File: security

package info (click to toggle)
plinth 19.1%2Bdeb10u2
  • links: PTS, VCS
  • area: main
  • in suites: buster
  • size: 28,292 kB
  • sloc: python: 22,066; xml: 12,007; sh: 568; javascript: 406; pascal: 74; makefile: 49; php: 11
file content (85 lines) | stat: -rwxr-xr-x 2,761 bytes parent folder | download 
1
2
3
4
5
6
7
8
9
10
11
12
13
14
15
16
17
18
19
20
21
22
23
24
25
26
27
28
29
30
31
32
33
34
35
36
37
38
39
40
41
42
43
44
45
46
47
48
49
50
51
52
53
54
55
56
57
58
59
60
61
62
63
64
65
66
67
68
69
70
71
72
73
74
75
76
77
78
79
80
81
82
83
84
85
 
#!/usr/bin/python3
#
# This file is part of FreedomBox.
#
# This program is free software: you can redistribute it and/or modify
# it under the terms of the GNU Affero General Public License as
# published by the Free Software Foundation, either version 3 of the
# License, or (at your option) any later version.
#
# This program is distributed in the hope that it will be useful,
# but WITHOUT ANY WARRANTY; without even the implied warranty of
# MERCHANTABILITY or FITNESS FOR A PARTICULAR PURPOSE.  See the
# GNU Affero General Public License for more details.
#
# You should have received a copy of the GNU Affero General Public License
# along with this program.  If not, see <http://www.gnu.org/licenses/>.
#
"""
Helper for security configuration
"""

import argparse

from plinth.modules.security import (ACCESS_CONF_FILE, ACCESS_CONF_SNIPPET,
                                     ACCESS_CONF_SNIPPETS)


def parse_arguments():
    """Return parsed command line arguments as dictionary"""
    parser = argparse.ArgumentParser()
    subparsers = parser.add_subparsers(dest='subcommand', help='Sub command')

    subparsers.add_parser(
        'enable-restricted-access',
        help='Restrict console login to users in admin or sudo group')
    subparsers.add_parser(
        'disable-restricted-access',
        help='Don\'t restrict console login to users in admin or sudo group')

    subparsers.required = True
    return parser.parse_args()


def subcommand_enable_restricted_access(_):
    """Restrict console login to users in admin or sudo group."""
    with open(ACCESS_CONF_FILE, 'r') as conffile:
        lines = conffile.readlines()

    is_upgrading = False

    with open(ACCESS_CONF_FILE, 'w') as conffile:
        for line in lines:
            if line.strip() in ACCESS_CONF_SNIPPETS:
                conffile.write(ACCESS_CONF_SNIPPET + '\n')
                is_upgrading = True
            else:
                conffile.write(line)

    if not is_upgrading:
        with open(ACCESS_CONF_FILE, 'a') as conffile:
            conffile.write(ACCESS_CONF_SNIPPET + '\n')


def subcommand_disable_restricted_access(_):
    """Don't restrict console login to users in admin or sudo group."""
    with open(ACCESS_CONF_FILE, 'r') as conffile:
        lines = conffile.readlines()

    with open(ACCESS_CONF_FILE, 'w') as conffile:
        for line in lines:
            if line.strip() not in ACCESS_CONF_SNIPPETS:
                conffile.write(line)


def main():
    """Parse arguments and perform all duties"""
    arguments = parse_arguments()

    subcommand = arguments.subcommand.replace('-', '_')
    subcommand_method = globals()['subcommand_' + subcommand]
    subcommand_method(arguments)


if __name__ == '__main__':
    main()