FreedomBox/actions/security

#!/usr/bin/python3
# SPDX-License-Identifier: AGPL-3.0-or-later
"""
Helper for security configuration
"""

import argparse
import os

from plinth.modules.security import (ACCESS_CONF_FILE, ACCESS_CONF_FILE_OLD,
                                     ACCESS_CONF_SNIPPET, ACCESS_CONF_SNIPPETS)


def parse_arguments():
    """Return parsed command line arguments as dictionary"""
    parser = argparse.ArgumentParser()
    subparsers = parser.add_subparsers(dest='subcommand', help='Sub command')

    subparsers.add_parser(
        'enable-restricted-access',
        help='Restrict console login to users in admin or sudo group')
    subparsers.add_parser(
        'disable-restricted-access',
        help='Don\'t restrict console login to users in admin or sudo group')

    subparsers.required = True
    return parser.parse_args()


def subcommand_enable_restricted_access(_):
    """Restrict console login to users in admin or sudo group."""
    try:
        os.mkdir(os.path.dirname(ACCESS_CONF_FILE))
    except FileExistsError:
        pass

    with open(ACCESS_CONF_FILE, 'w') as conffile:
        conffile.write(ACCESS_CONF_SNIPPET + '\n')


def subcommand_disable_restricted_access(_):
    """Don't restrict console login to users in admin or sudo group."""
    with open(ACCESS_CONF_FILE_OLD, 'r') as conffile:
        lines = conffile.readlines()

    with open(ACCESS_CONF_FILE_OLD, 'w') as conffile:
        for line in lines:
            if line.strip() not in ACCESS_CONF_SNIPPETS:
                conffile.write(line)

    try:
        os.remove(ACCESS_CONF_FILE)
    except OSError:
        pass


def main():
    """Parse arguments and perform all duties"""
    arguments = parse_arguments()

    subcommand = arguments.subcommand.replace('-', '_')
    subcommand_method = globals()['subcommand_' + subcommand]
    subcommand_method(arguments)


if __name__ == '__main__':
    main()