123456789101112131415161718192021222324252627282930313233343536373839404142434445464748495051525354555657585960616263646566676869707172737475767778798081828384858687888990919293949596979899100101102103104105106107108109110111112113114115116117118119 |
- from setux.core.action import Actions, Action
- from setux.actions.user import User_
- from setux.actions.transfer import Sender
- from setux.logger import error
- class Sudoer(Action):
- '''Add User to sudoers
- context:
- user : user name
- '''
- @property
- def label(self):
- return f'Sudoer {self.user}'
- def check(self):
- grp = self.target.groups.fetch(self.user)
- ok = 'wheel' in grp.get()
- ret, out, err = self.target.run(f'sudo -l -U {self.user}')
- ok = ok and '(ALL) NOPASSWD: ALL' in (line.strip() for line in out)
- return ok
- def deploy(self):
- grp = self.target.groups.fetch(self.user)
- grp.add('wheel')
- ok = self.target.write(
- f'/etc/sudoers.d/{self.user}',
- f'{self.user} ALL=(ALL) NOPASSWD: ALL',
- )
- return ok
- class CopyId(Action):
- '''Send Public Key to Target
- context:
- user : User name
- pub : Public key
- '''
- @property
- def label(self):
- return f'Copy ID {self.user}'
- def check(self):
- if not getattr(self, 'pub', None): return True
- user = self.target.user.fetch(self.user)
- if user.check() is not True: return False
- pub = self.local.file(self.pub, verbose=False)
- if pub.size == 0:
- msg = f' ! {pub.key} is empty'
- error(msg)
- raise SystemExit(msg)
- path = f'/home/{self.user}/.ssh/authorized_keys'
- autorized = self.target.file.fetch(
- path, mode='600', user=self.user, group=user.group.name
- )
- ok = autorized.check() is True and autorized.size != 0
- if ok:
- ok = autorized.hash == pub.hash
- return ok
- def deploy(self):
- user = self.target.user.fetch(self.user)
- pub = self.local.file(self.pub, verbose=False)
- if pub.size == 0:
- msg = f' ! {pub.key} is empty'
- error(msg)
- raise SystemExit(msg)
- path = f'/home/{self.user}/.ssh'
- ssh = self.target.dir(
- path, mode='700', user=self.user, group=user.group.name
- )
- if ssh.check() is not True: return False
- full = f'{path}/authorized_keys'
- self.target.run('rm -f {full}', sudo='root')
- sent = Sender(self.target, src=self.pub, dst=full, **self.context)()
- if sent is not True: return False
- key = self.target.file(
- full, mode='600', user=self.user, group=user.group.name
- )
- return key.check() is True and key.size > 0
- class Admin(Actions):
- '''Set User as sudoer
- context:
- user : User name
- pub : Public key
- - Create User if not present
- - Add User to sudoers
- - Send User's public key
- '''
- @property
- def label(self):
- return f'Admin {self.user}'
- @property
- def actions(self):
- return [
- User_,
- Sudoer,
- CopyId,
- ]
|