1
2
3
4
5
6
7
8
9
10
11
12
13
14
15
16
17
18
19
20
21
22
23
24
25
26
27
28
29
30
31
32
33
34
35
36
37
38
39
40
41
42
43
44
45
46
47
48
49
50
51
52
53
54
55
56
57
58
59
60
61
62
63
64
65
66
67
68
69
70
71
72
73
74
75
76
77
78
79
80
81
82
83
84
85
86
87
88
89
90
91
92
93
94
95
96
97
98
99
100
101
102
103
104
105
106
107
108
109
110
111
112
113
114
115
116
117
118
119
120
121
122
123
124
125
126
127
128
129
130
131
132
133
|
#!/usr/bin/python
##
## SecurePass CLI tools utilities
## Create/update SecurePass configuration file
## to be used in cloudinit, kickstart or similar technologies
##
## (c) 2013 Giuseppe Paterno' (gpaterno@gpaterno.com)
## GARL Sagl (www.garl.ch)
##
from argparse import ArgumentParser
import logging
import ConfigParser
import os
import sys
parser = ArgumentParser(
description="Create or update SecurePass configuration file",
prog="sp-config",
)
parser.add_argument('-D', '--debug',
action='store_true', dest="debug_flag",
help="Enable debug output",)
parser.add_argument('-c', '--config',
default='/etc/securepass.conf',
action='store', dest="configfile",
help="Config file",)
parser.add_argument('-i', '--appid',
default=None,
action='store', dest="appid",
help="Application ID",)
parser.add_argument('-e', '--endpoint',
default='https://beta.secure-pass.net',
action='store', dest="endpoint",
help="Endpoint URL",)
parser.add_argument('-s', '--appsecret',
default=None,
action='store', dest="appsecret",
help="Application Secret",)
parser.add_argument('-r', '--realm',
default=None,
action='store', dest="realm",
help="Default Domain/Realm (and allow NSS login)",)
parser.add_argument('--root',
default=None,
action='store', dest="root",
help="Coma separated list of allowed root users",)
values = parser.parse_args()
## Set debug
FORMAT = '%(asctime)-15s %(levelname)s: %(message)s'
if values.debug_flag:
logging.basicConfig(format=FORMAT, level=logging.DEBUG)
else:
logging.basicConfig(format=FORMAT, level=logging.INFO)
# Fixup of the DEFAULT
def replace_word(infile, old_word, new_word):
if not os.path.isfile(infile):
logging.debug("Creating emtpy file %s" % infile)
os.mknod(infile)
f1 = open(infile, 'r').read()
f2 = open(infile, 'w')
m = f1.replace(old_word, new_word)
f2.write(m)
## Open the file
config = ConfigParser.RawConfigParser()
logging.debug("Config file is: %s" % values.configfile)
# Before updating, we need to setup default ot DEFAULT :(
# blaming configparser here :(
replace_word(values.configfile, "[default]", "[DEFAULT]")
# Open and update
config.read(values.configfile)
if values.appid is not None:
config.set("DEFAULT", "app_id", values.appid)
if values.appsecret is not None:
config.set("DEFAULT", "app_secret", values.appsecret)
# Endpoint
config.set("DEFAULT", "endpoint", values.endpoint)
# Set the realm
if values.realm is not None:
# It might be that the section is just not there
# if not, let's create and populate defaults
if not config.has_section("nss"):
config.add_section("nss")
if not config.has_option("nss", "default_gid"):
config.set("nss", "default_gid", 100)
if not config.has_option("nss", "default_home"):
config.set("nss", "default_home", '"/home"')
if not config.has_option("nss", "default_shell"):
config.set("nss", "default_shell", '"/bin/bash"')
config.set("nss", "realm", values.realm)
# Set root users
if values.root is not None:
# Create the section if is not there
if not config.has_section("ssh"):
config.add_section("ssh")
config.set("ssh", "root", values.root)
# Final write
with open(values.configfile, 'w') as inifile:
config.write(inifile)
# Fixup for [DEFAULT] in uppercase
replace_word(values.configfile, "[DEFAULT]", "[default]")
|