source: internals/2016/linuxloginsmartcardwizard/trunk/project1/main.py @ 16337

Last change on this file since 16337 was 16337, checked in by dcorreia, 4 years ago

Added pteid module data file to project folder.
FInished first part of configuration process.

File size: 1.9 KB
Line 
1#!/usr/bin/python3
2import configpkcs11
3import os
4
5PAMPKCS11_PACKAGE = "libpam-pkcs11"
6PAMPKCS11_DIRPATH = "/etc/pam_pkcs11"
7CACERTS_DIRPATH = "/etc/pam_pkcs11/cacerts"
8CRLS_DIRPATH = "/etc/pam_pkcs11/crls"
9CRL_FILENAME = "cc_ec_cidadao_crl001_crl.crl"
10ECRAIZ_CERT = "/usr/local/share/certs/ECRaizEstado_novo_assinado_GTE.der"
11CC001_CERT = "/usr/local/share/certs/CartaodeCidadao001.der"
12CC_CRL_HTTP = "https://pki.cartaodecidadao.pt/publico/lrc/cc_ec_cidadao_crl001_crl.crl"
13GUNZIP_DIRPATH = "/usr/share/doc/libpam-pkcs11/examples/pam_pkcs11.conf.example.gz"
14PAMPKCS11_CONFIG = "/etc/pam_pkcs11/pam_pkcs11.conf"
15PTEID_MODULE = "pteid.txt"
16
17
18# Install PKCS#11 module for PAM
19configpkcs11.installPackage(PAMPKCS11_PACKAGE)
20
21# Create directories to support configuration files
22configpkcs11.makeDirectory(PAMPKCS11_DIRPATH)
23configpkcs11.makeDirectory(CACERTS_DIRPATH)
24configpkcs11.makeDirectory(CRLS_DIRPATH)
25
26# Copy pteid module data file to general directory
27configpkcs11.copyFileToDirectory(PTEID_MODULE, PAMPKCS11_DIRPATH)
28
29# Copy certificate files to cacerts directory and make hash links
30configpkcs11.copyFileToDirectory(ECRAIZ_CERT, CACERTS_DIRPATH)
31configpkcs11.copyFileToDirectory(CC001_CERT, CACERTS_DIRPATH)
32configpkcs11.makeHashLinks(CACERTS_DIRPATH)
33
34# Get crl file from web link
35if not os.path.exists(os.path.join(CRLS_DIRPATH,CRL_FILENAME)):
36    configpkcs11.getCRLFile(CC_CRL_HTTP, CRLS_DIRPATH)
37
38# Generate pam_pkcs11.conf file
39configpkcs11.makeConfigFile(GUNZIP_DIRPATH, PAMPKCS11_CONFIG, PAMPKCS11_DIRPATH)
40
41# Add portuguese CC module to pam_pkcs11.conf file
42if "pteid" not in "".join(open(PAMPKCS11_CONFIG, mode="r").readlines()):
43    configpkcs11.addConfigModule(PTEID_MODULE, PAMPKCS11_CONFIG)
44
45# Change pkcs11 module to be used in pam_pkcs11.conf file
46configpkcs11.changeActiveModule("pteid", PAMPKCS11_CONFIG)
47
48# Test this phase of configuration by running pkcs11_inspect
49configpkcs11.testInspect()
50
Note: See TracBrowser for help on using the repository browser.