source: internals/2016/linuxloginsmartcardwizard/trunk/project1/main.py @ 16354

Last change on this file since 16354 was 16354, checked in by dcorreia, 4 years ago

Added final step of configuration: pam-auth-update execution
Changed user-certificate mapping logic
Added documentation to config module
Code refactoring in config module

File size: 2.9 KB
Line 
1#!/usr/bin/python3
2import config
3import os
4
5# PAM-PKCS#11
6PAMPKCS11_PACKAGE = "libpam-pkcs11"
7PAMPKCS11_DIRPATH = "/etc/pam_pkcs11"
8PAMPKCS11_CONFIG = "/etc/pam_pkcs11/pam_pkcs11.conf"
9GUNZIP_DIRPATH = "/usr/share/doc/libpam-pkcs11/examples/pam_pkcs11.conf.example.gz"
10PTEID_MODULE = "pteid.txt"
11
12# Cacerts
13CACERTS_DIRPATH = "/etc/pam_pkcs11/cacerts"
14ECRAIZ_CERT = "/usr/local/share/certs/ECRaizEstado_novo_assinado_GTE.der"
15CC001_CERT = "/usr/local/share/certs/CartaodeCidadao001.der"
16
17# Crls
18CRLS_DIRPATH = "/etc/pam_pkcs11/crls"
19CRL_FILENAME = "cc_ec_cidadao_crl001_crl.crl"
20CC_CRL_HTTP = "https://pki.cartaodecidadao.pt/publico/lrc/cc_ec_cidadao_crl001_crl.crl"
21
22# Mapping
23SUBJECTMAPPING_EXAMPLE = "/usr/share/doc/libpam-pkcs11/examples/subject_mapping.example"
24PAMPKCS11_MAPPING = "/etc/pam_pkcs11/subject_mapping"
25
26# Pam-configs
27PAMCONFIG_EXAMPLE = "pkcs11.example"
28PAMCONFIG = "/usr/share/pam-configs/pkcs11"
29
30# Part 1 - Configuration of PKCS#11 module for PAM
31
32# Install PKCS#11 module for PAM
33config.installPackage(PAMPKCS11_PACKAGE)
34
35# Create directories to support configuration files
36config.makeDirectory(PAMPKCS11_DIRPATH)
37config.makeDirectory(CACERTS_DIRPATH)
38config.makeDirectory(CRLS_DIRPATH)
39
40# Copy pteid module data file to general directory
41config.copyFileToDirectory(PTEID_MODULE, PAMPKCS11_DIRPATH)
42
43# Copy certificate files to cacerts directory and make hash links
44config.copyFileToDirectory(ECRAIZ_CERT, CACERTS_DIRPATH)
45config.copyFileToDirectory(CC001_CERT, CACERTS_DIRPATH)
46config.makeHashLinks(CACERTS_DIRPATH)
47
48# Get crl file from web link
49if not os.path.exists(os.path.join(CRLS_DIRPATH, CRL_FILENAME)):
50    config.getCRLFile(CC_CRL_HTTP, CRLS_DIRPATH)
51
52# Generate pam_pkcs11.conf file
53config.makeConfigFile(GUNZIP_DIRPATH, PAMPKCS11_CONFIG, PAMPKCS11_DIRPATH)
54
55# Add portuguese CC module to pam_pkcs11.conf file
56if "pteid" not in "".join(open(PAMPKCS11_CONFIG, mode="r").readlines()):
57    config.addConfigModule(PTEID_MODULE, PAMPKCS11_CONFIG)
58
59# Change pkcs11 module to be used in pam_pkcs11.conf file
60config.changeUseModule("pteid", PAMPKCS11_CONFIG)
61
62# Test this phase of configuration by running pkcs11_inspect
63
64# Part 2 - User mapping configuration
65
66# Change use_mappers to subject in pam_pkcs11.conf
67config.changeUseMappers("subject", PAMPKCS11_CONFIG)
68
69# Copy subject_mapping file to main configuration folder
70config.copyFileToDirectory(SUBJECTMAPPING_EXAMPLE, PAMPKCS11_MAPPING)
71
72# Extract user authentication certificate from pkcs11_inspect execution
73# Add certificate->user mapping to subject_mapping file
74username = input("Please write the username to used in the mapping\n")
75if config.addUserMapping(PAMPKCS11_MAPPING, username):
76    print("Added mapping for user '%s'\n" % username)
77else:
78    print("Failed to add mapping for user '%s'" % username)
79
80# Create the pkcs11 file with configuration info
81config.copyFileToDirectory(PAMCONFIG_EXAMPLE, PAMCONFIG)
82
83# Simulate pam-auth-update manually to change content of common-auth
84config.runPamAuthUpdate()
Note: See TracBrowser for help on using the repository browser.