source: internals/2016/linuxloginsmartcardwizard/trunk/project1/main.py @ 16345

Last change on this file since 16345 was 16345, checked in by dcorreia, 4 years ago

Added features of second part of configuration process: subject mapping, card certificate operations and pam-configs.

File size: 3.0 KB
Line 
1#!/usr/bin/python3
2import configpkcs11
3import os
4
5PAMPKCS11_PACKAGE = "libpam-pkcs11"
6PAMPKCS11_DIRPATH = "/etc/pam_pkcs11"
7CACERTS_DIRPATH = "/etc/pam_pkcs11/cacerts"
8CRLS_DIRPATH = "/etc/pam_pkcs11/crls"
9CRL_FILENAME = "cc_ec_cidadao_crl001_crl.crl"
10ECRAIZ_CERT = "/usr/local/share/certs/ECRaizEstado_novo_assinado_GTE.der"
11CC001_CERT = "/usr/local/share/certs/CartaodeCidadao001.der"
12CC_CRL_HTTP = "https://pki.cartaodecidadao.pt/publico/lrc/cc_ec_cidadao_crl001_crl.crl"
13GUNZIP_DIRPATH = "/usr/share/doc/libpam-pkcs11/examples/pam_pkcs11.conf.example.gz"
14PAMPKCS11_CONFIG = "/etc/pam_pkcs11/pam_pkcs11.conf"
15PTEID_MODULE = "pteid.txt"
16SUBJECTMAPPING_EXAMPLE = "/usr/share/doc/libpam-pkcs11/examples/subject_mapping.example"
17PAMPKCS11_MAPPING = "/etc/pam_pkcs11/subject_mapping"
18CARD_DATAFILE = "/tmp/cardData"
19PAMCONFIG_EXAMPLE = "pkcs11.example"
20PAMCONFIG = "/usr/share/pam-configs/pkcs11"
21
22# Part 1 - Configuration of PKCS#11 module for PAM
23
24# Install PKCS#11 module for PAM
25configpkcs11.installPackage(PAMPKCS11_PACKAGE)
26
27# Create directories to support configuration files
28configpkcs11.makeDirectory(PAMPKCS11_DIRPATH)
29configpkcs11.makeDirectory(CACERTS_DIRPATH)
30configpkcs11.makeDirectory(CRLS_DIRPATH)
31
32# Copy pteid module data file to general directory
33configpkcs11.copyFileToDirectory(PTEID_MODULE, PAMPKCS11_DIRPATH)
34
35# Copy certificate files to cacerts directory and make hash links
36configpkcs11.copyFileToDirectory(ECRAIZ_CERT, CACERTS_DIRPATH)
37configpkcs11.copyFileToDirectory(CC001_CERT, CACERTS_DIRPATH)
38configpkcs11.makeHashLinks(CACERTS_DIRPATH)
39
40# Get crl file from web link
41if not os.path.exists(os.path.join(CRLS_DIRPATH,CRL_FILENAME)):
42    configpkcs11.getCRLFile(CC_CRL_HTTP, CRLS_DIRPATH)
43
44# Generate pam_pkcs11.conf file
45configpkcs11.makeConfigFile(GUNZIP_DIRPATH, PAMPKCS11_CONFIG, PAMPKCS11_DIRPATH)
46
47# Add portuguese CC module to pam_pkcs11.conf file
48if "pteid" not in "".join(open(PAMPKCS11_CONFIG, mode="r").readlines()):
49    configpkcs11.addConfigModule(PTEID_MODULE, PAMPKCS11_CONFIG)
50
51# Change pkcs11 module to be used in pam_pkcs11.conf file
52configpkcs11.changeActiveModule("pteid", PAMPKCS11_CONFIG)
53
54# Test this phase of configuration by running pkcs11_inspect
55configpkcs11.testInspect()
56
57# Part 2 - User mapping configuration
58
59# Change use_mappers to subject in pam_pkcs11.conf
60configpkcs11.changeUseMappers("subject", PAMPKCS11_CONFIG)
61
62# Copy subject_mapping file to main configuration folder
63configpkcs11.copyFileToDirectory(SUBJECTMAPPING_EXAMPLE, PAMPKCS11_MAPPING)
64
65# Extract user authentication certificate from pkcs11_inspect execution
66configpkcs11.getCardAuthCertificate(CARD_DATAFILE)
67
68# Add certificate->user mapping to subject_mapping file
69username = input("Please write the username to used in the mapping\n")
70configpkcs11.addUserMapping(CARD_DATAFILE, PAMPKCS11_MAPPING, username)
71
72# Create the pkcs11 file with configuration info
73configpkcs11.copyFileToDirectory(PAMCONFIG_EXAMPLE, PAMCONFIG)
74
75# TODO Use pam-auth-update to activate the new configurations
76
77
78# TODO Check configurations by looking at the common-auth file
79
80
81
82
Note: See TracBrowser for help on using the repository browser.