8Yc;@sddlZddlZddlZddlZddlZddlZddlZddlZddlZddl Z ddl Z ddl Z ddl Z ddl Z ddlZddlZddlZddlTddlZddlZejZyddlaWnek r danXdZdZdZdZdZdZd Zd Z d Z!d Z"d Z#dZ$de%e&dkrdZ'ndZ'e'dZ(dZ)dZ*dZ+dZ,dZ-dZ.dZ/dZ0dZ1dZ2dZ3e'dZ4e'd Z5ej6j7e5se'd Z5ne'd!Z8e'd"Z9e'd#Z:e'd$Z;e'd%Z<e'd&Z=e(d'Z>e(d(Z?e(d)Z@e(d*ZAe(d+ZBe(d,ZCe'd-ZDd.ZEd/ZFd0ZGd1ZHd2ZId3ZJed4ZKd5ZLd6ZMd7ZNd8ZOd9ZPd:ZQd;ZRd<ZSd=ZTd>ZUd?ZVd@ZWdAZXdBZYdCZZdDZ[dEZ\dFZ]dGZ^dHZ_dIZ`dJZadKZbdLZcdMZddNZedOZfdPZgdQZhdRZidSZjdTgZkdTdUgZldVgZmdVgZndTdWdXdYgZodZgZpdVgZqdUgZrgZsd[gZtd[d\gZud]gZvdVgZwdVd^gZxdUgZydVgZzdUgZ{dVgZ|d_d`dagZ}dbd`dcgZ~dddcdegZdfdcdegZdVgZdUgZdVgZdUgZdggZdhgZdhgZdhgZdidjdcgZdkdlgZdmdndlgZdogZdpdqdrdsdtgZedudv\ZZZZdwdxdydzgZedud{\ZZZZZedud{\ZZZZZgeeeeefD] Zg^qZeeeLd|ggeeeLd}egeeeLd~ddmggeeeVdegeeeRdetgeeeOdexgeeeNdggeeeNdggeeeYde}geeeYdggeeeNdekgeeeMde}geeeNdegeeeNdemgeeeNdemgeeeNdeqgeeeNdewgeeeNdezgeeeNde|geeeNdegeeeLd~dggeeeLdggeeeLdggeeeLd~ggeeeLdggeeeNdggeeeNde~geeePdggeeePdggeeePdggeeePdggeeeLdggeeeMdeogeeeMdepgeeeNdelgeeeNdegeeeNdengeeeNdengeeeNdergeeeNdeygeeeNde{geeeNdegeeeLdggeeeOdegeeeLdggeeeOdggeeeOdggeeeVdegeeeLdggeeeOdggeeeOdggeeeOdggeeeOdggeeeOdggeeeOdggg7eeR@((s!/usr/share/authconfig/authinfo.pyt openLockedscCsEd}|jd}x)|D]!}|r|d|d7}qqW|S(NtRs kdc = s (R (tkdclisttoutputtkdc((s!/usr/share/authconfig/authinfo.pytkrbKdcs  cCsKd}|jd}x/|D]'}|r|d7}||d7}qqW|S(NRIRs admin_server = s (R (t adminserversRKt adminserver((s!/usr/share/authconfig/authinfo.pytkrbAdminServers  cCsOd}|rK|d|d7}|t|7}|t|7}|d7}n|S(NRIR s = { s } (RMRP(trealmRJRNRK((s!/usr/share/authconfig/authinfo.pytkrbRealms cCs|jdd}t|dkr-d}n |d}|djjd}|jjd}||kr|jtjdStS(NRiiRIi(R RR!RRRRR(RRtlinelsttparamtkeylst((s!/usr/share/authconfig/authinfo.pyt matchLineSMBs   ttry_first_passt use_authtoktuse_first_passtlocal_users_onlysretry=3s authtok_type=s enforce=userstnodebugt wait_for_cardtallow_missing_nametno_subsequent_promptsuid >=t500t quiet_successsuid =)[ \t]+([0-9]+)tSysVInitServicecBs>eZdZdZdZdZdZdZRS(cCstjd|ddS(Ns/sbin/service s start(R4tsystem(tselftservice((s!/usr/share/authconfig/authinfo.pyR1WscCstjd|ddS(Ns/sbin/service s stop >/dev/null 2>&1(R4R(RR((s!/usr/share/authconfig/authinfo.pytstopZscCs*tjd|tjd|ddS(Ns/sbin/chkconfig --add s/sbin/chkconfig --level 345 s on(R4R(RR((s!/usr/share/authconfig/authinfo.pytenable]scCstjd|ddS(Ns/sbin/chkconfig --level 345 s off(R4R(RR((s!/usr/share/authconfig/authinfo.pytdisableascCs9tjd|d}tj|o8tj|dkS(Ns/sbin/chkconfig s >/dev/null 2>&1i(R4Rt WIFEXITEDt WEXITSTATUS(RRtrv((s!/usr/share/authconfig/authinfo.pyt isEnableddscCstjd|ddS(Ns/sbin/service s condrestart >/dev/null 2>&1(R4R(RR((s!/usr/share/authconfig/authinfo.pyt tryRestarths(t__name__t __module__R1RRRRR(((s!/usr/share/authconfig/authinfo.pyRVs      tSystemdServicecBs>eZdZdZdZdZdZdZRS(cCstjd|ddS(Ns/bin/systemctl start s.service(R4R(RR((s!/usr/share/authconfig/authinfo.pyR1lscCstjd|ddS(Ns/bin/systemctl stop s.service >/dev/null 2>&1(R4R(RR((s!/usr/share/authconfig/authinfo.pyRoscCstjd|ddS(Ns/bin/systemctl enable s.service >/dev/null 2>&1(R4R(RR((s!/usr/share/authconfig/authinfo.pyRrscCstjd|ddS(Ns/bin/systemctl disable s.service >/dev/null 2>&1(R4R(RR((s!/usr/share/authconfig/authinfo.pyRuscCs9tjd|d}tj|o8tj|dkS(Ns/bin/systemctl is-enabled s.service >/dev/null 2>&1i(R4RRR(RRR((s!/usr/share/authconfig/authinfo.pyRxscCstjd|ddS(Ns/bin/systemctl try-restart s.service >/dev/null 2>&1(R4R(RR((s!/usr/share/authconfig/authinfo.pyR|s(RRR1RRRRR(((s!/usr/share/authconfig/authinfo.pyRks      s /sbin/initcCs|r^yAtj|tj||sFtj|tj|nWqtk rZqXn`yLtj||sytj|Wqtk rqXntj|Wntk rnXtS(N( R4tstattServiceRRR1R;RR%(Rtpathtnametnostart((s!/usr/share/authconfig/authinfo.pyttoggleSplatbindServices(       cCs|r dSdSdS(Ntenabledtdisabled((tval((s!/usr/share/authconfig/authinfo.pyt formatBoolscCsytj\}}Wntk r*dSX|s|rOt|gdt}n5t|gdtdt}|jd|p|dd|j|j}tj |nd\}} y7t j |t j } t j |t j | tj @Wntk rnXt} xk| sqy7g} g} tj|gg|gd\} }} Wn4tjk rz\}}tjjd|dnX| r| rtj|t} qnd}ytj|d }Wntk rM\}}|tjksG|tjkrq|tjkrtj|t} qtjjd |dtj|t} qnX|r[y||7}| |7} |rtjj|n|r||kr| jd }tj||pdtj|d |d krd| | } nd} d}|rtjjd qnWqntk rW\}}tjjd|dtj|t} qnXqtj|t} qWytj|tjWntk rnXd}ytj|d\}}Wn1tk r\}}tjjd|dnX|| fS(NitshelltstdintinputRIs i<sselect: isread: s is<...> swrite: is waitpid: (RIRI( R4tforkptyR;tPopenR%tPIPEt communicatetwaitt returncodet_exitR7tF_GETFLtF_SETFLt O_NONBLOCKR=RtselectterrortsyststderrtwriteR<treadRBtEINTRtEAGAINtEIOtrfindtkilltsignaltSIGTERMtwaitpid(tcommandtechotquerytresponsetpidtmastertchildtstatusRKRtiteoftifdstefdstofdsterrttexttctindex((s!/usr/share/authconfig/authinfo.pytfeedForks    "  +            cCsytj|}Wntk r'tSXxS|D]K}y1tj|d|}tj|jretSWq/tk ryq/Xq/WtS(Nt/(R4tlistdirR;R%RtS_ISREGtst_modeR(RRR>tst((s!/usr/share/authconfig/authinfo.pyt isEmptyDirs   cCs|ycttg|dt}|jdjd}|jdkrHdS|ddkrb|d3nWntk rwdSX|S(Ntstdoutis iRI(Rt PATH_SCSETUPRRR RRR;(toptionsRR((s!/usr/share/authconfig/authinfo.pytcallPKCS11Setups cCs#tdg}|dkrgS|S(Nt list_modules(RR(tmods((s!/usr/share/authconfig/authinfo.pytgetSmartcardModuless cCstdtdgS(NtLocktIgnore(t_(((s!/usr/share/authconfig/authinfo.pytgetSmartcardActions scCst|}|j|S(N(tAuthInfoR(tmsgcbtinfo((s!/usr/share/authconfig/authinfo.pyR#s  t SaveGroupcBseZdZdZRS(cCs||_||_||_dS(N(t saveFunctionttoggleFunctiontattrlist(Rtsavefunct togglefuncR((s!/usr/share/authconfig/authinfo.pyt__init__)s  cCsx|jD]\}}||jkr)tS|dkrZt||t||krtSq |dkrtt||t||trtSq |dkr tt||t||trtSq q WtS(NR'RR(RtinconsistentAttrsR%tgetattrR)R(RR&R'tanametatype((s!/usr/share/authconfig/authinfo.pyt attrsDiffer.s  $ $ (RRRR(((s!/usr/share/authconfig/authinfo.pyR(s tSafeFilecBs5eZdZdZdZdZdZRS(cCstjj|\}}t|_tjd|d|dt|_t dd||jj gdtj dtj dkrt|_tj |jj|n||_dS( Ntdirtprefixtdeletes/bin/cps-afRs /dev/nulli(R4RR RtmissingttempfiletNamedTemporaryFileR%tfiletcallRR5tO_WRONLYtfchmodtfilenoR>(RR>t default_modetbaseR((s!/usr/share/authconfig/authinfo.pyR>s ! cCst|jjtj|jjtj|jj|j|jrpt d|jgdtj dtj ndS(Ns/usr/sbin/restoreconRs /dev/null( RtflushR4tfsyncRtrenameRR>RRR5R(R((s!/usr/share/authconfig/authinfo.pytsaveJs   cCs)y|jjWntk r$nXdS(N(RR<R;(R((s!/usr/share/authconfig/authinfo.pyR<Rs cCs|jj|S(N(RR(RR ((s!/usr/share/authconfig/authinfo.pyRYscCs$|jjd|jjddS(Ni(Rtseekttruncate(R((s!/usr/share/authconfig/authinfo.pytrewind\s(RRRR R<RR (((s!/usr/share/authconfig/authinfo.pyR=s    t FileBackupcBs,eZdZdZdZdZRS(cCs||_||_dS(N(t backupNametorigPath(Rt backupnametorigpath((s!/usr/share/authconfig/authinfo.pyRas cCst}d}d}yt|tjd}Wntk r?tSXytjtj|j }Wn%tt fk rtj |tSXyt ||}|j Wntk rt}nXyLxE|rtj|d}|st}Pntj|jj|qWWntt fk r)t}nXy|rCtj |nWntt fk r]nXy'|r|r|j|j nWntt fk rt}nX|S(Nii(R%RRDR4R6R=RtS_IMODEtfstatRR;R<RR RRRRRR (RtsrctdestRtsrcfdtdestfileR?R'((s!/usr/share/authconfig/authinfo.pytsafeCopyesL     !    cCst}y&tjj|s+tj|nWnttfk rKt}nX|d|j}|r{|j |j |}n|S(NR( R%R4RtisdirtmkdirR;R=RRRR(RtdestdirRt backuppath((s!/usr/share/authconfig/authinfo.pytbackups   cCst}ytjj|stSWnttfk r?t}nX|d|j}|rtjj|r|j ||j }ny5|rt d|j gdtj dtj nWnttfk rnX|S(NRs/usr/sbin/restoreconRs /dev/null(R%R4RRRR=R;RtisfileRRRR5R(Rt backupdirRR((s!/usr/share/authconfig/authinfo.pytrestores  (RRRRRR (((s!/usr/share/authconfig/authinfo.pyR `s  * cCs tjdS(Ntnscd(RR(((s!/usr/share/authconfig/authinfo.pyt readCachescCsL|rtjdn2ytjttjdWntk rGnXtS(NR!(RRR4Rt PATH_NSCDRR;R%(R((s!/usr/share/authconfig/authinfo.pyt writeCaches  t CacheBackupcBseZdZdZRS(cCst}y&tjj|s+tj|nWnttfk rKt}nX|d|j}|rd}y5t }t |d}|j t t|Wntk rt}nX|r|jqn|sytj|Wqtk rqXn|S(NRtw(R%R4RRRR;R=RRRR"R5RtstrtintR<tunlink(RRRRRR((s!/usr/share/authconfig/authinfo.pyRs.     cCst}ytjj|stSWnttfk r?t}nX|d|j}|rtjj|rd}y/t |d}t |j }t |Wn tttfk rt}nX|r|jqn|S(NRtr(R%R4RRRR=R;RRRR5R(RR$t ValueErrorR<(RRRRRR((s!/usr/share/authconfig/authinfo.pyR s$  (RRRR (((s!/usr/share/authconfig/authinfo.pyR%s is hesiod.confs /hesiod.confsyp.confs/yp.confs ldap.confs /ldap.confs nss_ldap.confs/nss_ldap.confs pam_ldap.confs/pam_ldap.confs nslcd.confs /nslcd.confs openldap.confs/openldap/ldap.confs krb5.confs /krb5.confskrb.confs /krb.confspam_pkcs11.confs/pam_pkcs11/pam_pkcs11.confssmb.confs/samba/smb.confs nsswitch.confs/nsswitch.confscacheenabled.confRIs/pam.d/t authconfigs/sysconfig/authconfigtnetworks/sysconfig/networks libuser.confs /libuser.confspwquality.confs/security/pwquality.confs login.defss /login.defss sssd.conftshadows/shadowtpasswds/passwdtgshadows/gshadowtgroups/groups 10-authconfigs /dconf/db/distro.d/10-authconfigs10-authconfig-lockss,/dconf/db/distro.d/locks/10-authconfig-lockst ldapServertldap_urit ldapBaseDNtldap_search_baset enableLDAPStldap_id_use_start_tlst ldapSchemat ldap_schemat ldapCacertDirtldap_tls_cacertdirt kerberosKDCt krb5_servertkerberosAdminServert krb5_kpasswdt kerberosRealmt krb5_realmtenableCacheCredstcache_credentialstkrb5_store_password_if_offlineRcBseZdZdZdZdZdZdZdZdZ dZ d Z d Z d Z d Zd ZdZdZdZdZdZdZdZdZdZdZdZdZdZdZedZdZ dZ!dZ"d Z#d!Z$d"Z%d#Z&d$Z'd%Z(d&Z)d'Z*d(Z+d)Z,d*Z-d+Z.d,Z/d-Z0d.Z1d/Z2d0Z3d1Z4d2Z5d3Z6d4Z7d5Z8d6Z9d7Z:d8Z;d9Z<d:Z=d;Z>d<Z?d=Z@d>ZAd?ZBd@ZCdAZDdBZEdCZFdDZGdEZHdFZIdGZJdHZKdIZLdJZMdKZNdLZOdMZPdNZQdOZRdPZSRS(Qc8Cs||_d|_g|_d|_d|_d|_d|_d|_d|_ d|_ d|_ d|_ d|_ d|_d|_d|_d|_d|_d|_d|_d|_d|_d|_d|_d|_d|_d|_d|_d|_d|_t|_ t|_!d|_"d|_#d|_$d|_%d|_&d|_'d|_(d|_)d|_*d|_+d|_,d|_-d|_.d|_/d|_0d|_1d|_2d|_3d|_4d|_5d|_6d|_7d|_8d|_9d|_:d|_;t<|_=d|_>d|_?d|_@d|_Ad|_Bd|_Cd|_Dd|_Ed|_Fd|_Gd|_Hd|_Id|_Jd|_Kd|_Ld|_Md|_Nd|_Od|_Pd|_Qd|_Rd|_Sd|_Tt|_Ut|_Vd|_Wd|_Xd|_Yd|_Zd|_[d|_\d|_]d|_^d|__d|_`d|_ad|_bd|_cd|_dd|_ed|_fd|_gd|_hd|_id|_jd|_kd|_lt<|_md|_nd|_od|_pt|_qtrr$y trjr|_n|jnjsWq$ttk r q$Xntu|_vtw|jx|jydmdngtw|jzddodpgtw|j{|j|dqdrdsgtw|j}ddtdudvdwdxdygtw|j~ddzgtw|jdd{gtw|jdd|d}d~dddddgtw|jdddddddddgtw|j|jdddddddddddddddgtw|jdddgtw|jddddddgtw|j|jdddddddddddg tw|jdddddddddddddddddddddddgtw|jddddddddddddddddddddddddddddddddddddddddg'tw|jddddddddddddddddddddddddddddddddd d g!tw|jdd gtw|jdd gtwd|j|d gtwd|jdgtwd|jdddddgtwd|jddddddgtwd|jddgg|_dS(NRIt9t1t0sdeny=4 unlock_time=1200s umask=0077t enableCacheR't implicitSSSDt hesiodLHSRt hesiodRHSt nisDomainRtnisLocalDomaint nisServerR2R4R6R8R:tpasswordAlgorithmt passMinLent passMinClasst passMaxRepeattpassMaxClassRepeatt passReqLowert passReqUppert passReqDigitt passReqOtherR@R<t smbSecuritytsmbRealmt smbServersR>tkerberosRealmviaDNStkerberosKDCviaDNSRBtenableSmartcardtforceSSSDUpdatet enableLDAPtenableKerberostenableLDAPAutht enableIPAv2tsmartcardActiontsmartcardModulet enableFprintdtforceSmartcardt smbWorkgroupt smbIdmapRangetwinbindSeparatortwinbindTemplateHomedirtwinbindTemplateShelltwinbindUseDefaultDomaintwinbindOfflinet winbindKrb5tenableDBtenableDirectoriest enableWinbindtenableOdbcbindt enableNIS3t enableNIStenableLDAPbindtenableHesiodbindt enableHesiodt enableDBIbindt enableDBbindt enableCompatt enableWINSt enableMDNStenableMyhostnamet enableSSSDtpreferDNSinHostst pwqualityArgst passwdqcArgst faillockArgstenableFaillockt localuserArgst pamAccessArgstenablePAMAccesst mkhomedirArgstenableMkHomeDirt algoRoundst enableShadowt enableNullOktforceBrokenShadowtenableWinbindAutht enableAFStenableAFSKerberostenablePWQualityt enableEPStenableEcryptfst enableOTPtenablePasswdQCtenableLocAuthorizetenableSysNetAuthtenableSSSDAutht pamLinkedtimplicitSSSDAutht systemdArgstuidMintenableForceLegacyt ipav2Servert ipav2Domaint ipav2RealmtipaDomainJoinedt ipav2NoNTP(s enableCacheR'(s implicitSSSDR'(s hesiodLHSR(s hesiodRHSR(s nisDomainR(snisLocalDomainR(s nisServerR(s ldapServerR(s ldapBaseDNR(s enableLDAPSR'(s ldapSchemaR(s ldapCacertDirR(spasswordAlgorithmR(spasswordAlgorithmR(spasswordAlgorithmR(s passMinLenR(s passMinClassR(s passMaxRepeatR(spassMaxClassRepeatR(s passReqLowerR'(s passReqUpperR'(s passReqDigitR'(s passReqOtherR'(s kerberosRealmR(s kerberosKDCR(s smbSecurityR(ssmbRealmR(s smbServersR(skerberosAdminServerR(skerberosRealmviaDNSR'(skerberosKDCviaDNSR'(s ldapServerR(s ldapBaseDNR(s enableLDAPSR'(s ldapSchemaR(s ldapCacertDirR(senableCacheCredsR'(senableSmartcardR'(s kerberosRealmR(s kerberosKDCR(skerberosAdminServerR(sforceSSSDUpdateR'(s enableLDAPR'(senableKerberosR'(senableLDAPAuthR'(s enableIPAv2R'(ssmartcardActionR(ssmartcardModuleR(ssmartcardActionR(ssmartcardModuleR(s enableFprintdR'(senableSmartcardR'(sforceSmartcardR'(s smbWorkgroupR(s smbServersR(ssmbRealmR(s smbSecurityR(s smbIdmapRangeR(swinbindSeparatorR(swinbindTemplateHomedirR(swinbindTemplateShellR(swinbindUseDefaultDomainR'(swinbindOfflineR'(s winbindKrb5R'(senableDBR'(senableDirectoriesR'(s enableWinbindR'(senableOdbcbindR'(s enableNIS3R'(s enableNISR'(senableLDAPbindR'(s enableLDAPR'(senableHesiodbindR'(s enableHesiodR'(s enableDBIbindR'(s enableDBbindR'(s enableCompatR'(s enableWINSR'(s enableMDNSR'(senableMyhostnameR'(s enableNIS3R'(s enableNISR'(s enableIPAv2R'(s enableSSSDR'(spreferDNSinHostsR'(s implicitSSSDR'(s pwqualityArgsR(s passwdqcArgsR(s faillockArgsR(senableFaillockR'(s localuserArgsR(s pamAccessArgsR(senablePAMAccessR'(s mkhomedirArgsR(senableMkHomeDirR'(s algoRoundsR(spasswordAlgorithmR(s enableShadowR'(s enableNISR'(s enableNullOkR'(sforceBrokenShadowR'(senableLDAPAuthR'(senableKerberosR'(senableSmartcardR'(sforceSmartcardR'(senableWinbindAuthR'(senableMkHomeDirR'(s enableAFSR'(senableAFSKerberosR'(senablePWQualityR'(s enableEPSR'(senableEcryptfsR'(s enableOTPR'(senablePasswdQCR'(senableLocAuthorizeR'(senableSysNetAuthR'(swinbindOfflineR'(s winbindKrb5R'(senableSSSDAuthR'(s enableFprintdR'(s pamLinkedR'(simplicitSSSDAuthR'(s systemdArgsR(suidMinR(s enableIPAv2R'(spasswordAlgorithmR(s enableShadowR'(s enableNISR'(s enableLDAPR'(senableLDAPAuthR'(senableKerberosR'(senableEcryptfsR'(senableSmartcardR'(sforceSmartcardR'(senableWinbindAuthR'(s enableWinbindR'(s winbindKrb5R'(senableDBR'(s enableHesiodR'(senablePWQualityR'(senablePasswdQCR'(senableFaillockR'(s faillockArgsR(senableLocAuthorizeR'(senablePAMAccessR'(senableCacheCredsR'(senableMkHomeDirR'(senableSysNetAuthR'(s enableFprintdR'(s enableSSSDR'(senableSSSDAuthR'(senableForceLegacyR'(s ipav2ServerR(s ipav2DomainR(s ipav2RealmR(s enableIPAv2R'(sipaDomainJoinedR'(s ipav2NoNTPR'(s nisDomainR(s enableShadowR'(s enableNISR'(senableMkHomeDirR'(s enableLDAPR'(senableLDAPAuthR'(s implicitSSSDR'(simplicitSSSDAuthR'(senableForceLegacyR'(s implicitSSSDR'(simplicitSSSDAuthR'(s enableIPAv2R'(s enableSSSDR'(senableSSSDAuthR'(senableForceLegacyR'(s enableWinbindR'(senableWinbindAuthR'(t messageCBt backupDirRRJRKR2R4RR@R[R<R\R>RNRLRMRgRYRZRXRhRiRjRkRlRmRnRRRRRRt ipaUninstallRdRcRHRzRoRpRwR_R6RtRsRyRxRvRuRrRqR{R|R}RR~RbtenableAltfilesRRR%RRRRR`RaRORRRRRRRRRRR]Rt brokenShadowRRfReRRIRRBRPRQRRRSRTRURVRWRRtjoinUsert joinPasswordRRRRRRR:t ldapCacertURLR8Rt sssdConfigt sssdDomainR^tsssdConfigPresentt SSSDConfigt new_configR=tsetttoggleFunctionsRR$ttoggleCachingServicet writeHesiodtwriteNISttoggleNisServicet writeLDAPt writeLibusertwriteLogindefstwritePWQualityt writeKerberost writeSSSDttoggleSSSDServicetwriteSmartcardt writeDConft writeWinbindttoggleWinbindServicetwriteNSStwritePAMtwriteSysconfigt writeNetworkt toggleShadowttoggleOddjobServicettoggleLDAPServicet save_groups(RR((s!/usr/share/authconfig/authinfo.pyR&sr                                                                                                                                                cCsZt||}||krVt||||t||krV|jj|qVndS(N(RtsetattrRtappend(RtattrR#treftoldval((s!/usr/share/authconfig/authinfo.pytsetParams  cCs>yt|}Wntk r$dSX|j|t||S(N(R(R+RR'(RRR#R((s!/usr/share/authconfig/authinfo.pyt setIntParams  cCsWyt|}Wntk r$dSX|dkrD|j|t|S|j|t|S(Ni(R(R+RR%R(RRR#R((s!/usr/share/authconfig/authinfo.pytsetClassReqParam s  cCs|js|j rtSd }d}d}d}d }x>|D]6}t|d |r<||kretS|d 7}q<q<W|d krtSd }x>|D]6}t|d |r||krtS|d 7}qqW|d krtS|jr|jrtStS(NtNIStLDAPtWinbindtHesiodtIPAv2tKerberostLDAPAutht WinbindAutht SmartcardiRi(RRRRR(RRRR(RR(RRRRR`R[R%(Rtnssalltpamallt idsupportedt authsupportedtnumtt((s!/usr/share/authconfig/authinfo.pyt sssdSupporteds2      cCsytjttj}Wntk r.tSX|jdt|j d||jdt|j d||j t S(NRJtlhsRKtrhs( tshvfileRt all_configst CFG_HESIODRR=RRR tgetValueR<R%(RRtshv((s!/usr/share/authconfig/authinfo.pyt readHesiod2s "" cCsJytttjd}Wntk r.tSXd}x|D]}|j}t|d}|r|jrt ||}q<nt|d}|r<|j dd}t |dkrq<n|d|jkrq<nt |dkrq<n|d}t|d}|r%t ||}q%q<q<W|j d |||jtS( NR*RItypserverRiiitserverRN(R5RtCFG_YPRR=RtstripRRMR$R RRRR<R%(RRtft nisserverRR#((s!/usr/share/authconfig/authinfo.pytreadNISCs6     cCssd|kr|jd}n |j}xB|D]:}ytj|j}Wq1ttjfk rjtSXq1WtS(s& Check whether LDAP URI is valid. R(R turlparsetportR+tsocketRRR%(RR turisturitp((s!/usr/share/authconfig/authinfo.pytvalidateLDAPURIms    cCsd|kr|jd}n |j}d}xU|D]M}|r7|rV|d7}nd|kro||7}q|d|d7}q7q7W|r|j| r|jtdn|S(NRRIs://sldap://RsInvalid LDAP URI.(R RRR(RR tvalidatetltrettitem((s!/usr/share/authconfig/authinfo.pytldapHostsToURIs|s      cCst|_ytttjd}Wntk rytttjd}Wqtk rytttjd}Wqtk ryttt jd}Wqtk rt SXqXqXnXx|D] }|j }t |d}|rt |r|jd||qnt |d}|rC|jd||qnt |d}|rq|jd||qnt |d}|r|jdt|d |qnt |d }|r|jd ||qqqW|jt|jt |_|jtS( NR*RR4thostR2RtsslR6t start_tlst nss_schemaR8(tPATH_LDAP_CACERTSR:R5Rt CFG_NSSLDAPRR=t CFG_NSLCDt CFG_PAMLDAPtCFG_LDAPRRRR*RR RRR2R<R%(RRRRR#((s!/usr/share/authconfig/authinfo.pytreadLDAPsN         cCs(y|j|SWntk r#dSXdS(NRI(tallKerberosKDCstKeyError(RRQ((s!/usr/share/authconfig/authinfo.pytgetKerberosKDCs cCs(y|j|SWntk r#dSXdS(NRI(tallKerberosAdminServersR(RRQ((s!/usr/share/authconfig/authinfo.pytgetKerberosAdminServers cCsd}i|_i|_t}ytttjd}Wntk rLtSXx |D]}|jdd}|j }|dd!dkr|dd!}d}qTn|dkrbt |d }|r|j d ||t }qTnt |d }|r"|j d t |d dk|qTnt |d}|rY|j dt |d dk|qTqYqT|dkrT|s|jdd}t|dkrqTn|d}qY|dd!dkrd}qTn|js||_t }nt |d}|rt|j|||j|(RRRR5RtCFG_KRB5RR=R RRRR%RRRR@R$RR R<RR(RRtsectiont realm_foundRRt subsectionR#((s!/usr/share/authconfig/authinfo.pyt readKerberossr       ""      )  % cCsd}ytttjd}Wntk r4tSXx|D]}|j}|dd!dkrz|dd!}d}q<n|dkr<t|d}|r|jd |j |q<qq<q<W|j t S( NRIR*iiR itdefaultst crypt_styleRO( R5Rt CFG_LIBUSERRR=RRRRR!R<R%(RRRRRRR#((s!/usr/share/authconfig/authinfo.pyt readLibusers$       cCshytttjd}Wntk r.tSXx(|D] }tj|}|dk r6|j d}|j dr{q6n|j d}|dkr|j d}n|dkrd}qnq6|dkr|dkr|j d d |q6n|d kr4|d krd }n|j d |j |q6n|dkr6|j d||q6q6W|j tS(NR*iR iiRItMD5_CRYPT_ENABtyesRORktENCRYPT_METHODtDESRitUID_MINR(R5RtCFG_LOGIN_DEFSRR=Rt ld_line_retmatchRR1RRR!R<R%(RRRRR$RR#((s!/usr/share/authconfig/authinfo.pyt readLogindefs:s8           cCsd}ytttjd}Wntk r4tSXx|D]}|jdd}|j}t|d}|r|j d||q<nt|d}|r|j d||q<nt|d }|r|j d ||q<nt|d }|r|j d ||q<nt|d }|rG|j d||q<nt|d}|ru|j d||q<nt|d}|r|j d||q<nt|d}|r<|j d||q<q<q<W|j t S(NRIR*R itminlenRPtminclassRQt maxrepeatRRtmaxclassrepeatRStlcreditRTtucreditRUtdcreditRVtocreditRW( R5Rt CFG_PWQUALITYRR=RR RRRRR<R%(RRRRRR#((s!/usr/share/authconfig/authinfo.pyt readPWQuality\sT     c Cs%|js tStj|_y$|jjttjt|_Wn6ttj fk rxtj|_|jj nXy|jj t }|_ Wntjk ruy|jjd}Wn=tk ry|jjd}Wqtk rtSXnX|jj |}y|jd}Wntjk rAd}nXy|jd}Wqvtjk rqd}qvXnXxtD]\}}y}|j|}|dkrdj|jd}n0|dkr|dkrw}n|d krw}n|j|||Wq}tjk rq}Xq}WdS( Nit id_providert auth_providerR3R RR9trfc2307RD(RR%Rt import_configRtCFG_SSSDRRR=t ParsingErrorRt get_domaintSSSD_AUTHCONFIG_DOMAINRt NoDomainErrortlist_active_domainst IndexErrort list_domainst get_optiont NoOptionErrorRt sssd_optionsRR R( RRRtdomnametidprovtauthprovRtoptR((s!/usr/share/authconfig/authinfo.pytreadSSSDsP        cCst}tdg}|dkr.d|_tS|jd|d|tdg}|dkrdtSx#|D]}d|krkt}qkqkW|r|jdtd|n|jdtd |tS( Nt use_moduleRIRdit rm_actions lockhelper.shRcRR(RRRRdRR%R(RRtlocktsmartcardmodulet rmactionstaction((s!/usr/share/authconfig/authinfo.pyt readSmartcards       cCsd}d}ytttjd}Wntk r:|SXx|D]}|j}t|driqBnt|dr~qBnt|d}|r|jddj }qBn| sB|dkrqBnt ||}|rB|}qBqBW|j |S( NRIR*R t;R t]itglobal( R5RtCFG_SMBRR=RR RR R!RVR<(RRtresultRRRR#tres((s!/usr/share/authconfig/authinfo.pytreadWinbindGlobals.     cCsT|j|}|rP|jdksE|jdksE|dkrItStSndS(NRRRF(RQR!R%RR(RRttmp((s!/usr/share/authconfig/authinfo.pytreadWinbindGlobalBools 0cCs|jd}|r+|jd||n|jd}|rV|jd||n|jd}|r|jd||n|jd}|r|jd||n|jsd |_n|jd }|r|jd ||n|jsd |_n|jd }|r,|jd||n|jd}|rW|jd||n|jd}|r|jd||n|jsd|_n|jd}|dkr|jd||n|jd}|dkr|jd||ntS(Nt workgroupRgspassword serverRZRQRYtsecurityRXtusersidmap config * : rangeRhs16777216-33554431swinbind separatorRistemplate homedirRjstemplate shellRks /bin/falseswinbind use default domainRlswinbind offline logonRm(RQRRXRhRkRSRR%(RRRR((s!/usr/share/authconfig/authinfo.pyt readWinbindsJ        c Cs]d}d}ytttjd}Wntk r:tSXxM|D]E}|j}t|d}|rr|}qBt|d}|rit|dr|j dt |nt|dr|j dt |nt|d r|j d t |nt|d }|dkr#t|d}nt|d }|dkr|dkr|j d ||k|qqBt|d}|rB|}qBqBW|rOd#d$d%d&d'd(d)d*d+f } x=| D]5\} } t|| r|j d | t |qqW|r*t|d!r*t|d! r*|j j d"n|j d"tt|d!|n|jt S(,NRIR*spasswd:shosts:twinsR{smdns4_minimal [NOTFOUND=return]R|t myhostnameR}tnistdnsRs initgroups:tCompattcompattDBtdbt Directoriest directoriesRthesiodRRRtAltfilestaltfilestNIS3tnisplusRRRR}RI(R\R](R^R_(R`Ra(sHesiodshesiod(sLDAPR(sNISRZ(RcRd(ReRf(sWinbindR(R5Rt CFG_NSSWITCHRR=RRRR3RR%RRRtboolR<( RRt nssconfigt initgroupsRRR#tnispostdnspostnssmapRtnssentry((s!/usr/share/authconfig/authinfo.pytreadNSS sR        %% cCs|jdt|tS(NRH(RR"R%(RR((s!/usr/share/authconfig/authinfo.pyR"WscCsytttjd}WnAtk r]yttdtd}Wq^tk rYtSXnX|j|||j yttt jd}WnAtk ryttdt d}Wqtk rt SXnX|j|||j t S(NR*s/pam.d/( R5RtCFG_PAMRR=t SYSCONFDIRtAUTH_PAM_SERVICERt readPAMFileR<tCFG_POSTLOGIN_PAMtPOSTLOGIN_PAM_SERVICER%(RRR((s!/usr/share/authconfig/authinfo.pytreadPAM\s&        c Cs"d}x||D]t}|jdd}t|dkrD|d}n|j}|ddkrx||d d7}q n||}d}|j}d}|jdd}t|dkrq n|\}}|d kr|d kr|d kr|d krq n|jd r*|jdd}n|jdd}t|dkrTq n|ddkrjq n|d}|jd r|d7}n|d}|jdd}t|dkrq n|djdd\} t|dkr|d}n| jds| jdrP|jdt||r |jd||q q n| jdrx|jdt|q n| jdr|jdt|q n| jdr|jdt|q n| jdr%|jdt|d|kr |jdt|q |jdt|q n| jdrM|jd t|q n| jd!r|jd"t||r |jd#||q q n| jd$r|jd%t||jd&|j d'dk|q n| jd(r|jd)t|q n| jd*rG|jd+t||r |jd,||q q n| jd-se| jd.r|jd/t||r ||_ q q n| jd0r|jd1t||r |jd2||q q n| jd3r|r |jd4||q q n|d kr| jd5rx9t D]1} |j | dkr'|jd6| |q'q'WyP|j d7} || d8jdd} |jd9t t| d|Wnttfk rnXy$tjd:|jd;t|Wqtk r|jd;t|qXqn|d kr| jd5rW|jd<|j d=dk|n| jd>r|jd?t||r d@|kr |jd@dj}|jdA||q q qn|d kr| jd5r|jdB|j dCdk|qn|d ks|d kr | jdDrtj|} | dkr~| jddkr~|jdE| jd|q~qq q W|jr|jr|jd"t|n|j r|j r|jdt|n|jr|j r|j r|j r|j r|j rt|_!ndS(FNRIR iiis\R iRnRoRqRpR RLtincludeRt pam_cracklibt pam_pwqualityRRt pam_ecryptfsRtpam_krb5R`tpam_ldapRat pam_pkcs11R]tauthinfo_unavailRft pam_fprintdRet pam_passwdqcRRt pam_winbindRRnt krb5_authtpam_sssRt pam_accessRRt pam_mkhomedirtpam_oddjob_mkhomedirRt pam_localuserRRt pam_systemdRtpam_unixROsrounds=iRs /etc/shadowRRtnullokt pam_faillockRRRRt broken_shadowtpam_succeed_ifR("R RR RRRRR%RR-Rtpassword_algorithmsRR'R(R+R:R4RR;RRt succ_if_reR$R1RRRRaR`RRR]R(RRRtprevlineRRtargststacktcontroltmoduletalgotridxtroundsR$((s!/usr/share/authconfig/authinfo.pyRsws           "   '   %  (!)cCsSy;tjttj}y|jd|_Wntk rBnXy|jd|_Wntk rlnXy|jd|_ Wntk rnXy|jd|_ Wntk rnXy|jd|_ Wntk rnXy|jd|_ Wntk rnXy|jd|_ Wntk r>nXy(|jd|_|jd |_Wntk rznXy|jd |_Wntk rnXy|jd |_Wntk rnXy|jd |_Wntk rnXy|jd |_Wntk r"nXy|jd|_Wntk rLnXy|jd|_Wntk rvnXy|jd|_Wntk rnXy|jd|_Wntk rnXy|jd|_Wntk rnXy|jd|_Wntk rnXy|jd|_Wntk rHnXy.|jd}|rmd|_n d|_Wntk rnXy|jd|_Wntk rnXy|jd|_Wntk rnXy|jd|_Wntk rnXy|jd|_ Wntk r2nXy|jd|_!Wntk r\nXy|jd|_"Wntk rnXy|jd|_#Wntk rnXy|jd|_$Wntk rnXy|jd |_%Wntk rnXy|jd!|_&Wntk r.nXy|jd"|_'Wntk rXnXy|jd#|_(Wntk rnXy|jd$|_)Wntk rnXy|jd%|_*Wntk rnXy|jd&|_+Wntk rnXy|jd'|_,Wntk r*nXy|jd(|_-Wntk rTnXy|jd)|_.Wntk r~nXy|jd*|_/Wntk rnXy|jd+|_0Wntk rnX|jd,|_1|jd-|_2|jd.|_3|jd/}|t4kr0||_n|j5Wnt6k rNnXt7S(0NtUSEAFStUSEAFSKERBEROStUSEDBt USEPWQUALITYt USEDBBINDt USEDBIBINDtUSEDIRECTORIESt USEFAILLOCKt FAILLOCKARGSt USEECRYPTFStUSEEPSt USEHESIODt USEHESIODBINDt USEKERBEROStUSELDAPt USELDAPAUTHt USESMARTCARDt USEFPRINTDtFORCESMARTCARDt USELDAPBINDtUSEMD5RkRitUSENISt USENISPLUSt USEODBCBINDtUSEOTPt USEPASSWDQCt USESHADOWt USEWINBINDtUSEWINBINDAUTHt WINBINDKRB5tUSESSSDt USESSSDAUTHtUSELOCAUTHORIZEt USEPAMACCESSt USEMKHOMEDIRt USESYSNETAUTHt FORCELEGACYtCACHECREDENTIALStUSEIPAV2tIPADOMAINJOINEDt IPAV2NONTPt IPAV2SERVERt IPAV2DOMAINt IPAV2REALMtPASSWDALGORITHM(8RRRtCFG_AUTHCONFIGRt getBoolValueRR+RRoRRyRxRpRRRRRRwRvR`R_RaR]ReRfRuRORtt enableNISP3RrRRRRqRRnR~RRRRRRRBRbRRRRRRR<R=R%(RRt enableMD5R((s!/usr/share/authconfig/authinfo.pyt readSysconfig s`                                             cCsytjttj}Wntk r.tSX|jd}|rP||_n|j |jr||j d|j|nt S(Nt NISDOMAINRL( RRRt CFG_NETWORKRR=RRRMR<RR%(RRRRR((s!/usr/share/authconfig/authinfo.pyt readNetwork s    cCsh|j}t|j|ks6t|j|kr:tSx'|jD]}|j||rDtSqDWtS(N(RRhRIRR%RRR(RR't sssdsupportedR1((s!/usr/share/authconfig/authinfo.pytdiffers s *cCst|j|_t|j|_t|j|_t|j|_|j|j||_|jdkr|jr|jj |_qn|j j |_ |j dkrt|_ n|jdkrd|_ndS(NtadsRI(RRZRR<R>RR2RXRYtupperROR!RBRR%R@(RR((s!/usr/share/authconfig/authinfo.pytupdate s  cCs|j}|j|j||j||j||j}|jr| r|j r|jdt |t |_n|j r| r|j r|jdt |t |_ n|j ||j ||j||j||j||j||j r-|j r-|j|n|j||j||jsY|j ri|j|n|j||j||jdS(NR~R(tcopyRRoRRvRRIRbRR%RRR%R/RRWRRRCRRRJR"R(RRtreallyimplicit((s!/usr/share/authconfig/authinfo.pyR s6                  cCs%tj|}d|_d|_|S(NRI(RRR(RR((s!/usr/share/authconfig/authinfo.pyR& s  cCs/ttj|jt|jo'|j tS(N(Rt CFG_CACHERRR$RHRIR%(R((s!/usr/share/authconfig/authinfo.pyR$, scCsttj|jytjttj}Wntk rBtSX|j d|j |j d|j |j d|j tS(NRRi(RRRRRtrcreateRR=RtsetValueRJRKRR<R%(RR((s!/usr/share/authconfig/authinfo.pyR1 s   c Cst}d}d}ttj|jztttjd}x|jD]}|j }t |d}|r}|j dd}t |dkrqIn|d|j kr|d|jkr||7}qIn| r|j r|d|j 7}|jj d}|jr'|d7}||d7}n |d 7}|d 7}|d}x)|D]!}|rL|d |d 7}qLqLWt}qqIt|d r| r|j r|jr|jj d}x)|D]!}|r|d |d 7}qqWt}qqI||7}qIW|s|jj d}|j rv|d|j 7}|dr_|d7}||d7}|d}n |d 7}|d 7}nx,|D]!}|r}|d |d 7}q}q}Wn|j|j||jWdy|r|jnWntk rnXXtS( NRIiRiisdomain Rs server s broadcasts s ypserver R(RRRRRRRRRRRR RRLRMRNR%R R RR R<R=( RtwrittenRRKRtlsR#tserversR ((s!/usr/share/authconfig/authinfo.pyR@ sv &                    cCst}t} t} t} t} t} d}d}|jr`|jdkr`|jdkr`d}nd}zt|d}xJ|jD]?}|j}t||r| r|jr||d7}|dj|jj d7}|d 7}t } qqt||r"|jr|d |7}qqt ||rr| r|j r||d7}||j 7}|d 7}t }qq|rt|d r| s|d 7}|j r|d 7}n |d7}|d 7}t } qq|rt|dr| r|jr|d7}||j7}|d 7}t } qqt|drx| s|rG|d7}n |d7}|d|j7}|d 7}t } qq|rt|dr| s|d|7}|d 7}t } qq||7}qW| r|jr||d7}|dj|jj d7}|d 7}n| rG|j rG||d7}||j 7}|d 7}n|r| r|d 7}|j rt|d 7}n |d7}|d 7}n|r| r|jr|d7}||j7}|d 7}n| s|r|d7}n |d7}|d|j7}|d 7}n|r.| r.|d|7}|d 7}n|j|j||jWdy|ri|jnWntk r}nXXt S(NRIRiRjRktcryptiR Rs R Rsssl RtnoRs nss_schema t tls_cacertdirt TLS_CACERTDIRt pam_passwords pam_password (RRRORRRR R2RR R%R+R4R6R8R"R:R RR R<R=(RR>RRRt writepadlt writeschematwritepamt wrotebasednt wroteservertwrotesslt wroteschemat wrotepasstwrotecacertdirRRKtpassalgoRR((s!/usr/share/authconfig/authinfo.pyt writeLDAP2 s                                            cCstjjttjrVttj|j|jttjdddt t t ntjjtt jrtt j|j|jtt jdddt t t ntjjtt jrtt j|j|jtt jdddt t t ntjjtt jrXtt j|j|jtt jdddt t t nttj|j|jttjdddt t t }|S(NRRRtURItHOSTtBASE(R4RRRRRRRRR%RRRRt CFG_OPENLDAP(RR((s!/usr/share/authconfig/authinfo.pyR s(cCsRd}|jdkr|dS|jdks;|jdkrF||jS|dSdS(Nscrypt_style = RkRlRmtdes(RO(RR((s!/usr/share/authconfig/authinfo.pyt cryptStyle s  cCst}t}d}d}d}ttj|jzDtttjd}x|jD]}|j }|dkrt |dr||j d7}t }qUnt |dr|dkr| r||j d7}t }n|dj ddd }|dkrt }qn||7}qUW|sT|d 7}||j d7}t }t }n|j|j||jWdy|r|jnWntk rnXXt S( NRIiRRs R iRLis [defaults] (RRRRRRRRRRR RR%R R RR R<R=(Rtwrotecryptstylet wrotedefaultsRRRKRR((s!/usr/share/authconfig/authinfo.pyR* sH         c Cst}t}d}d}d}ttj|j|jdkrJd}nd}|jdksn|jdkrwd}nd|jjd }z^tttj d }x|j D]}t j |} | dk rE| j d } | jd r||7}qn| j d } | dkr-| j d} n| dkrRd} qRn ||7}q| dkrt||7}t}qn| dkr||7}t}qn||7}qW|s||7}n|s||7}n|j|j||jWdy|r|jnWntk rnXXtS(NRIRksMD5_CRYPT_ENAB yes sMD5_CRYPT_ENAB no RiRjsENCRYPT_METHOD DES sENCRYPT_METHOD s iiR iiRR(RRRR"RRRORRRRR#R$R1RR%R RR R<R=( Rt wrotemd5crypttwroteencmethodRRRKtmd5cryptt encmethodRR$RR#((s!/usr/share/authconfig/authinfo.pyR_ sd                 cCs|jd}t|dkr3|jd}nt|dkryat|d}|dkrh|S|r|dkr|ddS| r|dkr|ddSWqtk rqXn|rd}nd}|dd |S( NRiR is = -1s = 0s-1RGs = (R RR(RR+(RRR#RR((s!/usr/share/authconfig/authinfo.pytformatClassReqParam s$    c Cst}t}t}t}t}t}t}t}d} d} ttj|jzjtttjd} x| jD]} | j ddj } t | dr|ss| d|j d7} t }qsqsnt | dr|ss| d |jd7} t }qsqsnt | d r=|ss| d |jd7} t }qsqsnt | d rv|ss| d |jd7} t }qsqsnt | dr|ss| |j| |jd7} t }qsqsnt | dr|ss| |j| |jd7} t }qsqsnt | dr9|ss| |j| |jd7} t }qsqsnt | drz|ss| |j| |jd7} t }qsqsn| | 7} qsW|s| d|j d7} n|s| d |jd7} n|s| d |jd7} n|s| d |jd7} n|s&| |jd|jd7} n|sL| |jd|jd7} n|sr| |jd|jd7} n|s| |jd|jd7} n| j| j| | jWdy| r| jnWntk rnXXt S(NRIiR iR&s minlen = s R's minclass = R(s maxrepeat = R)smaxclassrepeat = R*R+R,R-(RRRR.RRRRRR RR RPR%RQRRRSRRTRURVRWR RR R<R=( Rt wroteminlent wroteminclasstwrotemaxrepeattwrotemaxclassrepeatt wrotereqlowert wroterequppert wrotereqdigitt wrotereqotherRRKRR((s!/usr/share/authconfig/authinfo.pyR s               c'Cs t}t}t}t}t}t}t}t}t} t} t} t} t} t}t}tjttj }d}d}d}d}ttj|j |j r|j r|j }n?|j s|j r|jdkr|jr|j}n |j }|j |jkrt}nze tttjd}x,|jD]!}|j}t|dtrq|s7t}qqq7n|dkr|r||j krt|dr|s7|jr|t|j7}nt}q7q7n|dkrH|jdkrH|rH||jkrHt|drH|s7|jr9|t|j7}nt}q7q7n|dkr|r||j krt|dr|s7|jr|t|j7}nt}q7q7n|dkrB| rB|jdd}t|dkr||7}q7n|d }|j r||j krt}n|jrB||jkrBt}qBn|dkr|rt|d r|j r||j kr|s|t|j7}t}n|s|t|j7}t}qn|jr||jkr|s|t|j7}t}qnd}n|d kr]t|d r]|r7| r7|d 7}||7}|d7}t} q7q7n|d krt|dr| s7|d7}|tt|jj 7}|d7}t} q7q7n|d kr#t|dr#| s7|d7}|tt|j!j 7}|d7}t} q7q7n|dkr|j rt||j j slt|d|j j r||7}t} q7nt|drN|s|dtd7}t}n|dkr|j r| r|t"|j |j|j7}t}n|dkr7|jr7| r7|t"|j|jd7}t}n|d kr|rw| rw|d 7}||7}|d7}t} n|jdkr| r|d7}|tt|jj 7}|d7}t} n|j!dkr| r|d7}|tt|j!j 7}|d7}t} qn|dkr|j r| r|d|j j 7}|d|j 7}|d7}|d|j j 7}|d|j 7}|d7}t} qn|r|dkrt}q|d krt} q|dkrt}qn|djddd }|dkr!t}qN|d kr6t}qN|dkrNt}qNn||7}q7W| s> |su|d7}n|r| r|d 7}||7}|d7}n|jdkr| r|d7}|tt|jj 7}|d7}n|j!dkr> | r> |d7}|tt|j!j 7}|d7}q> n| r |j sW |jr |sj |d7}n|s |t"|j |j|j7}n|s |t"|j|jd7}q n| rW |j rW |s |d7}n|j rW | rW |d|j j 7}|d|j 7}|d7}|d|j j 7}|d|j 7}|d7}qW n|j#|j$||j%Wdy|r |j&nWnt'k r nXXtS(NRIRis includedir RRLRiiRR R s default_realm = s Rs dns_lookup_realm = Rs dns_lookup_kdc = t domain_realmRR R s = s .RLs[libdefaults] s [realms] s[domain_realm] ((RR4RtPATH_KRB5_INCLUDEDIRtR_OKRRRRRR`R@RqRRXRYR%RRRRR R<RMRZR>RPR RR'RhR[R!R\RRR RR R<R=(Rt wroterealmtwrotekdct wroteadmint wrotesmbrealmt wrotesmbkdct wroterealmstwrotelibdefaultst wroterealms2twrotelibdefaults2twrotedefaultrealmt wrotednsrealmt wrotednskdctwroteourdomrealmt wrotedomrealmtwrotedomrealm2t wroteincdirRRRRKt defaultrealmRRR#((s!/usr/share/authconfig/authinfo.pyR s  !     !  !  !      !               -                                            "     cCssy|j|d}Wntjk r3d}nX||kro|dkr\|j|n|j||ndS(Nt _provider(R<RR=Rtremove_providert add_provider(RRt newprovidertsubtypetprov((s!/usr/share/authconfig/authinfo.pytchangeProvider s   cCs |js tS|j r%|j r%tSy|jjd}Wn&tjk rc|jjd}nX|jr|j r|j dkr|j ddn(y|j dWntj k rnX|jj||ry|jjttjWqtk rqXntS(Ntpamtsssdt pam_cert_authR%(RR%RRIt get_serviceRtNoServiceErrort new_serviceR]RRdt set_optiont remove_optionR=t save_serviceRRR4RR=(Rt write_configR((s!/usr/share/authconfig/authinfo.pyt writeSSSDPAM s* ! cCs|js tSttj|j|jt|jr;tS|j s|j sQtSy|jj t |_ Wqt jk r|jjt |_ qXn|j }y|jjdWn$t jk r|jjdnX|jjdt}|jr+t}|j|dd|j|ddn|jr]|j|dd|j|ddn2|jr|j|dd|j|ddnxtD]\}}yt||}|dkrt|}nt|tkr|j||nHt|tkr/|r|j||q<|j|n |j|Wqt j k rSqXqW|jj!||r|jj"|j#n|jj$|j#y|jj%ttj&Wnt'k rnXtS(NtautofsRtidRxRntchpassR3((RR%RR4RRR$RRbRRIt new_domainR7RtDomainAlreadyExistsErrorR6RRRtactivate_serviceR_RR`RaR>RRttypeRhR R'R!R=t save_domaintactivate_domaintget_nametdeactivate_domainRRR=(RRtactivateRtoptionR((s!/usr/share/authconfig/authinfo.pyR1 sj           cCs|jdkrtSttj|jd}d}d}|jtdkrk|d7}|d7}d}nt d|jd|d |gtS( Ns/usr/sbin/gdm-safe-restarttnoneRs ,/etc/pkcs11/lockhelper.sh -locks&,/etc/pkcs11/lockhelper.sh -deactivatet lock_screens use_module=s ins_action=s rm_action=( RdRR%RtCFG_PAM_PKCS11RRRcRR(RtinsacttrmactRF((s!/usr/share/authconfig/authinfo.pyRw s    c Cs0d}d}d}ttj|jttj|jtjjttj }tjj |s|j r~tj |qt Sndtjdd}d}|j s|j r||7}d}||7}d}|d7}|d7}n|j r6|jr6||7}d}||7}d}|d7}|d 7}n|j s[|j r|jr|jr||7}d}||7}d}|d 7}|d 7}nd }|jtd kr||7}d}||7}d}|d7}|d7}nytjttj Wntk rnXytjttj Wntk r;nX|dkrz;tttj d}|j|j||jWdy|r|jnWntk rnXXz;tttj d}|j|j||jWdy|r|jnWntk rnXXntjdt S(NRIs# Generated by authconfig on s%Y/%m/%d %H:%M:%Ss s [org/gnome/login-screen] s&enable-smartcard-authentication=false s7/org/gnome/login-screen/enable-smartcard-authentications%enable-password-authentication=false s7/org/gnome/login-screen/enable-password-authentication s(enable-fingerprint-authentication=false s:/org/gnome/login-screen/enable-fingerprint-authentication s3 [org/gnome/settings-daemon/peripherals/smartcard] Rsremoval-action='lock-screen' s1/org/gnome/settings-daemon/peripherals/smartcard is dconf update(RRt CFG_DCONFRRtCFG_DCONF_LOCKSR4RtdirnameRRR]tmakedirsR%ttimetstrftimeRdRfReRcRR)R;RR RR R<R=R(RRRKtlockstlocksdirtheadert groupHeader((s!/usr/share/authconfig/authinfo.pyR s         %                  cCsod}|d7}|dtjdd7}|d7}|d7}|d7}|jrv|d7}||j7}|d7}n|jr|d7}||jjd d 7}|d7}n|jr|d 7}||j7}|d7}n|jr |d 7}||j7}|d7}n|jr6|d 7}||j7}|d7}n|jrc|d7}||j7}|d7}n|j r|d7}||j 7}|d7}n|j r|d7}||j 7}|d7}n|j r|d7}|d7}n|d7}|d7}|d7}|t t |jj7}|d7}|d7}|t t |jj7}|d7}|d7}|d7}|S(Ns#--authconfig--start-line-- s s# Generated by authconfig on s%Y/%m/%d %H:%M:%SsF# DO NOT EDIT THIS SECTION (delimited by --start-line--/--end-line--) sE# Any modification may be deleted or altered by authconfig in future s workgroup = s password server = RR s realm = s security = s idmap config * : range = s winbind separator = s template homedir = s template shell = s' kerberos method = secrets and keytabs! kerberos method = secrets onlys winbind use default domain = s winbind offline logon = s#--authconfig--end-line-- (R;R<RgRZRRYRXRhRiRjRkRnR'RhRlR!Rm(RRK((s!/usr/share/authconfig/authinfo.pyt paramsWinbind sh                                              cCs>d}x'|D]}t||r d}Pq q W||7}|S(NRIRK(RV(RRRRRKRB((s!/usr/share/authconfig/authinfo.pytcheckLineWinbinds  c Cs$t}t}d}ttj|jdddddddd d d d d ddg}d}d}ztttjd}x.|jD]#}|j }|rt |drt}qqnt |drt }qnt |dst |dr||7}qnt |d} | rsd| krs| j ddj}||7}|dkr||j7}t }qqn|dkr||j|||7}qn||7}qW|s|d7}||j7}n|j|j||jWdy|r |jnWntk rnXXt S(NRIRTspassword serverRQRUs domain logonss domain masters idmap uids idmap gidswinbind separatorstemplate homedirstemplate shellswinbind use default domainswinbind offline logonskerberos methodis#--authconfig--end-line--s#--authconfig--start-line--RKR R RLiRMs [global] (RRRNRRRRRRRR R%RR R!RARBR RR R<R=( Rt authsectiontwroteauthsectionRRRRKRRR#((s!/usr/share/authconfig/authinfo.pyR(sb              c Csd}d}d}t}t}t}t}t}t} t} t} d} d} ttj|jztttjd} |jr|d7}n|d7}|j r|d7}n|}|j r|d7}n|j r|d7}n|j r|d7}n|j r|d 7}n|js*|js*|jrA|d 7}|d 7}n|jrW|d 7}n|jrw|j rw|d 7}n|jr|d 7}n|jr|d7}n|jr|d7}n|jr|d7}n|}|jr|jdd}n|}|jr|d7}ntjttjs`|jrK|jrK|jdd}q`|jd d}n|d7}|jr|d7}n|jr|d7}n|j r|d7}n|j r|d7}n|j r|d 7}n|js|d7}n|j!r|d7}nx| j"D] }|j#}t$|dr_|s| d7} | |7} | d7} t%}qqt$|dr|s| d7} | |7} | d7} t%}qqt$|dr|s| d 7} | |7} | d7} t%}qqt$|d!r| s| d"7} | |7} t%} qqt$|d#rQ|s| d$7} | |7} | d7} t%}qqt$|d%r|s| d&7} | |7} | d7} t%}qqt$|d'r| s| d(7} | |7} | d7} t%} qqt$|d)r| s| d*7} | |7} | d7} t%} qq| |7} qW|sC| d7} | |7} | d7} n|sj| d7} | |7} | d7} n|s| d 7} | |7} | d7} n|s| d$7} | |7} | d7} n|s| d&7} | |7} | d7} n| s| d(7} | |7} | d7} n| s-| d*7} | |7} | d7} n| j&| j'| | j(Wdy| rh| j)nWnt*k r|nXXt%S(+NRIis dbs filess altfiless directoriess odbcbinds nispluss niss ssss ldapbinds ldaps hesiodbinds hesiods dbibinds dbbindtfilesR]s winbindR}Rs mdns4_minimal [NOTFOUND=return]s dnss winss myhostnamespasswd:s passwd: s sshadow:s shadow: sgroup:s group: s initgroups:R s netgroup:s netgroup: s automount:s automount: shosts:s hosts: s services:s services: (+RRRRgRRRRRoRRpRrRsRtR~RIRbRuR_RvRwRxRyRzRRqR4RtPATH_LIBSSS_AUTOFSRR|RR{R}RRR R%R RR R<R=(Rtuserstnormalthostst wrotepasswdt wrotegroupt wroteshadowt wrotenetgrouptwroteautomountt wrotehoststwroteinitgroupst wroteservicesRRKtservicestnetgroupRR((s!/usr/share/authconfig/authinfo.pyRps:                                                                                                    c Csft|t}|t}|t}d}|rX|rXd}|dkr|dkr|r|jrjt}nt}djt}q|jrt }qn|dkr|dkr|j rt }qt }n|dkr]|dkr|t kr|jrZt}qZq]|dks|dkr]|jdkrZ|td} |j| d |dkr>|t1kr>|j2d#d$}n|rX|d|7}qXn|d%7}|S(&NRIRwRnR RxRoRviiR|Rs %s/pam_%s.sotoddjob_mkhomedirRt-s%-12s%-13s pam_%s.sos_Authentication module %s/pam_%s.so is missing. Authentication process might not work correctly.RRR{RR}t forward_passRRqs cached_logins# krb5_auth krb5_ccache_type=KEYRINGRis rounds=s shadows niss nulloks broken_shadowRtR`Ras (3t pam_stackstSTACKtLOGICtNAMER`tLOGIC_FORCE_PKCS11_KRB5tLOGIC_FORCE_PKCS11Rtargv_force_pkcs11_authtLOGIC_PKCS11_KRB5R]tLOGIC_IGNORE_AUTH_ERRtLOGIC_IGNORE_UNKNOWNtLOGIC_SKIPNEXTtLOGIC_SKIPNEXT3RRtARGVRRRbRttLOGIC_SUFFICIENTR4RtAUTH_MODULE_DIRtX_OKRtmodule_missingRRR%RRRRRRtargv_sssd_missing_nameRmRnRORRRRRaRRtLOGIC_SKIPNEXT_ON_FAILURER( RRt forcescardtwarnRtlogicRRKRtargv((s!/usr/share/authconfig/authinfo.pytformatPAMModule4s              !                   3 !             !$ cCstjj|}tjj|}|r1| s>|r| rytj|Wntk rbnXytj||Wqtk rqXndS(N(R4RRtislinkR)R;tsymlink(RRRRR((s!/usr/share/authconfig/authinfo.pytlinkPAMServices  cCs}xvtttttgD]_}td|}tjj|}tjj |}|r[| sh|r| rt |_ dSqWdS(Ns/pam.d/( RrRutPASSWORD_AUTH_PAM_SERVICEtFINGERPRINT_AUTH_PAM_SERVICEtSMARTCARD_AUTH_PAM_SERVICERqR4RRRoRR(RRRR((s!/usr/share/authconfig/authinfo.pytcheckPAMLinkeds  cUCs[d}d}t|j|jztt|jd}|d7}|d7}|d7}|d7}|j}|j}|j} t } |t krt } n|t krt } n|t krt }t }n|jo|jdk} g} xt|D]} | r| t| tkr|d7}n| } | ts|jrF| td ks|jr_| td ks|jrx| td ks|jr| td ks|jr| td ks|jr| tdks|jr|j r| tdkr| ttk s|jrF|rF| tdkr&| ttks| tdkrF| ttks|jri|j ri| tdks|r| r| tdkr| tt ks|r| r| ttkr| tdkr| t!t"ks|r| r| tdks|r| r|r| tdks|r.|r.| tdks| rD| tdks|j#r]| tdks|j$rv| tdks|j%r| tdks|js|js|j&r| tdkr| tt ks|js|js|j&r9|j' r9| tdks)| tdkr9| t!t(kr9|j) r9| ttks|j*rb| tdkrb| tt+ks|j,r{| tdks|j-r| tdks|j) r| ttkr| tdkr| t!t.kr||j/| || 7}qqW|j0|j1||j2Wdy|r)|j3nWnt4k r=nXX|j5|t6d|t S(NRIis #%PAM-1.0 s# This file is auto-generated. s/# User changes will be destroyed the next time sauthconfig is run. Rs R~safs.krbRRtRtepsRxRyRR}RvRwRRzRRRR{RRs/pam.d/(7RRRRRRRfR]ReRtSTANDARDR%t FINGERPRINTt SMARTCARDRRdt pam_modulesRXt MANDATORYRRZRRRRRR`RRctargv_krb5_sc_authtAUTHRaRhRYRaRRRRbRtRiRRtACCOUNTRRtLOGIC_REQUISITERnR RR R<R=RqRq(RRtcfgt cfg_basenametcfg_linkRRKRfR]ReRktuse_sssd_smartcard_supportt prevmoduleR((s!/usr/share/authconfig/authinfo.pytwritePAMServices               #  #, #;*)     cCs{i|_|jtttt|jtttt |jt t t t |jtttt|jtttttS(N(RgRRwRptAUTH_PAM_SERVICE_ACRrt POSTLOGINRttPOSTLOGIN_PAM_SERVICE_ACRut PASSWORD_ONLYtCFG_PASSWORD_PAMtPASSWORD_AUTH_PAM_SERVICE_ACRrRxtCFG_FINGERPRINT_PAMtFINGERPRINT_AUTH_PAM_SERVICE_ACRsRytCFG_SMARTCARD_PAMtSMARTCARD_AUTH_PAM_SERVICE_ACRtR%(R((s!/usr/share/authconfig/authinfo.pyRs cCsttj|jytjttj}Wntk rBtSX|j d|j |j d|j |j d|j |j d|j|j d|j|j d|j|j d|j|j d|j|j d |j|j d |j|j d |j|j d |j|j d |j|j d|j|j d|j|j d|j|j d|j|j d|j|j dd|j d|j|j d|j|j d|j |j d|j!|j d|j"|j d|j#|j d|j$|j d|j%|j d|j&|j d|j'|j d|j(|j d|j)|j d |j*|j d!|j+|j d"|j,|j-d#|j.t/S($NRRRRRRRRRRRRRRRRRRRRRRRRRRRRRRRRRRi(0RRRRRRRR=Rt setBoolValueRRRRRoRwR_RtRRRqRnR~R`RaR]RfReRORRRRRRRRRRBRbRRRRRRR<R%(RR((s!/usr/share/authconfig/authinfo.pyR sT   cCsqttj|jytjttj}Wntk rBtSX|j d|j |j d|j t S(NRi(RRRRRRRR=RRRLRR<R%(RR((s!/usr/share/authconfig/authinfo.pyR:s   cCs|j}|j|_|_|j rY|j rY|jrY| rY|jjdqYnt}t|dkr|j |kr|d|_ n|j r|j rt |_ t |_ndS(NR^i(RIRRR~RRRRRRdRRbRR%R(Rt oldimplicittmodules((s!/usr/share/authconfig/authinfo.pytprewriteUpdateHs  ! cCsd|jt|j|jtdy|j}|oF|j}|oX|j}|jry|os|j }n|j s|j r|o|j }n|j s|jr|jdkr|o|j}n|jr|o|j}n|jr|o |j}n|js$|jr9|o3|j}n|jsK|jr`|oZ|j}n!|jr|o{|jt}n|o|j}|o|j}|o|j}|o|j}|o|j }|o|j!}Wn<t"t#fk r,t$j%j&t't$j(ddt)SXx0|j*D]%}|j+r7|j,j-|j+q7q7W|S(Ns/lastRis (.RR%Rt setupBackuptPATH_CONFIG_BACKUPSRRR$RwRR_RaRR`RRXRR]RRtRRqRRIRRRR$RRRRRRR;R=RRRR'texc_infoRRRRtadd(RRR1((s!/usr/share/authconfig/authinfo.pyRVsL         $ cCs|j|jt|j|jtdt}yjxc|jD]X}|j||rE|jr{|ou|j}n|j r|j j |j qqEqEWWn<t t fk rtjjttjddtSX|S(Ns/lastis (RuRR%RRRRRRRRRR;R=RRRR'RR(RRRR1((s!/usr/share/authconfig/authinfo.pyt writeChangeds      !$cCsd}d}g}g}tjdgtjdgtjdgtjdgg}tj}|sddS|jds|d7}n||jd}d|}tj|tjtj}xJ|D]B}|j tjkr|j j j d|_ t||_qqWd|}tj|tjtj}|sXd|}tj|tjtj}nx?|D]7}|j tjkr_|j j|_|jrPqq_q_W|jrd|j}tj|tjtj}x|D]{}|j tjkr|j j j d}|j jr"|d |j j7}n|jrA|jd |7_qM||_qqWd |j}tj|tjtj}x|D]{}|j tjkr|j j j d}|j jr|d |j j7}n|jr|jd |7_q||_qqWnx|D]}|d |}tj||d tj}xV|D]N}|j tjkr@|j|kr@d|d |_|j d|_Pq@q@Wq WdS(NRIthstnsRs _ldap._tcps _kerberos.t _kerbeross_kerberos._udp.R,Rs_kerberos-adm._udp.ii(t dnsclienttDNS_C_INtDNS_C_HSRtgetfqdntendswithR-Rt DNS_T_SRVtdns_typetrdataRR R2RR4t DNS_T_TXTtdataR@RR<R>t DNS_T_SOAtdns_nameRJRK(RthostnametqnametresultsRORbRth((s!/usr/share/authconfig/authinfo.pytprobesx                       c Csdt|jGHdGHdt|jGHdt|jGHdt|jGHd|jGHd|jGHdt|jGHd t|jGHd |j GHd |j GHd t|j GHd |j GHd|j GHdt|jGHdt|jGHd|jGHd|jGHd|jGHd|jGHd|jGHd|jGHdt|jGHdt|jGHdt|jGHdt|jGHdt|jGHdGHdt|jGHd|jGHdt|jGHd |jGHd!t|jGHd"|j GHd#t|j!GHd$|j"GHd%t|j#GHd t|jGHd |j GHd |j GHd&|j$pYd'GHd(t|j%o|j&o|j'd)k GHd*t|j%o|j&o|j'd)kGHd+t|j(GHd,|j'GHd-|j)GHd.t|j*GHd/t|j+GHd0t|j,GHd|jGHd|jGHd|jGHd|jGHd1t|j&GHd2t|j-GHd3t|j. GHd4t|j/GHd5|j0 rd6pd7GHd8|j1GHd9|j2GHd:|j3GHd;t|j4|j5fGHd<t|j6|j7fGHd=t|j8|j9fGHd>t|j:|j;fGHd?t|j<|j=fGHd@t|j>|j?fGHdAt|j@GHdS(BNs caching is %ssnss_files is always enabledsnss_compat is %ss nss_db is %ssnss_hesiod is %ss hesiod LHS = "%s"s hesiod RHS = "%s"snss_ldap is %ss LDAP+TLS is %ss LDAP server = "%s"s LDAP base DN = "%s"s nss_nis is %ss NIS server = "%s"s NIS domain = "%s"snss_nisplus is %ssnss_winbind is %ss SMB workgroup = "%s"s SMB servers = "%s"s SMB security = "%s"s SMB realm = "%s"s Winbind template shell = "%s"s SMB idmap range = "%s"snss_sss is %s by defaultsnss_wins is %ssnss_mdns4_minimal is %ssmyhostname is %ss%DNS preference over NSS or WINS is %sspam_unix is always enableds shadow passwords are %ss! password hashing algorithm is %sspam_krb5 is %ss krb5 realm = "%s"s krb5 realm via dns is %ss krb5 kdc = "%s"s krb5 kdc via dns is %ss krb5 admin server = "%s"spam_ldap is %ss LDAP schema = "%s"R2spam_pkcs11 is %sRsSSSD smartcard support is %ss# use only smartcard for login is %ss smartcard module = "%s"s smartcard removal action = "%s"spam_fprintd is %sspam_ecryptfs is %sspam_winbind is %sspam_sss is %s by defaults! credential caching in SSSD is %ss6 SSSD use instead of legacy services if possible is %ss IPAv2 is %ssIPAv2 domain was %sjoinedsnot RIs IPAv2 server = "%s"s IPAv2 realm = "%s"s IPAv2 domain = "%s"spam_pwquality is %s (%s)spam_passwdqc is %s (%s)spam_access is %s (%s)spam_faillock is %s (%s)s0pam_mkhomedir or pam_oddjob_mkhomedir is %s (%s)s'Always authorize local users is %s (%s)s;Authenticate system accounts against network services is %s(ARRHRzRoRwRJRKR_R6R2R4RtRNRLRsRqRgRZRXRYRkRhR~R{R|R}RRROR`R@R[R<R\R>RaR8R]RRdRfRcReRRRBRRbRRRRRRRRRRRRRRRRR(R((s!/usr/share/authconfig/authinfo.pyt printInfos                  +*               cCsux.ttttfD]}t|j|jqW|jrWtj dtj dntj dtj dt S(Ns/usr/sbin/pwconvs/usr/sbin/grpconvs/usr/sbin/pwunconvs/usr/sbin/grpunconv( t CFG_SHADOWt CFG_PASSWDt CFG_GSHADOWt CFG_GROUPRRRRR4RR%(RR((s!/usr/share/authconfig/authinfo.pyR0s    c Csd}|js|jr|jr|jjdddjdddjddd}|j}|j}|s{d}n|dkr|dkrdStd|rd pd ||rd pd ||jf}|rtj j d |n|j s| rt ||d |j \}}n(t |gdt}|j|j}|rp|dkr|jtdqq|dkrtd} | d|7} |j| qn|dkS(NiRiR s RRs join %s%s %s%s -U %ss-w RIs-S s[%s] ssword:Rs'Winbind domain join was not successful.s]Winbind domain join was not successful. The net join command failed with the following error:s (RqRRRZR RgRXtPATH_WINBIND_NETRRRRRRR%RRRR( RRRRRtprotocoltcmdRRterrmsg((s!/usr/share/authconfig/authinfo.pyt joinDomain<s89   !     c Csd}|jr|j}|j}|j}|j}|j}|jrNd}nd}td|rfdpid||rxdp{d||rdpd||rdpd||| rd pd f } |rtj j d | t | gd t } | j | j}nt| |d|\}} |dkr5t |_n|r`|dkr|jtd qq|dkrtd} | d| 7} |j| qn|dkS(Nis-NRIs! --noac %s%s %s%s %s%s %s%s %s %ss --domain=s --server=s--realm=s --principal=s --unattendeds-Ws[%s] Rs%IPAv2 domain join was not successful.seIPAv2 domain join was not successful. The ipa-client-install command failed with the following error:s (RbRRRRRRtPATH_IPA_CLIENT_INSTALLRRRRR%RRRRRR( RRRRRRQt principalRqtnontpRRRR((s!/usr/share/authconfig/authinfo.pyt joinIPADomain_sB               cCstd}tj|dS(Ns --uninstall --noac --unattended(RR4R(RR((s!/usr/share/authconfig/authinfo.pyt uninstallIPAs cCsX|sT|jr,tjdtjdqTytjdWqTtk rPqTXntS(NR!(RHRRR1R;R%(RR((s!/usr/share/authconfig/authinfo.pyRs   cCsc|jr|jr|s/tjd|jnyAtjdtjttjd|sotjdnWnt k rnXyAtjt tjd|stj dtjdnWq_t k rq_Xn|stjdnyYtjdtjt |s=ytj dWq=t k r9q=Xntj dWnt k r^nXt S(Ns/bin/domainname sG[[ $(getsebool allow_ypbind) == *off* ]] && setsebool -P allow_ypbind 1trpcbindtypbinds/bin/domainname "(none)"sF[[ $(getsebool allow_ypbind) == *on* ]] && setsebool -P allow_ypbind 0(RtRLR4RRt PATH_RPCBINDRRR1R;t PATH_YPBINDRRR%(RR((s!/usr/share/authconfig/authinfo.pyRsB            cCst|js|jo|j td||jrZytjdWqtk rVqXn%ytjdWntk r~nXtS(Ntnslcdse[[ $(getsebool authlogin_nsswitch_use_ldap) == *off* ]] && setsebool -P authlogin_nsswitch_use_ldap 1sd[[ $(getsebool authlogin_nsswitch_use_ldap) == *on* ]] && setsebool -P authlogin_nsswitch_use_ldap 0( RR_RaRIt PATH_NSLCDR4RR;R%(RR((s!/usr/share/authconfig/authinfo.pyRs    cCs#t|jp|jtd|dS(NR(RRqRt PATH_WINBIND(RR((s!/usr/share/authconfig/authinfo.pyRscCs|jr|jpE|jr-tjjtpE|joEtjjt}|jpf|jpf|jpf|}t |t d|p|o|jp|jp|j dS(NR( R~RR4RtexiststPATH_SSSD_CONFIGRIRRbRt PATH_SSSD(RRtexplicitenableR((s!/usr/share/authconfig/authinfo.pyRscCsB|jr>tjdtdftjr>tttd|ndS(Ns %s/pam_%s.soRTtoddjobd(RR4RReRfRR%t PATH_ODDJOBD(RR((s!/usr/share/authconfig/authinfo.pyRs cCs8x|jD]}||q W|jr4|jndS(N(RRR(RRR((s!/usr/share/authconfig/authinfo.pytposts cCsx|js|jrtytj|jWn>tk rf\}}|tjkrgtj|jdqgnXt |jSt S(Ni( R_RaR4RR:R;RBtENOENTRRR(RRR((s!/usr/share/authconfig/authinfo.pyttestLDAPCACertss cCsE|js|jrA|js*d|jkrAtjd|jndS(Nsldaps:s/usr/sbin/cacertdir_rehash (R_RaR6R2R4RR:(R((s!/usr/share/authconfig/authinfo.pytrehashLDAPCACertsscCs|js tS|jyWtj|j}t|jdtd}|j|j |j |j Wn.t t t fk r|jtdtSX|jtS(NRis Error downloading CA certificate(RRRturllib2turlopenRHR:tLDAP_CACERT_DOWNLOADEDRRR<R=R;R+RRRR%(Rtreadftwritef((s!/usr/share/authconfig/authinfo.pytdownloadLDAPCACerts    cCs|ddkr!td|}n||_t|syQtj|}x;|D]3}ytj|d|WqOtk rqOXqOWWqtk rqXndS(NiRs/backup-(RRRR4RR)R;(RRRR>((s!/usr/share/authconfig/authinfo.pyR s      cCs@|j|t}x&tD]}|j|jo5|}qW|S(N(RR%RRR(RRRR((s!/usr/share/authconfig/authinfo.pyt saveBackups   cCsQ|ddkr!td|}nt}x#tD]}|j|oF|}q.W|S(NiRs/backup-(RR%RR (RRRR((s!/usr/share/authconfig/authinfo.pyt restoreBackups  cCs|jtdS(Ns/last(RR(R((s!/usr/share/authconfig/authinfo.pyt restoreLast's(TRRRRRRRRRRRRRR RRR%R/RCRJRQRSRWRoR"RvRsRRRRRRRR$RRRRRRRRRRRR$RRRRARBRRRnRqRuRRRRRRRRRRRRRRRRRRRRRRRRRRR(((s!/usr/share/authconfig/authinfo.pyR%s     *   9   K  " 1 *  + 7      "    U u  5 B  \  F  Y : H b  T /   )  S L # (  $         ((((((s ldapServersldap_uri(s ldapBaseDNR5(s enableLDAPSR7(s ldapSchemas ldap_schema(s ldapCacertDirR;(s kerberosKDCR=(skerberosAdminServerR?(s kerberosRealmRA(senableCacheCredsRC(senableCacheCredsskrb5_store_password_if_offline((RtreR4RR7RRRRRRRRBRRR;Rt subprocessRtgettexttlgettextRRt ImportErrorRRqRrRRuRRrRRsRRtRR7R'tglobalstLIBDIRRet PATH_PWCONVRR#RRRRRt PATH_SEBOOLt PATH_SCEVENTDRtPATH_LIBNSS_DBtPATH_LIBNSS_LDAPRRtPATH_LIBNSS_NIStPATH_LIBNSS_HESIODtPATH_LIBNSS_ODBCBINDtPATH_LIBNSS_WINBINDtPATH_LIBNSS_WINStPATH_LIBNSS_SSSt PATH_PAM_KRB5t PATH_PAM_LDAPtPATH_PAM_WINBINDtPATH_PAM_PKCS11tPATH_PAM_FPRINTDt PATH_PAM_SSSRFRRRRRRRtLOGIC_REQUIREDRRdtLOGIC_OPTIONALR`R_t LOGIC_PKCS11R\R^R[RaRbtLOGIC_ALWAYS_SKIPRiR RRRR R"R$R)R*R+R3RDRHRMRPRRRVtargv_unix_authtargv_unix_passwordt argv_afs_authtargv_afs_passwordtargv_pwquality_passwordtargv_passwdqc_passwordt argv_eps_authtargv_eps_passwordtargv_fprintd_authtargv_pkcs11_authR]Rhtargv_krb5_authR|targv_krb5_passwordtargv_ldap_authtargv_ldap_passwordt argv_otp_authtargv_succeed_if_authtargv_succeed_if_accounttargv_succeed_if_sessiontargv_succeed_if_nonlogintargv_winbind_authtargv_winbind_passwordt argv_sss_authtargv_sss_passwordtargv_keyinit_sessiontargv_ecryptfs_authtargv_ecryptfs_passwordtargv_ecryptfs_sessiontargv_succeed_if_not_gdmtargv_lastlog_gdmtargv_lastlog_not_gdmtargv_faildelayRtrangeR}R~tSESSIONtPASSWORDRWR{RXRYRZRcRwRRRxRyRRzR%RRtDEFAULT_DNS_QUERY_SIZEtcompileR#RRRtreadlinkRR;RRRRRRRRRRR R"R$R%RRRRRRRRtCFG_KRBR4RNRgRRpRtRRRRRRR.R"R4RRRRR7R8RR>R(((s!/usr/share/authconfig/authinfo.pyts                                                                                         (                                                                                                                                                                                                                                                                                                                                                       Z    #S  7i