nik/FreedomBox
1
0
Fork 0
mirror of https://github.com/freedombox/FreedomBox.git synced 2026-05-20 10:34:30 +00:00
Code Issues Packages Projects Releases Wiki Activity

users: Add diagnostic checks for nsswitch config

Browse Source 
Tests:
- Reconfigure libnss-ldapd and disable passwd, group, shadow. Confirm
  that diagnostics are failing.

- Reconfigure libnss-ldapd and enable passwd, group, shadow. Confirm
  that diagnostics are passed.

Signed-off-by: James Valleroy <jvalleroy@mailbox.org>
[sunil: Use augeas Nsswitch lens]
Signed-off-by: Sunil Mohan Adapa <sunil@medhas.org>
Reviewed-by: Sunil Mohan Adapa <sunil@medhas.org>
This commit is contained in:
James Valleroy 2023-06-24 19:35:02 -04:00 committed by Sunil Mohan Adapa
parent 1522f98556
commit d5cde45cd8
No known key found for this signature in database
GPG Key ID: 43EA1CFF0AA7C5F2
1 changed files with 34 additions and 0 deletions
Show Stats Download Patch File Download Diff File Expand all files Collapse all files

34
plinth/modules/users/__init__.py
View File

@ -4,6 +4,7 @@
import grp import grp
import subprocess import subprocess
import augeas
from django.utils.text import format_lazy from django.utils.text import format_lazy
from django.utils.translation import gettext_lazy as _ from django.utils.translation import gettext_lazy as _
@ -95,6 +96,8 @@ class UsersApp(app_module.App):
results.append(_diagnose_nslcd_config(config, 'base', 'dc=thisbox')) results.append(_diagnose_nslcd_config(config, 'base', 'dc=thisbox'))
results.append(_diagnose_nslcd_config(config, 'sasl_mech', 'EXTERNAL')) results.append(_diagnose_nslcd_config(config, 'sasl_mech', 'EXTERNAL'))
results.extend(_diagnose_nsswitch_config())
return results return results
def setup(self, old_version): def setup(self, old_version):
@ -137,6 +140,37 @@ def _diagnose_nslcd_config(config, key, value):
return [testname, result] return [testname, result]
def _diagnose_nsswitch_config():
"""Diagnose that Name Service Switch is configured to use LDAP."""
nsswitch_conf = '/etc/nsswitch.conf'
aug = augeas.Augeas(flags=augeas.Augeas.NO_LOAD +
augeas.Augeas.NO_MODL_AUTOLOAD)
aug.transform('Nsswitch', nsswitch_conf)
aug.set('/augeas/context', '/files' + nsswitch_conf)
aug.load()
results = []
for database in ['passwd', 'group', 'shadow']:
result = 'failed'
for match in aug.match('database'):
if aug.get(match) != database:
continue
for service_match in aug.match(match + '/service'):
if 'ldap' == aug.get(service_match):
result = 'passed'
break
break
template = _('Check nsswitch config "{database}"')
testname = format_lazy(template, database=database)
results.append([testname, result])
return results
def get_last_admin_user(): def get_last_admin_user():
"""If there is only one admin user return its name else return None.""" """If there is only one admin user return its name else return None."""
admin_users = privileged.get_group_users('admin') admin_users = privileged.get_group_users('admin')