mirror of
https://github.com/freedombox/FreedomBox.git
synced 2026-01-21 07:55:00 +00:00
7ee48da299
Fixes #1504 Signed-off-by: James Valleroy <jvalleroy@mailbox.org> Reviewed-by: Sunil Mohan Adapa <sunil@medhas.org>
83 lines
2.5 KiB
Python
Executable File
83 lines
2.5 KiB
Python
Executable File
#!/usr/bin/python3
|
|
#
|
|
# This file is part of FreedomBox.
|
|
#
|
|
# This program is free software: you can redistribute it and/or modify
|
|
# it under the terms of the GNU Affero General Public License as
|
|
# published by the Free Software Foundation, either version 3 of the
|
|
# License, or (at your option) any later version.
|
|
#
|
|
# This program is distributed in the hope that it will be useful,
|
|
# but WITHOUT ANY WARRANTY; without even the implied warranty of
|
|
# MERCHANTABILITY or FITNESS FOR A PARTICULAR PURPOSE. See the
|
|
# GNU Affero General Public License for more details.
|
|
#
|
|
# You should have received a copy of the GNU Affero General Public License
|
|
# along with this program. If not, see <http://www.gnu.org/licenses/>.
|
|
#
|
|
"""
|
|
Helper for security configuration
|
|
"""
|
|
|
|
import argparse
|
|
import os
|
|
|
|
from plinth.modules.security import (ACCESS_CONF_FILE, ACCESS_CONF_FILE_OLD,
|
|
ACCESS_CONF_SNIPPET, ACCESS_CONF_SNIPPETS)
|
|
|
|
|
|
def parse_arguments():
|
|
"""Return parsed command line arguments as dictionary"""
|
|
parser = argparse.ArgumentParser()
|
|
subparsers = parser.add_subparsers(dest='subcommand', help='Sub command')
|
|
|
|
subparsers.add_parser(
|
|
'enable-restricted-access',
|
|
help='Restrict console login to users in admin or sudo group')
|
|
subparsers.add_parser(
|
|
'disable-restricted-access',
|
|
help='Don\'t restrict console login to users in admin or sudo group')
|
|
|
|
subparsers.required = True
|
|
return parser.parse_args()
|
|
|
|
|
|
def subcommand_enable_restricted_access(_):
|
|
"""Restrict console login to users in admin or sudo group."""
|
|
try:
|
|
os.mkdir(os.path.dirname(ACCESS_CONF_FILE))
|
|
except FileExistsError:
|
|
pass
|
|
|
|
with open(ACCESS_CONF_FILE, 'w') as conffile:
|
|
conffile.write(ACCESS_CONF_SNIPPET + '\n')
|
|
|
|
|
|
def subcommand_disable_restricted_access(_):
|
|
"""Don't restrict console login to users in admin or sudo group."""
|
|
with open(ACCESS_CONF_FILE_OLD, 'r') as conffile:
|
|
lines = conffile.readlines()
|
|
|
|
with open(ACCESS_CONF_FILE_OLD, 'w') as conffile:
|
|
for line in lines:
|
|
if line.strip() not in ACCESS_CONF_SNIPPETS:
|
|
conffile.write(line)
|
|
|
|
try:
|
|
os.remove(ACCESS_CONF_FILE)
|
|
except OSError:
|
|
pass
|
|
|
|
|
|
def main():
|
|
"""Parse arguments and perform all duties"""
|
|
arguments = parse_arguments()
|
|
|
|
subcommand = arguments.subcommand.replace('-', '_')
|
|
subcommand_method = globals()['subcommand_' + subcommand]
|
|
subcommand_method(arguments)
|
|
|
|
|
|
if __name__ == '__main__':
|
|
main()
|