jtjddS)Nz sssd.conf)rTr+r,)rr r r rHszConfiguration.SSSD.cleanupc Cs|jdsdStjd}t|tjd}|jdr6dnd}|jd|jd|jd||jd|jd |jd |jd |jd |jd d }|j|tj tjddddS)Nrkzsnippets/authconfig-sssd.confz sssd.confZ rfc2307bisrYrZZldaptlskrb5rbrcr_Z cachecreds smartcard) zldap-uriz ldap-basednzldap-tlsz ldap-schemarlzkdc-uriz kpasswd-urirdz cache-credsz cert-authi)mode) rMr+r6rr,rJrLrIr8chmod)rr9r\Zschemarfr r r rIs"   zConfiguration.SSSD.write)rrr rrBrHrIr]r r )rXr rjs rjcs,eZdZfddZddZddZZS)zConfiguration.Winbindcsttj|j|dddS)Nwinbind)rA)rVr>Winbindr)rr?)rXr r r.szConfiguration.Winbind.__init__cCs0|jd r|jd rdS|jdp.|jdS)Nrp winbindauth)rKrM)rr r r rB1szConfiguration.Winbind.isEnabledc Cs|jdsdS|jjdjdd}|d}d}t|dkrF|dd}ddd|d d g}|jd rr|j|jd ttjd ||d }y |j Wn*t k rt t dtjd YnXdS)NZ winbindjoin%r*r rz-Uz"%s"z--client-softwarerpZ smbworkgroupz cmd-realm)rz)%s was not found. Please, install realmd.) rKr?rJsplitlenappendrr+r,rrRr r)rZcredsuserZpasswordr r%r r r rI7s$     zConfiguration.Winbind.write)rrr rrBrIr]r r )rXr rq-s rqcs$eZdZfddZddZZS)zConfiguration.PWQualitycsttj|j|dS)N)rVr> PWQualityr)rr?)rXr r rSsz Configuration.PWQuality.__init__c Csttjd}d}|jd|jd|jd|jd|jddd d d |jd dd d d |jd dd d d |jddd d d d}x@|jD]4\}}|dk rt|dt||j||d }qW|r|j dS)Nzpwquality.confFZ passminlenZ passminclassZ passmaxrepeatZpassmaxclassrepeatZreqlowerr*rT)rNZrequpperZreqdigitZreqother)ZminlenZminclassZ maxrepeatZmaxclassrepeatZlcreditZucreditZdcreditZocredit=r{r{r{) rr+r,rJrPitemsrstrr[rI)rr\Z value_setZpwoptsoptrOr r r rIVs" zConfiguration.PWQuality.write)rrr rrIr]r r )rXr ryRs rycs,eZdZfddZddZddZZS)zConfiguration.MakeHomedircsttj|j|dddS)NZoddjobd)rA)rVr> MakeHomedirr)rr?)rXr r rpsz"Configuration.MakeHomedir.__init__cCs|jdsdS|jdS)N mkhomedir)rKrM)rr r r rBss z#Configuration.MakeHomedir.isEnabledcCsdS)Nr )rrFr r r rGysz(Configuration.MakeHomedir.disableService)rrr rrBrGr]r r )rXr ros rcs<eZdZfddZddZddZddZd d ZZS) zConfiguration.NIScs*ttj|j|td|_td|_dS)Nrpcbindypbind)rVr>NISrr!rr)rr?)rXr r rs zConfiguration.NIS.__init__cCs|jdsdS|jdS)Nnis)rKrM)rr r r rBs zConfiguration.NIS.isEnabledcCs|jdsdS|jd}|s6ttjd|g}|jttjddddg}|j|jj|jj|s|jj dd|jj dS) Nrhzcmd-domainnamez cmd-setseboolz-P allow_ypbind1F)r1) rKrJrr+r,rrr)rr.)rrDZnisdomr%r r r rEs      zConfiguration.NIS.enableServicecCsl|sttjddg}|jttjddddg}|j|jj|jj|sh|jj|jjdS)Nzcmd-domainnamez(none)z cmd-setseboolz-Pr0)rr+r,rrr-rr0)rrFr%r r r rGs     z Configuration.NIS.disableServicec Cs|jdsdSd|jd}g}|jdr\|jdjd}|dd}|d|dd7}n|d 7}x|D]}|d |d7}qjWtjd }|jd rtd |t|td|dSt|d}|j|WdQRXdS)Nrhzdomain Z nisserver,r*z server rrtz broadcast z ypserver zyp.confz test-callz+========== BEGIN Content of [%s] ==========z,========== END Content of [%s] ========== w) rKrJrur+r,rMropenrI)routputZadditional_serversZserversZserverrSfr r r rIs&         zConfiguration.NIS.write) rrr rrBrErGrIr]r r )rXr r~s  rN) rrr objectrUrWr^rgrjrqryrrr r r r r>}sE$)%r>c@sLeZdZddZddZddZddZd d Zd d Zd dZ ddZ dS) AuthCompatcCsBttjd|_t|_|jj|jj|j|jj|jdS)Nr2) rr+r, sysconfigrr?parseZapplysysconfigZupdatesysconfig)rr r r rs  zAuthCompat.__init__cCspttdttdttdttd|jj}|rdttdx|D]}td|qPWtddS)Nz&Running authconfig compatibility tool.zThe purpose of this tool is to enable authentication against chosen services with authselect and minimum configuration. It does not provide all capabilities of authconfig. zLIMPORTANT: authconfig is replaced by authselect, please update your scripts.zHSee man authselect-migration(7) to help you with migration to authselectzDWarning: These options are not supported anymore and have no effect:z --%sra)rrr?ZgetSetButUnsupported)rr?r"r r r printWarnings       zAuthCompat.printWarningcCs(x"tjD]}td|j|jfqWdS)Nz%s=%s)rZListrr"rO)roptionr r r printOptionss zAuthCompat.printOptionscCs,x&|jjD]}td|j|jfq WdS)Nz%s=%s)rZgetallrr"rO)rliner r r printSysconfigszAuthCompat.printSysconfigcCsddddg}dddg}|jjd r@tjdkr@ttd d Sx,|D]$}|jj|rFttd |d SqFW|jjd |jjd krttdd Sx|D]}|jj|rdSqWttdd S)NZtestZprobeZ restorebackupZrestorelastbackupupdateZ updateallZ kickstartrz"authconfig can only be run as rootFzNError: option --%s is no longer supported and we cannot continue if it is set.rprrz@Error: Both --enablewinbind and --enablewinbindauth must be set.Tz*Error: Please, provide --updateall option.)r?rMr8getuidrr)rZ disallowedr'rr r r canContinues$          zAuthCompat.canContinuec CsZdddddddd}|j\}}|jjd sP|jjd sP|jjd sP|jjd rVd }n"|jjd rhd }n|jjdrxd}|dkrd }xV|jD]J\}}|jj|sq|jj|}|r|j|qx||kr|j|qWqW|jjdrt|jjddkr |jdn |jdt t |}d|g}|j ||jdt t jd|}|jdS)Nzwith-smartcardzwith-smartcard-requiredzwith-fingerprintzwith-mkhomedirz with-faillockzwith-pamaccessz with-krb5)rmZrequiresmartcardZ fingerprintrZfaillockZ pamaccessZ winbindkrb5rkZldapauthriZsssdauthrrpZsmartcardactionrzwith-smartcard-lock-on-removalZselectz--forcezcmd-authselect)getCurrentAuthselectConfigr?rMr|rKrwrQintrJlistr[extendrr+r,r) rmapZprofileZfeaturesrZfeatureenabledr r%r r r runAuthselect sJ                zAuthCompat.runAuthselectcCs~ttjddgdd}|j|jdks4|jjdkrrWr?rgr^rjrqryrrrIrMrBrErGrHrr#r rrr%r$rr&)rZconfigsr\rDrrr r r writeConfigurationUs.            zAuthCompat.writeConfigurationN) rrr rrrrrrrrr r r r rs> rcCsytjtjdWn"tjk r4tjjdYnXt}|j|j j dt _ |j j dt _ |j j dt_ |jstjdy|j|j|jjWnPtjk r}z2ttddj|j|jft|jjWYdd}~XnXtjddS)Nraz%Warning: Unsupported locale setting. z test-callr*z$Command [%s] failed with %d, stderr:rr)locale setlocaleLC_ALLErrorrrrIrrr?rMrrrrrexitrrrrr#r rrr%r$r&)Z authcompatrr r r mainzs(  r__main__)r8rrgettextrZauthcompat_OptionsrZauthcompat_EnvironmentFilerZauthcompat_ConfigSnippetrrr rr!r+r>rrrr r r r s(   #P0PKEhe[''3__pycache__/authcompat_Options.cpython-36.opt-1.pycnu[3 [*e6@s6ddlZddlZejZGdddZGdddZdS)Nc@steZdZddZddZddZddZed d Zed d Z ed dZ eddZ eddZ eddZ dS)OptioncCs.||_||_||_||_||_d|_d|_dS)NF)namemetavarhelpfeature supportedvaluefrom_sysconfig)selfrrrrrr (/usr/lib/python3.6/authcompat_Options.py__init__szOption.__init__cCs ||_dS)N)r)r new_valuer r r set&sz Option.setcCs|j|d|_dS)NT)rr )r rr r r set_from_sysconfig)s zOption.set_from_sysconfigcCs |jdk S)N)r)r r r r isset-sz Option.issetcCst|||dddS)NFT)rr)r)rrrr r r Valued0sz Option.ValuedcCst|d|dddS)NFT)rr)r)rrr r r Switch4sz Option.SwitchcCst|d|dddS)NT)rr)r)rrr r r Feature8szOption.FeaturecCst||ddddS)NF)rr)r)rrr r r UnsupportedValued<szOption.UnsupportedValuedcCst|dddddS)NTF)rr)r)rr r r UnsupportedFeature@szOption.UnsupportedFeaturecCst|dddddS)NF)rr)r)rr r r UnsupportedSwitchDszOption.UnsupportedSwitchN)__name__ __module__ __qualname__r rrr staticmethodrrrrrrr r r r rs      rcM@seZdZejdedejdededejdededejd ed ejd ed ejd ededejdededejdedejdedejdedejdedejdededejdedejded ejd!ed"ejd#eded$ejd%eded&ejd'ed(ed)ejd*ed+ejd,ed-ejd.ed/ejd0ed1ejd2ed3ed4ejd5ed6ejd7ed8ed9ejd:ed;ejded?ejd@edAejdBedCejdDedEejdFedGedHejdIedGedJejdKedGedLejdMedGedNejdOedPejdQedRejdSedTejdUedVejdWedXejdYedZejd[ed\ejd]ed\ejd^ej ej d_ej d`ej daedbej dcedbej ddej deej dfej dgej dhej diej djej dkedlej dmednej doedpej dqedrej dsed(ej dteduej dvedwej dxedwej dyedwej dzed{ej d|ed}ej d~edej dej dej dej dej dej dej dedgJZ dDdd ddfd.d5d:d!d ddddkdidgd0ddZddZddZddZddZddZddZddZddZddZddZddZddZddZddZdS)OptionsZnisz#NIS for user information by defaultZ nisdomainzzdefault NIS domainZ nisserverzzdefault NIS serverZldapz$LDAP for user information by defaultZldapauthz"LDAP for authentication by defaultZ ldapserverz#default LDAP server hostname or URIZ ldapbasednzzdefault LDAP base DNldaptlszuse of TLS with LDAP (RFC-2830) ldapstarttlsz4use of TLS for identity lookups with LDAP (RFC-2830)Z rfc2307bisz;use of RFC-2307bis schema for LDAP user information lookupsZ smartcardz)authentication with smart card by defaultZsmartcardactionz<0=Lock|1=Ignore>z(action to be taken on smart card removalZrequiresmartcardz0require smart card for authentication by defaultZ fingerprintz2authentication with fingerprint readers by defaultZkrb5z"Kerberos authentication by defaultZkrb5kdczdefault Kerberos KDCZkrb5adminserverzdefault Kerberos admin serverZ krb5realmzzdefault Kerberos realmZ krb5kdcdnsz use of DNS to find Kerberos KDCsZ krb5realmdnsz"use of DNS to find Kerberos realmsZwinbindz'winbind for user information by defaultZ winbindauthz%winbind for authentication by defaultZ winbindjoinzz>join the winbind domain or ads realm now as this administratorZ winbindkrb5z(Kerberos 5 for authenticate with winbindZ smbworkgroupz z'workgroup authentication servers are inZsssdzHSSSD for user information by default with manually managed configurationZsssdauthzFSSSD for authentication by default with manually managed configurationZ cachecredsz.caching of user credentials in SSSD by defaultZ pamaccessz1check of access.conf during account authorizationZ mkhomedirz;creation of home directories for users on their first loginZfaillockzGaccount locking in case of too many consecutive authentication failuresZ passminlenzzminimum length of a passwordZ passminclassz1minimum number of character classes in a passwordZ passmaxrepeatz;maximum number of same consecutive characters in a passwordZpassmaxclassrepeatzDmaximum number of consecutive characters of same class in a passwordZreqlowerz6require at least one lowercase character in a passwordZrequpperz6require at least one uppercase character in a passwordZreqdigitz(require at least one digit in a passwordZreqotherz2require at least one other character in a passwordZnostartzdo not start/stop servicesZ updateallzupdate all configuration filesupdatezthe same as --updateallZ kickstartz test-callZtestZprobeZ savebackupzZ restorebackupZrestorelastbackupcacheZecryptfsshadow useshadowmd5usemd5Zpassalgoz%ZldaploadcacertzZsmartcardmodulezZ smbsecurityzZsmbrealmZ smbserversz Z smbidmaprangezZ smbidmapuidZ smbidmapgidZwinbindseparatorz<\>Zwinbindtemplatehomedirz Zwinbindtemplateshellz ZwinbindusedefaultdomainZwinbindofflineZ preferdnsZ forcelegacyZ locauthorizeZ sysnetauthZ faillockargsz )Z USEFAILLOCKZ FAILLOCKARGSZUSELDAPZUSENISZ USEECRYPTFSZ USEWINBINDZ WINBINDKRB5ZUSESSSDZ USEKERBEROSZ USELDAPAUTHZ USESMARTCARDZFORCESMARTCARDZ USEFPRINTDZPASSWDALGORITHMZUSEMD5Z USESHADOWZUSEWINBINDAUTHZ USESSSDAUTHZUSELOCAUTHORIZEZ USEPAMACCESSZ USEMKHOMEDIRZ USESYSNETAUTHZ FORCELEGACYZCACHECREDENTIALScCs&i|_x|jD]}||j|j<qWdS)N)optionsListr)r optionr r r r s zOptions.__init__cCs tjdd}|jtd|jtdd}x,|jD]"}|jr@dnd}|j|||q2W|j}x*|jj D]\}}t ||}|j |qlW|j d r|j d r|j d|j d |j d  r|j d r|j d |j d |j d o|j d  r|j d |j d dS)NzAuthconfig Compatibility Tool.) descriptionz(These options have a compatibility layerz8These options are no longer supported and have no effect)r unsupportedrr)r#r$r!r"rr)argparseArgumentParserZadd_argument_group_r&r add_option parse_argsr%itemsgetattrrrget)r parserZparsersr'groupZcmdlinerrr r r parses     z Options.parsecCs<x6|jjD](\}}|j|s |j|j|j|q WdS)N)Mapr/rr%rr1)r sysconfigrr'r r r applysysconfigs zOptions.applysysconfigcCs8x2|jjD]$\}}|j|r |j||j|q WdS)N)r5r/rrr1)r r6rr'r r r updatesysconfigs zOptions.updatesysconfigcCs |j|jS)N)r%r)r rr r r r1sz Options.getcCs|j|j|dS)N)r%r)r rrr r r rsz Options.setcCs|j|jS)N)r%r)r rr r r rsz Options.issetcCs |j|}|dks| rdSdS)NFT)r1)r rrr r r getBools zOptions.getBoolcCs |j|}|dks| rdSdS)NT)r1)r rrr r r getTrueOrNones zOptions.getTrueOrNonecCs^g}xTtjD]J}|jrq |js"q |jr*q |j}|jrL|jrDd|nd|}|j|q W|S)Nenabledisable) rr&rrr rrrappend)r r%r'rr r r getSetButUnsupported s zOptions.getSetButUnsupportedcCs<|jdk r|j||n |jr,|j||n |j||dS)N)r add_valuedr add_feature add_switch)r r2r'r r r r-s  zOptions.add_optioncCs$|jd|jd|j|j|jddS)Nz--Zstore)actionrdestr) add_argumentrrr)r r2r'r r r r?&s  zOptions.add_valuedcCs"|jd|jdd|j|jddS)Nz-- store_constT)rBconstrrC)rDrr)r r2r'r r r rA-s  zOptions.add_switchcCsrd}d}|jdk r6tdd|j}tdd|j}|jd|jdd||jd|jd|jdd ||jddS) Nr; r<z--enablerET)rBrFrrCz --disableF)rr,rDr)r r2r'Z help_enableZ help_disabler r r r@4s    zOptions.add_featureN)rrrrrr,rrr*ZSUPPRESSrrrr&r5r r4r7r8r1rrr9r:r>r-r?rAr@r r r r rIs  r)r*gettextr,rrr r r r s-PKEhe[MM%__pycache__/authcompat.cpython-36.pycnu[3 *e)V@sddlZddlZddlZddlZddlZddlmZddlmZddl m Z ejZ ddZ GdddZ Gd d d ZGd d d ZGd ddZGdddZddZedkredS)N)Options)EnvironmentFile) ConfigSnippetcOst|dtji|dS)Nfile)printsysstderr)argskwargsr /usr/lib/python3.6/authcompat.pyeprint%sr c@s"eZdZdZdddZddZdS) CommandFNTcCs2|g||_|dk r|jnd|_||_d|_dS)N)r encodeinputcheckresult)selfcommandr rrr r r __init__,s zCommand.__init__cCsFttddj|j|jr"dStj|j|j|jtj tj d|_ dS)Nz Executing: %s )rrstdoutr) r_joinr TEST subprocessrunrrPIPEr)rr r r r2s z Command.run)NT)__name__ __module__ __qualname__rrrr r r r r)s rc@s>eZdZddZddZddZddZdd d Zd d ZdS)ServicecCs|d|_dS)Nz.service)name)rr"r r r r?szService.__init__cCsy |jWn|tjk r}z^|rB|j|krBttd|jn6|j|krxttddj|j|jft|j j WYdd}~XnXdS)Nz5Service %s was not found. Please install the service.z$Command [%s] failed with %d, stderr:r) rrCalledProcessError returncoder rr"rcmdrdecode)rrrequiredZ enoent_coderr r r runsystemdBs   zService.runsystemdcCs(ttjdd|jg}|j|dddS)Nz cmd-systemctlenableT)rPathSystemr"r()rr%r r r r)NszService.enablecCs(ttjdd|jg}|j|dddS)Nz cmd-systemctldisableFr*)rr+r,r"r()rr%r r r r-RszService.disableTcCs4|r |jttjdd|jg}|j|dddS)Nz cmd-systemctlstartT)stoprr+r,r"r()rRestartr%r r r r.Vsz Service.startcCs(ttjdd|jg}|j|dddS)Nz cmd-systemctlr0Fr/)rr+r,r"r()rr%r r r r0\sz Service.stopN)T) rrr rr(r)r-r.r0r r r r r!>s   r!c @sbeZdZejjejjeZe edZ dddddddd d d d d d Z e ddZ e ddZdS)r+z/authcompat_pathsz/etc/openldap/ldap.confz$/etc/krb5.conf.d/authconfig-krb.confz%/etc/sssd/conf.d/authconfig-sssd.confz/etc/sysconfig/authconfigz/etc/sysconfig/networkz;/etc/security/pwquality.conf.d/10-authconfig-pwquality.confz /etc/yp.confz/usr/bin/systemctlz/usr/bin/authselectz/usr/sbin/realmz/usr/bin/domainnamez/usr/sbin/setsebool) z ldap.confz krb5.confz sssd.conf authconfignetworkzpwquality.confzyp.confz cmd-systemctlzcmd-authselectz cmd-realmzcmd-domainnamez cmd-setseboolcCsdtj|fS)Nz%s/%s)r+LocalDir)relpathr r r Localtsz Path.LocalcCs tj|S)N)r+Files)r"r r r r,xsz Path.SystemN)rrr ospathdirnamerealpath__file__r4rZConfigr7 staticmethodr6r,r r r r r+as   r+c@seZdZGdddeZGdddeZGdddeZGdddeZGd d d eZGd d d eZ Gd ddeZ GdddeZ GdddeZ dS) Configurationc@sxeZdZdddZddZddZdd Zd d Zd d ZddZ ddZ ddZ ddZ ddZ dddZddZdS)zConfiguration.BaseNcCs"||_d|_|dk rt||_dS)N)optionsservicer!)rr? ServiceNamer r r rszConfiguration.Base.__init__cCsdS)NTr )rr r r isEnabledszConfiguration.Base.isEnabledcCs |j S)N)rB)rr r r isDisabledszConfiguration.Base.isDisabledcCs*|jdkrdS|jj|s&|jjdS)N)r@r)r.)rnostartr r r enableServices   z Configuration.Base.enableServicecCs*|jdkrdS|jj|s&|jjdS)N)r@r-r0)rnostopr r r disableServices   z!Configuration.Base.disableServicecCsdS)Nr )rr r r cleanupszConfiguration.Base.cleanupcCsdS)Nr )rr r r writeszConfiguration.Base.writecCs |jj|S)N)r?get)rr"r r r rJszConfiguration.Base.getcCs |jj|S)N)r?isset)rr"r r r rKszConfiguration.Base.issetcCs |jj|S)N)r? getTrueOrNone)rr"r r r rLsz Configuration.Base.getTrueOrNonecCs |jj|S)N)r?getBool)rr"r r r rMszConfiguration.Base.getBoolFcCs*|r|j| rdS|j|}|r&|S|S)N)rKrM)rr"Zif_trueZif_false AllowNonevaluer r r getBoolAsValues  z!Configuration.Base.getBoolAsValuec CsHttd||jjdr dSytj|Wntk rBdSXdS)NzRemoving file: %sz test-call)rrr?rMr8removeFileNotFoundError)rfilenamer r r removeFiles zConfiguration.Base.removeFile)N)F)rrr rrBrCrErGrHrIrJrKrLrMrPrTr r r r Base~s    rUcs$eZdZfddZddZZS)zConfiguration.LDAPcsttj|j|dS)N)superr>LDAPr)rr?) __class__r r rszConfiguration.LDAP.__init__cCsZttjddddd}|jdr2|jd|jd|jdrN|jd |jd|jdS) Nz ldap.confrz\s\tF)Z delimiter_reZquotes ldapserverZURI ldapbasednZBASE)rr+r,rKsetrJrI)rconfigr r r rIs    zConfiguration.LDAP.write)rrr rrI __classcell__r r )rXr rWs rWcs4eZdZfddZddZddZddZZS) zConfiguration.Kerberoscsttj|j|dS)N)rVr>Kerberosr)rr?)rXr r rszConfiguration.Kerberos.__init__cCs4|jd r|jd rdS|jddkp2|jdS)N krb5realm krb5realmdns)rKrJrM)rr r r rBsz Configuration.Kerberos.isEnabledcCs0|jd r|jd rdS|jtjddS)Nr_r`z krb5.conf)rKrTr+r,)rr r r rHszConfiguration.Kerberos.cleanupcCs|jr dStjd}t|tjd}|jd}|jd|jd|jd|rV|jdnd|rf|jdnd|rt|jndd}|j|dS) Nzsnippets/authconfig-krb.confz krb5.confr_Z krb5kdcdnsr`krb5kdckrb5adminserver)realmzkdc-srvz realm-srvZkdcZ adminserverZdomain)rCr+r6rr,rJlowerrI)rr9r\rdkeysr r r rIs  zConfiguration.Kerberos.write)rrr rrBrHrIr]r r )rXr r^s r^cs$eZdZfddZddZZS)zConfiguration.Networkcsttj|j|dS)N)rVr>Networkr)rr?)rXr r rszConfiguration.Network.__init__cCs<|jd}ttjd}|dkr$dS|jd||jdS)N nisdomainr3Z NISDOMAIN)rJrr+r,r[rI)rrhr\r r r rIs   zConfiguration.Network.write)rrr rrIr]r r )rXr rgs rgcs4eZdZfddZddZddZddZZS) zConfiguration.SSSDcsttj|j|dddS)Nsssd)rA)rVr>SSSDr)rr?)rXr r rszConfiguration.SSSD.__init__cCs0|jd r|jd rdS|jdp.|jdS)Nldapri)rKrM)rr r r rBszConfiguration.SSSD.isEnabledcCs|jtjddS)Nz sssd.conf)rTr+r,)rr r r rHszConfiguration.SSSD.cleanupc Cs|jdsdStjd}t|tjd}|jdr6dnd}|jd|jd|jd||jd|jd |jd |jd |jd |jd d }|j|tj tjddddS)Nrkzsnippets/authconfig-sssd.confz sssd.confZ rfc2307bisrYrZZldaptlskrb5rbrcr_Z cachecreds smartcard) zldap-uriz ldap-basednzldap-tlsz ldap-schemarlzkdc-uriz kpasswd-urirdz cache-credsz cert-authi)mode) rMr+r6rr,rJrLrIr8chmod)rr9r\Zschemarfr r r rIs"   zConfiguration.SSSD.write)rrr rrBrHrIr]r r )rXr rjs rjcs,eZdZfddZddZddZZS)zConfiguration.Winbindcsttj|j|dddS)Nwinbind)rA)rVr>Winbindr)rr?)rXr r r.szConfiguration.Winbind.__init__cCs0|jd r|jd rdS|jdp.|jdS)Nrp winbindauth)rKrM)rr r r rB1szConfiguration.Winbind.isEnabledc Cs|jdsdS|jjdjdd}|d}d}t|dkrF|dd}ddd|d d g}|jd rr|j|jd ttjd ||d }y |j Wn*t k rt t dtjd YnXdS)NZ winbindjoin%r*r rz-Uz"%s"z--client-softwarerpZ smbworkgroupz cmd-realm)rz)%s was not found. Please, install realmd.) rKr?rJsplitlenappendrr+r,rrRr r)rZcredsuserZpasswordr r%r r r rI7s$     zConfiguration.Winbind.write)rrr rrBrIr]r r )rXr rq-s rqcs$eZdZfddZddZZS)zConfiguration.PWQualitycsttj|j|dS)N)rVr> PWQualityr)rr?)rXr r rSsz Configuration.PWQuality.__init__c Csttjd}d}|jd|jd|jd|jd|jddd d d |jd dd d d |jd dd d d |jddd d d d}x@|jD]4\}}|dk rt|dt||j||d }qW|r|j dS)Nzpwquality.confFZ passminlenZ passminclassZ passmaxrepeatZpassmaxclassrepeatZreqlowerr*rT)rNZrequpperZreqdigitZreqother)ZminlenZminclassZ maxrepeatZmaxclassrepeatZlcreditZucreditZdcreditZocredit=r{r{r{) rr+r,rJrPitemsrstrr[rI)rr\Z value_setZpwoptsoptrOr r r rIVs" zConfiguration.PWQuality.write)rrr rrIr]r r )rXr ryRs rycs,eZdZfddZddZddZZS)zConfiguration.MakeHomedircsttj|j|dddS)NZoddjobd)rA)rVr> MakeHomedirr)rr?)rXr r rpsz"Configuration.MakeHomedir.__init__cCs|jdsdS|jdS)N mkhomedir)rKrM)rr r r rBss z#Configuration.MakeHomedir.isEnabledcCsdS)Nr )rrFr r r rGysz(Configuration.MakeHomedir.disableService)rrr rrBrGr]r r )rXr ros rcs<eZdZfddZddZddZddZd d ZZS) zConfiguration.NIScs*ttj|j|td|_td|_dS)Nrpcbindypbind)rVr>NISrr!rr)rr?)rXr r rs zConfiguration.NIS.__init__cCs|jdsdS|jdS)Nnis)rKrM)rr r r rBs zConfiguration.NIS.isEnabledcCs|jdsdS|jd}|s6ttjd|g}|jttjddddg}|j|jj|jj|s|jj dd|jj dS) Nrhzcmd-domainnamez cmd-setseboolz-P allow_ypbind1F)r1) rKrJrr+r,rrr)rr.)rrDZnisdomr%r r r rEs      zConfiguration.NIS.enableServicecCsl|sttjddg}|jttjddddg}|j|jj|jj|sh|jj|jjdS)Nzcmd-domainnamez(none)z cmd-setseboolz-Pr0)rr+r,rrr-rr0)rrFr%r r r rGs     z Configuration.NIS.disableServicec Cs|jdsdSd|jd}g}|jdr\|jdjd}|dd}|d|dd7}n|d 7}x|D]}|d |d7}qjWtjd }|jd rtd |t|td|dSt|d}|j|WdQRXdS)Nrhzdomain Z nisserver,r*z server rrtz broadcast z ypserver zyp.confz test-callz+========== BEGIN Content of [%s] ==========z,========== END Content of [%s] ========== w) rKrJrur+r,rMropenrI)routputZadditional_serversZserversZserverrSfr r r rIs&         zConfiguration.NIS.write) rrr rrBrErGrIr]r r )rXr r~s  rN) rrr objectrUrWr^rgrjrqryrrr r r r r>}sE$)%r>c@sLeZdZddZddZddZddZd d Zd d Zd dZ ddZ dS) AuthCompatcCsBttjd|_t|_|jj|jj|j|jj|jdS)Nr2) rr+r, sysconfigrr?parseZapplysysconfigZupdatesysconfig)rr r r rs  zAuthCompat.__init__cCspttdttdttdttd|jj}|rdttdx|D]}td|qPWtddS)Nz&Running authconfig compatibility tool.zThe purpose of this tool is to enable authentication against chosen services with authselect and minimum configuration. It does not provide all capabilities of authconfig. zLIMPORTANT: authconfig is replaced by authselect, please update your scripts.zHSee man authselect-migration(7) to help you with migration to authselectzDWarning: These options are not supported anymore and have no effect:z --%sra)rrr?ZgetSetButUnsupported)rr?r"r r r printWarnings       zAuthCompat.printWarningcCs(x"tjD]}td|j|jfqWdS)Nz%s=%s)rZListrr"rO)roptionr r r printOptionss zAuthCompat.printOptionscCs,x&|jjD]}td|j|jfq WdS)Nz%s=%s)rZgetallrr"rO)rliner r r printSysconfigszAuthCompat.printSysconfigcCsddddg}dddg}|jjd r@tjdkr@ttd d Sx,|D]$}|jj|rFttd |d SqFW|jjd |jjd krttdd Sx|D]}|jj|rdSqWttdd S)NZtestZprobeZ restorebackupZrestorelastbackupupdateZ updateallZ kickstartrz"authconfig can only be run as rootFzNError: option --%s is no longer supported and we cannot continue if it is set.rprrz@Error: Both --enablewinbind and --enablewinbindauth must be set.Tz*Error: Please, provide --updateall option.)r?rMr8getuidrr)rZ disallowedr'rr r r canContinues$          zAuthCompat.canContinuec CsZdddddddd}|j\}}|jjd sP|jjd sP|jjd sP|jjd rVd }n"|jjd rhd }n|jjdrxd}|dkrd }xV|jD]J\}}|jj|sq|jj|}|r|j|qx||kr|j|qWqW|jjdrt|jjddkr |jdn |jdt t |}d|g}|j ||jdt t jd|}|jdS)Nzwith-smartcardzwith-smartcard-requiredzwith-fingerprintzwith-mkhomedirz with-faillockzwith-pamaccessz with-krb5)rmZrequiresmartcardZ fingerprintrZfaillockZ pamaccessZ winbindkrb5rkZldapauthriZsssdauthrrpZsmartcardactionrzwith-smartcard-lock-on-removalZselectz--forcezcmd-authselect)getCurrentAuthselectConfigr?rMr|rKrwrQintrJlistr[extendrr+r,r) rmapZprofileZfeaturesrZfeatureenabledr r%r r r runAuthselect sJ                zAuthCompat.runAuthselectcCs~ttjddgdd}|j|jdks4|jjdkrrWr?rgr^rjrqryrrrIrMrBrErGrHrr#r rrr%r$rr&)rZconfigsr\rDrrr r r writeConfigurationUs.            zAuthCompat.writeConfigurationN) rrr rrrrrrrrr r r r rs> rcCsytjtjdWn"tjk r4tjjdYnXt}|j|j j dt _ |j j dt _ |j j dt_ |jstjdy|j|j|jjWnPtjk r}z2ttddj|j|jft|jjWYdd}~XnXtjddS)Nraz%Warning: Unsupported locale setting. z test-callr*z$Command [%s] failed with %d, stderr:rr)locale setlocaleLC_ALLErrorrrrIrrr?rMrrrrrexitrrrrr#r rrr%r$r&)Z authcompatrr r r mainzs(  r__main__)r8rrgettextrZauthcompat_OptionsrZauthcompat_EnvironmentFilerZauthcompat_ConfigSnippetrrr rr!r+r>rrrr r r r s(   #P0PKEhe[s"3__pycache__/authcompat_ConfigSnippet.cpython-36.pycnu[3 ٥c @s*ddlZddlZddlZGdddZdS)Nc@s>eZdZdZejdZejdZddZddZ d dd Z d S) ConfigSnippetFz\${\??(?P[\w-]*)}z \${\?[\w-]*}c Cs*t|d}|j|_WdQRX||_dS)Nr)openreadtemplate destination)selfrrfr ./usr/lib/python3.6/authcompat_ConfigSnippet.py__init__!s zConfigSnippet.__init__c Cs|jjd}g}xTt|D]H\}}x>|jj|D].}|jd}||ksR||dkr0|j|Pq0WqWxt|ddD] }||=qtWdj|}|j j d|}xF|j D]:\}} | dkrqt | t kr| rdnd} |jd|| }qW|S) N keyT)reversetrueZfalsez${%s})rsplit enumerate AllKeysREfinditergroupappendsortedjoin DummyKeysREsubitemstypeboolreplace) rvalueslinesremoveidxlinematchroutputvaluer r r generate's&        zConfigSnippet.generatecCs|j|}|jr8td|jt|td|jdStjj|j}tjj|sytj|Wn>t k r}z"|j t j krtjj |rnWYdd}~XnXt |jd}|j|WdQRXdS)Nz+========== BEGIN Content of [%s] ==========z,========== END Content of [%s] ========== w)r(TESTprintrospathdirnameexistsmakedirsOSErrorerrnoZEEXISTisdirrwrite)rr Z to_stdoutr&r.Z exceptionr r r r r4Hs   zConfigSnippet.writeN)F) __name__ __module__ __qualname__r*recompilerrr r(r4r r r r rs   !r)r2r,r8rr r r r sPKEhe[cc;__pycache__/authcompat_EnvironmentFile.cpython-36.opt-1.pycnu[3 ٥cL@s*ddlZddlZddlZGdddZdS)Nc@sReZdZdZdddZddZd d Zdd d Zd dZddZ GdddZ dS)EnvironmentFileF=NTcCsL||_||_||_g|_|dk r$|n|}tjd|dtj|_|jdS)Nz^(\s*)(\S*)([^\n\S]*)(z)([^\n\S]*)(.*)$) filename delimiterquotes environmentrecompile MULTILINEpatternread)selfrrZ delimiter_rerr0/usr/lib/python3.6/authcompat_EnvironmentFile.py__init__s  zEnvironmentFile.__init__cCspy$t|jd}|j}WdQRXWntk r8dSXx0|D](}|jj||j|j|j}|j j |q@WdS)Nr) openr readlinesFileNotFoundErrorLineParser rrrappend)r flineslineZparsedrrrr .s   zEnvironmentFile.readcCsd}x|jD]}||j}q W|jrNtd|jt|td|jdStjj|j}tjj|sytj |Wn>t k r}z"|j t j krtjj |rnWYdd}~XnXt|jd}|j|WdQRXdS)Nz+========== BEGIN Content of [%s] ==========z,========== END Content of [%s] ========== w)rgetLineTESTprintrospathdirnameexistsmakedirsOSErrorerrnoZEEXISTisdirrwrite)r outputrr"Z exceptionrrrrr(:s$  zEnvironmentFile.writecCs\d}x&|jD]}|jr |j|kr |j}q W|dkr8|S|jd krHdS|jd krXd S|S) NnofalsernFyestruetyT)Nr*r+rr,)r-r.r/r0)r isVariablenamevaluelower)r r2defaultr3rrrrgetRs    zEnvironmentFile.getcCs*g}x |jD]}|jr |j|q W|S)N)rr1r)r rrrrrgetallbs  zEnvironmentFile.getallcCsvt|tkr|rdnd}x0|jD]&}|jr |j|kr |j||dSq W|j|j|j}|j|||jj |dS)Nr-r*) typeboolrr1r2setrrrr)r r2r3rrrrr:js     zEnvironmentFile.setc@sZeZdZdddZddZddZdd Zd d Zed d Z eddZ eddZ dS)zEnvironmentFile.LineNcCs(||_||_||_||_||_||_dS)N)rrr2r3originalfmt)r rrr2r3r;r<rrrrxs zEnvironmentFile.Line.__init__cCs |jdk S)N)r<)r rrrr1szEnvironmentFile.Line.isVariablecCs |jdk S)N)r;)r rrr isOriginalszEnvironmentFile.Line.isOriginalcCs&||_||_|jdkr"d|j|_dS)Nz${name}%s${value} )r2r3r<r)r r2r3rrrr:s zEnvironmentFile.Line.setcCsp|jr|jS|jdk r|jnd}|j|j||jd}|j}x,|jD] \}}|jd|dt |}qHW|S)Nr)r2r3z${}) r=r;r3r2Escaperr<itemsreplacestr)r r3Z replacementrkeyrrrrszEnvironmentFile.Line.getLinecCs|j|}|jds$|j s$| r4tj|||dS|jd}tjj|jd|}d|jd|jd|jd|jd f}tj|||||d S) N#)r;z%s${name}%s%s%s${value} )r2r3r<)match startswithstriprrgroupUnescape)rr rrrKr2r3r<rrrrs    zEnvironmentFile.Line.ParsecCs|dkr dSt|}|jdd}|jdd}|jdd}|jdd }|jd d }|jd d }|r|jddks||jddkrd|d}|S)Nr\z\\"z\"'z\'$z\$~z\~`z\` r )rBrAfind)r3rrrrr?s       zEnvironmentFile.Line.EscapecCs|s|St|}t|}|rX|ddks4|ddkrX|d||dkrX|d|d}d}x\|jd|}|dkrtP|dt|kr|d|}P|d|||dd}|d7}q^W|S)NrrQrRrGrP)rBlenrX)r3rZlengthirrrrOs$,   zEnvironmentFile.Line.Unescape)NNNN) __name__ __module__ __qualname__rr1r=r:r staticmethodrr?rOrrrrrws   r)rNT)N) r[r\r]rrr r(r6r7r:rrrrrrs    r)r&r rrrrrrsPKEhe[Hm;66authcompat_Options.pynu[# -*- coding: utf-8 -*- # # Authors: # Pavel Březina # # Copyright (C) 2018 Red Hat # # This program is free software; you can redistribute it and/or modify # it under the terms of the GNU General Public License as published by # the Free Software Foundation; either version 3 of the License, or # (at your option) any later version. # # This program is distributed in the hope that it will be useful, # but WITHOUT ANY WARRANTY; without even the implied warranty of # MERCHANTABILITY or FITNESS FOR A PARTICULAR PURPOSE. See the # GNU General Public License for morerequi details. # # You should have received a copy of the GNU General Public License # along with this program. If not, see . # import argparse import gettext _ = gettext.gettext class Option: def __init__(self, name, metavar, help, feature, supported): self.name = name self.metavar = metavar self.help = help self.feature = feature self.supported = supported self.value = None self.from_sysconfig = False def set(self, new_value): self.value = new_value def set_from_sysconfig(self, new_value): self.set(new_value) self.from_sysconfig = True def isset(self): return self.value is not None @staticmethod def Valued(name, metavar, help): return Option(name, metavar, help, feature=False, supported=True) @staticmethod def Switch(name, help): return Option(name, None, help, feature=False, supported=True) @staticmethod def Feature(name, help): return Option(name, None, help, feature=True, supported=True) @staticmethod def UnsupportedValued(name, metavar): return Option(name, metavar, None, feature=False, supported=False) @staticmethod def UnsupportedFeature(name): return Option(name, None, None, feature=True, supported=False) @staticmethod def UnsupportedSwitch(name): return Option(name, None, None, feature=False, supported=False) class Options: List = [ # These options are still supported in authconfig compatibility # layers. The tool will do its best to translate them to authselect # call and where needed, it will generate a configuration file. # # However, they will just make sure that an authentication against # expected service is working. They may not result in the exact same # configuration as authconfig would generate. Option.Feature("nis", _("NIS for user information by default")), Option.Valued("nisdomain", _(""), _("default NIS domain")), Option.Valued("nisserver", _(""), _("default NIS server")), Option.Feature("ldap", _("LDAP for user information by default")), Option.Feature("ldapauth", _("LDAP for authentication by default")), Option.Valued("ldapserver", _(""), _("default LDAP server hostname or URI")), Option.Valued("ldapbasedn", _(""), _("default LDAP base DN")), Option.Feature("ldaptls", _("use of TLS with LDAP (RFC-2830)")), Option.Feature("ldapstarttls", _("use of TLS for identity lookups with LDAP (RFC-2830)")), Option.Feature("rfc2307bis", _("use of RFC-2307bis schema for LDAP user information lookups")), Option.Feature("smartcard", _("authentication with smart card by default")), Option.Valued("smartcardaction", _("<0=Lock|1=Ignore>"), _("action to be taken on smart card removal")), Option.Feature("requiresmartcard", _("require smart card for authentication by default")), Option.Feature("fingerprint", _("authentication with fingerprint readers by default")), Option.Feature("krb5", _("Kerberos authentication by default")), Option.Valued("krb5kdc", _(""), _("default Kerberos KDC")), Option.Valued("krb5adminserver", _(""), _("default Kerberos admin server")), Option.Valued("krb5realm", _(""), _("default Kerberos realm")), Option.Feature("krb5kdcdns", _("use of DNS to find Kerberos KDCs")), Option.Feature("krb5realmdns", _("use of DNS to find Kerberos realms")), Option.Feature("winbind", _("winbind for user information by default")), Option.Feature("winbindauth", _("winbind for authentication by default")), Option.Valued("winbindjoin", _(""), _("join the winbind domain or ads realm now as this administrator")), Option.Feature("winbindkrb5", _("Kerberos 5 for authenticate with winbind")), Option.Valued("smbworkgroup", _(""), _("workgroup authentication servers are in")), Option.Feature("sssd", _("SSSD for user information by default with manually managed configuration")), Option.Feature("sssdauth", _("SSSD for authentication by default with manually managed configuration")), Option.Feature("cachecreds", _("caching of user credentials in SSSD by default")), Option.Feature("pamaccess", _("check of access.conf during account authorization")), Option.Feature("mkhomedir", _("creation of home directories for users on their first login")), Option.Feature("faillock", _("account locking in case of too many consecutive authentication failures")), Option.Valued("passminlen", _(""), _("minimum length of a password")), Option.Valued("passminclass", _(""), _("minimum number of character classes in a password")), Option.Valued("passmaxrepeat", _(""), _("maximum number of same consecutive characters in a password")), Option.Valued("passmaxclassrepeat", _(""), _("maximum number of consecutive characters of same class in a password")), Option.Feature("reqlower", _("require at least one lowercase character in a password")), Option.Feature("requpper", _("require at least one uppercase character in a password")), Option.Feature("reqdigit", _("require at least one digit in a password")), Option.Feature("reqother", _("require at least one other character in a password")), # Program options Option.Switch("nostart", _("do not start/stop services")), Option.Switch("updateall", _("update all configuration files")), Option.Switch("update", _("the same as --updateall")), Option.Switch("kickstart", _("the same as --updateall")), # Hidden compat tool option, useful for testing. No changes to the # system will be done, they will be printed. Option.Switch("test-call", argparse.SUPPRESS), # Unsupported program options but we have to react somehow when set Option.UnsupportedSwitch("test"), Option.UnsupportedSwitch("probe"), Option.UnsupportedValued("savebackup", _("")), Option.UnsupportedValued("restorebackup", _("")), Option.UnsupportedSwitch("restorelastbackup"), # These options are no longer supported in authconfig compatibility # layers and will produce warning when used. They will not affect # the system. Option.UnsupportedFeature("cache"), Option.UnsupportedFeature("ecryptfs"), Option.UnsupportedFeature("shadow"), Option.UnsupportedSwitch("useshadow"), Option.UnsupportedFeature("md5"), Option.UnsupportedSwitch("usemd5"), Option.UnsupportedValued("passalgo", _("")), Option.UnsupportedValued("ldaploadcacert", _("")), Option.UnsupportedValued("smartcardmodule", _("")), Option.UnsupportedValued("smbsecurity", _("")), Option.UnsupportedValued("smbrealm", _("")), Option.UnsupportedValued("smbservers", _("")), Option.UnsupportedValued("smbidmaprange", _("")), Option.UnsupportedValued("smbidmapuid", _("")), Option.UnsupportedValued("smbidmapgid", _("")), Option.UnsupportedValued("winbindseparator", _("<\\>")), Option.UnsupportedValued("winbindtemplatehomedir", _("")), Option.UnsupportedValued("winbindtemplateshell", _("")), Option.UnsupportedFeature("winbindusedefaultdomain"), Option.UnsupportedFeature("winbindoffline"), Option.UnsupportedFeature("preferdns"), Option.UnsupportedFeature("forcelegacy"), Option.UnsupportedFeature("locauthorize"), Option.UnsupportedFeature("sysnetauth"), Option.UnsupportedValued("faillockargs", _("")), ] Map = { # These options were use with autodetection of pam_cracklib # and pam_passwdqc. However, authselect supports only pam_pwquality. # "USEPWQUALITY" : "", # "USEPASSWDQC" : "", "USEFAILLOCK": "faillock", "FAILLOCKARGS": "faillockargs", "USELDAP": "ldap", "USENIS": "nis", "USEECRYPTFS": "ecryptfs", "USEWINBIND": "winbind", "WINBINDKRB5": "winbindkrb5", "USESSSD": "sssd", "USEKERBEROS": "krb5", "USELDAPAUTH": "ldapauth", "USESMARTCARD": "smartcard", "FORCESMARTCARD": "requiresmartcard", "USEFPRINTD": "fingerprint", "PASSWDALGORITHM": "passalgo", "USEMD5": "md5", "USESHADOW": "shadow", "USEWINBINDAUTH": "winbindauth", "USESSSDAUTH": "sssdauth", "USELOCAUTHORIZE": "locauthorize", "USEPAMACCESS": "pamaccess", "USEMKHOMEDIR": "mkhomedir", "USESYSNETAUTH": "sysnetauth", "FORCELEGACY": "forcelegacy", "CACHECREDENTIALS": "cachecreds", } def __init__(self): self.options = {} for option in self.List: self.options[option.name] = option def parse(self): parser = argparse.ArgumentParser(description='Authconfig Compatibility Tool.') parsers = { 'supported': parser.add_argument_group(_('These options have a compatibility layer')), 'unsupported': parser.add_argument_group(_('These options are no longer supported and have no effect')) } for option in self.List: group = 'supported' if option.supported else 'unsupported' self.add_option(parsers[group], option) cmdline = parser.parse_args() for name, option in self.options.items(): value = getattr(cmdline, name) option.set(value) # usemd5 and useshadow are equivalent to enablemd5 and enableshadow if not self.isset('md5') and self.isset('usemd5'): self.set('md5', self.get('usemd5')) if not self.isset('shadow') and self.isset('useshadow'): self.set('shadow', self.get('useshadow')) # ldapstarttls is equivalent to ldaptls if self.isset('ldapstarttls') and not self.isset('ldaptls'): self.set('ldaptls', self.get('ldapstarttls')) def applysysconfig(self, sysconfig): for name, option in self.Map.items(): if not self.isset(option): self.options[option].set_from_sysconfig(sysconfig.get(name)) def updatesysconfig(self, sysconfig): for name, option in self.Map.items(): if self.isset(option): sysconfig.set(name, self.get(option)) def get(self, name): return self.options[name].value def set(self, name, value): self.options[name].set(value) def isset(self, name): return self.options[name].isset() def getBool(self, name): value = self.get(name) if value is None or not value: return False return True def getTrueOrNone(self, name): value = self.get(name) if value is None or not value: return None return True def getSetButUnsupported(self): options = [] for option in Options.List: if option.supported: continue if not option.isset(): continue if option.from_sysconfig: continue name = option.name if option.feature: name = "enable" + name if option.value else "disable" + name options.append(name) return options def add_option(self, parser, option): if option.metavar is not None: self.add_valued(parser, option) elif option.feature: self.add_feature(parser, option) else: self.add_switch(parser, option) def add_valued(self, parser, option): parser.add_argument("--" + option.name, action='store', help=option.help, dest=option.name, metavar=option.metavar) def add_switch(self, parser, option): parser.add_argument("--" + option.name, action='store_const', const=True, help=option.help, dest=option.name) def add_feature(self, parser, option): help_enable = None help_disable = None if option.help is not None: help_enable = _("enable") + " " + option.help help_disable = _("disable") + " " + option.help parser.add_argument("--enable" + option.name, action='store_const', const=True, help=help_enable, dest=option.name) parser.add_argument("--disable" + option.name, action='store_const', const=False, help=help_disable, dest=option.name) PKEhe[#  authcompat_ConfigSnippet.pynu[PKEhe[ݛl)V)V L authcompat.pynuȯPKEhe[OLLaauthcompat_EnvironmentFile.pynu[PKEhe[2sK|snippets/authconfig-krb.confnu[PKEhe[ 26}snippets/authconfig-sssd.confnu[PKEhe[s"9__pycache__/authcompat_ConfigSnippet.cpython-36.opt-1.pycnu[PKEhe[''-+__pycache__/authcompat_Options.cpython-36.pycnu[PKEhe[cc5b__pycache__/authcompat_EnvironmentFile.cpython-36.pycnu[PKEhe[MM+*__pycache__/authcompat.cpython-36.opt-1.pycnu[PKEhe[''39__pycache__/authcompat_Options.cpython-36.opt-1.pycnu[PKEhe[MM%v9__pycache__/authcompat.cpython-36.pycnu[PKEhe[s"3__pycache__/authcompat_ConfigSnippet.cpython-36.pycnu[PKEhe[cc;__pycache__/authcompat_EnvironmentFile.cpython-36.opt-1.pycnu[PKEhe[Hm;66Ƣauthcompat_Options.pynu[PK