KUcL@sddkZddkZddkZddkZddkZddkZddkZddkZddkZddk Z ddk Z ddk Z ddk Z ddk Z ddkZddkZddkTddkZddkZeiZyddkaWnej o danXdZdZdZdZdZdZd Zd Zd Z d Z!d e"e#djo dZ$ndZ$e$dZ%dZ&dZ'dZ(dZ)dZ*dZ+dZ,dZ-dZ.dZ/dZ0dZ1dZ2dZ3d Z4d!Z5d"Z6d#Z7d$Z8d%Z9d&Z:d'Z;d(Z<d)Z=d*Z>d+Z?d,Z@d-ZAe$d.ZBd/e$d0ZCeiDiEeCpe$d0ZCne$d1ZFe$d2ZGe$d3ZHe$d4ZIe$d5ZJe$d6ZKe%d7ZLe%d8ZMe%d9ZNe%d:ZOe%d;ZPe%d<ZQd/e$d=ZRd>ZSd?ZTd@ZUdAZVdBZWedCZXdDZYdEZZdFZ[dGZ\dHZ]dIZ^dJZ_dKZ`dLZadMZbdNZcdOZddPZedQZfdRZgdSZhdTZidUZjdVZkdWZldXZmdYZndZZod[Zpd\Zqd]Zrd^Zsd_Ztd`ZudagZvdadbgZwdcgZxdcgZydadddegZzdfgZ{dcgZ|dbgZ}gZ~dggZdhdggZdcgZdcdigZdbgZdcgZdbgZdcgZdjdkgZdldkgZdmdkdngZdodkdngZdcgZdbgZdcgZdbgZdpgZdqdrdsdtdugZedvdw\ZZZZdxdydzd{gZedvd|\ZZZZZedvdw\ZZZZgZeeeefD] Zegq[ZeeeYd}ggeeecd~egeee_degeee\degeee[dggeee[dggeee[devgeeeZd~egeee[degeee[dexgeee[dexgeee[de|geee[degeee[degeee[degeee[degeeeYdggeeeYdggeeeYdggeee[dggeee[d~egeee]dggeee]dggeee]dggeee]dggeeeYdggeeeZdezgeeeZde{geee[dewgeee[degeee[deygeee[deygeee[de}geee[degeee[degeee[degeeeYdggeee\degeeeYdggeee\dggeeecd~egeeeYdggeee\dggeee\dggeee\dggeee\dggeee\dggg/ee= 500tquiets uid < 500sservice in crondtuse_uidsKservice notin login:gdm:xdm:kdm:xscreensaver:gnome-screensaver:kscreensavertrevoketdescrypttbigcrypttmd5tsha256tsha512iitauthtaccounttsessiontpassworditenvt succeed_iftpkcs11tkrb5tpermittfprintdtunixtssstafssafs.krbteps_authtldaptotptwinbindtdenytaccesst localusertcracklibtpasswdqct eps_passwdtkeyinittlimitst mkhomedircCs/d}|id}||idd7}|S(NsDC=t.s,DC=(R R(tdomainRJ((s!/usr/share/authconfig/authinfo.pyt domain2dnsitSysVInitServicecBs>eZdZdZdZdZdZdZRS(cCstid|ddS(Ns/sbin/service s start(R3tsystem(tselftservice((s!/usr/share/authconfig/authinfo.pyR0scCstid|ddS(Ns/sbin/service s stop >/dev/null 2>&1(R3R(RR((s!/usr/share/authconfig/authinfo.pytstopscCs*tid|tid|ddS(Ns/sbin/chkconfig --add s/sbin/chkconfig --level 345 s on(R3R(RR((s!/usr/share/authconfig/authinfo.pytenablescCstid|ddS(Ns/sbin/chkconfig --level 345 s off(R3R(RR((s!/usr/share/authconfig/authinfo.pytdisablescCs:tid|d}ti|oti|djS(Ns/sbin/chkconfig s >/dev/null 2>&1i(R3Rt WIFEXITEDt WEXITSTATUS(RRtrv((s!/usr/share/authconfig/authinfo.pyt isEnabledscCstid|ddS(Ns/sbin/service s condrestart >/dev/null 2>&1(R3R(RR((s!/usr/share/authconfig/authinfo.pyt tryRestarts(t__name__t __module__R0RRRRR(((s!/usr/share/authconfig/authinfo.pyRs      cCs|o]yCti|ti||pti|ti|nWqtj oqXngyPti||p+yti|Wqtj oqXnti|Wntj onXtS(N( R3tstattServiceRRR0R:RR$(Rtpathtnametnostart((s!/usr/share/authconfig/authinfo.pyttoggleSplatbindServices(      cCs|odSdSdS(Ntenabledtdisabled((tval((s!/usr/share/authconfig/authinfo.pyt formatBoolscCs&yti\}}Wntj odSX|pz|ot|gdt}n7t|gdtdt}|id|pdd|i|i}ti |nd\}} y7t i |t i } t i |t i | ti @Wntj onXt} x| py7g} g} ti|gg|gd\} }} Wn6tij o'\}}tiid|dnX| o"| oti|t} qnd}yti|d }Wntj o\}}|tijp|tijoq|tijoti|t} qtiid |dti|t} qnX|oy||7}| |7} |otii|n|o||jo| id }ti||pdti|d |d jod| | } nd} d}|otiid q1nWqtj o:\}}tiid|dti|t} qXqti|t} qWyti|tiWntj onXd}yti|d\}}Wn3tj o'\}}tiid|dnX|| fS(NitshelltstdintinputRHs i<sselect: isread: s is<...> swrite: is waitpid: (RHRH( R3tforkptyR:tPopenR$tPIPEt communicatetwaitt returncodet_exitR6tF_GETFLtF_SETFLt O_NONBLOCKR<RtselectterrortsyststderrtwriteR;treadRAtEINTRtEAGAINtEIOtrfindtkilltsignaltSIGTERMtwaitpid(tcommandtechotquerytresponsetpidtmastertchildtstatusRJRtiteoftifdstefdstofdsterrttexttctindex((s!/usr/share/authconfig/authinfo.pytfeedForks   "+           c Csyti|}Wntj otSXxW|D]O}y3ti|d|}ti|iotSWq1tj oq1Xq1WtS(Nt/(R3tlistdirR:R$RtS_ISREGtst_modeR(RRR=tst((s!/usr/share/authconfig/authinfo.pyt isEmptyDirts  cCsygttg|dt}|idid}|idjodS|ddjo |d3nWntj odSX|S(Ntstdoutis iRH(Rt PATH_SCSETUPRRRRRR:(toptionsRR((s!/usr/share/authconfig/authinfo.pytcallPKCS11SetupscCs%tdg}|djogS|S(Nt list_modules(RR(tmods((s!/usr/share/authconfig/authinfo.pytgetSmartcardModuless cCstdtdgS(NtLocktIgnore(t_(((s!/usr/share/authconfig/authinfo.pytgetSmartcardActionsscCst|}|i|S(N(tAuthInfoR(tmsgcbtinfo((s!/usr/share/authconfig/authinfo.pyRs  t SaveGroupcBseZdZdZRS(cCs||_||_||_dS(N(t saveFunctionttoggleFunctiontattrlist(Rtsavefunct togglefuncR((s!/usr/share/authconfig/authinfo.pyt__init__s  cCsx|iD]\}}||ijotS|djo(t||t||jotSq |djo.tt||t||totSq |djo.tt||t||totSq q WtS(NR&RR(RtinconsistentAttrsR$tgetattrR(R(RR%R&tanametatype((s!/usr/share/authconfig/authinfo.pyt attrsDiffers    %  % (RRRR(((s!/usr/share/authconfig/authinfo.pyRs tSafeFilecBs5eZdZdZdZdZdZRS(cCstii|\}}tid|d|dt|_tdd||iigdti dti djoti |ii |n||_ dS( Ntdirtprefixtdeletes/bin/cps-afRs /dev/nulli(R3RRttempfiletNamedTemporaryFileR$tfiletcallRR4tO_WRONLYtfchmodtfilenoR=(RR=t default_modetbaseR((s!/usr/share/authconfig/authinfo.pyRs !cCs@|iiti|iiti|ii|idS(N(RtflushR3tfsyncRtrenameRR=(R((s!/usr/share/authconfig/authinfo.pytsaves cCs+y|iiWntj onXdS(N(RR;R:(R((s!/usr/share/authconfig/authinfo.pyR;scCs|ii|S(N(RR(RR ((s!/usr/share/authconfig/authinfo.pyRscCs$|iid|iiddS(Ni(Rtseekttruncate(R((s!/usr/share/authconfig/authinfo.pytrewinds(RRRRR;RR(((s!/usr/share/authconfig/authinfo.pyRs    t FileBackupcBs,eZdZdZdZdZRS(cCs||_||_dS(N(t backupNametorigPath(Rt backupnametorigpath((s!/usr/share/authconfig/authinfo.pyRs cCst}d}d}yt|tid}Wntj otSXytiti|i }Wn'tt fj oti |tSXyt ||}|i Wntj o t}nXyPxI|oAti|d}|p t}Pnti|ii|qWWntt fj o t}nXy|oti |nWntt fj onXy*|o|o|i|i nWntt fj o t}nX|S(Nii(R$RRCR3R5R<RtS_IMODEtfstatRR:R;RRRRRRRR(RtsrctdestRtsrcfdtdestfileR>R&((s!/usr/share/authconfig/authinfo.pytsafeCopysN  "   cCst}y(tii|pti|nWnttfj o t}nX|d|i}|o|i |i |}n|S(NR( R$R3RtisdirtmkdirR:R<RRRR(RtdestdirRt backuppath((s!/usr/share/authconfig/authinfo.pytbackups   c Cst}ytii|ptSWnttfj o t}nX|d|i}|o,tii|o|i ||i }ny7|o,t d|i gdti dti nWnttfj onX|S(NRs/sbin/restoreconRs /dev/null(R$R3RRRR<R:RtisfileRRRR4R(Rt backupdirRR ((s!/usr/share/authconfig/authinfo.pytrestores   (RRRRR R (((s!/usr/share/authconfig/authinfo.pyRs  * cCs tidS(Ntnscd(RR(((s!/usr/share/authconfig/authinfo.pyt readCache$scCsP|otidn5ytittidWntj onXtS(NR(RRR3Rt PATH_NSCDRR:R$(R((s!/usr/share/authconfig/authinfo.pyt writeCache's t CacheBackupcBseZdZdZRS(c Cst}y(tii|pti|nWnttfj o t}nX|d|i}|opd}y5t }t |d}|i t t|Wntj o t}nX|o|iqn|p+yti|Wq tj oq Xn|S(NRtw(R$R3RRRR:R<RRRRR4RtstrtintR;tunlink(RRRR RR((s!/usr/share/authconfig/authinfo.pyR 3s.    c Cst}ytii|ptSWnttfj o t}nX|d|i}|otii|osd}y/t |d}t |i }t |Wn"tttfj o t}nX|o|iqn|S(NRtr(R$R3RRRR<R:RR RR4RRRt ValueErrorR;(RR RR R R((s!/usr/share/authconfig/authinfo.pyR Os$   (RRR R (((s!/usr/share/authconfig/authinfo.pyR2s is hesiod.confs /hesiod.confsyp.confs/yp.confs ldap.confs /ldap.confs nss_ldap.confs/nss_ldap.confs pam_ldap.confs/pam_ldap.confs nslcd.confs /nslcd.confs openldap.confs/openldap/ldap.confs krb5.confs /krb5.confskrb.confs /krb.confspam_pkcs11.confs/pam_pkcs11/pam_pkcs11.confssmb.confs/samba/smb.confs nsswitch.confs/nsswitch.confscacheenabled.confRHs/pam.d/t authconfigs/sysconfig/authconfigtnetworks/sysconfig/networks libuser.confs /libuser.confs login.defss /login.defss sssd.conftshadows/shadowtpasswds/passwdtgshadows/gshadowtgroups/grouptldap_urit ldapServertldap_search_baset ldapBaseDNtldap_id_use_start_tlst enableLDAPSt ldap_schemat ldapSchematldap_tls_cacertdirt ldapCacertDirt krb5_servert kerberosKDCt krb5_kpasswdtkerberosAdminServert krb5_realmt kerberosRealmtcache_credentialstenableCacheCredsRcBseZdZdZdZdZdZdZdZdZ dZ d Z d Z d Z d Zd ZdZdZdZdZdZdZdZdZdZdZedZdZdZdZdZdZ dZ!dZ"d Z#d!Z$d"Z%d#Z&d$Z'd%Z(d&Z)d'Z*d(Z+d)Z,d*Z-d+Z.d,Z/d-Z0d.Z1d/Z2d0Z3d1Z4d2Z5d3Z6d4Z7d5Z8d6Z9d7Z:d8Z;d9Z<d:Z=d;Z>d<Z?d=Z@d>ZAd?ZBd@ZCdAZDdBZEdCZFdDZGdEZHdFZIdGZJdHZKRS(Ic3Cs||_d|_g|_d|_d|_d|_d|_d|_d|_ d|_ d|_ d|_ d|_ d|_d|_d|_d|_d|_d|_d|_d|_d|_d|_d|_d|_d|_d|_d|_d|_d|_t|_ t|_!d|_"d|_#d|_$d|_%d|_&d|_'d|_(d|_)d|_*d|_+d|_,d|_-d|_.d|_/d|_0d|_1d|_2d|_3d|_4d|_5d|_6d|_7d|_8d|_9t:|_;d|_<d|_=d|_>d|_?d|_@d|_Ad|_Bd|_Cd|_Dd|_Ed|_Fd|_Gd|_Hd|_Id|_Jd|_Kd|_Ld|_Md|_Nd|_Od|_Pt|_Qt|_Rd|_Sd|_Td|_Ud|_Vd|_Wd|_Xd|_Yd|_Zd|_[d|_\d|_]t:|_^d|__d|_`d|_atbo:y tbib|__|i_icWqtdj oqXnte|_ftg|ih|iid[d\gtg|ijdd]d^gtg|ik|ild_d`dagtg|imddbdcdddedfdggtg|inddhgtg|ioddigtg|ipddjdkdldmdndodpdqgtg|iq|irdrdsdtdudvdwdxdydzd{d|d}d~dgtg|isdddgtg|it|iudddddddddddg tg|ivddddddddddddddddddddddgtg|iwddddddddddddddddddddddddddddddddddg!tg|ixddddddddddddddddddddddddddddddgtg|iyddgtg|izddgtgd|ildgtgd|i{dgtgd|i|dddddgtgd|irddddddgtgd|iuddgg|_}dS(NRHs umask=0077t enableCacheR&t implicitSSSDt hesiodLHSRt hesiodRHSt nisDomainRtnisLocalDomaint nisServerR R"R$R&R(tpasswordAlgorithmR.R*t smbSecuritytsmbRealmt smbServersR,tkerberosRealmviaDNStkerberosKDCviaDNSR0tforceSSSDUpdatet enableLDAPtenableKerberostenableLDAPAutht enableIPAv2tsmartcardActiontsmartcardModulet smbWorkgroupt smbIdmapRangetwinbindSeparatortwinbindTemplateHomedirtwinbindTemplatePrimaryGrouptwinbindTemplateShelltwinbindUseDefaultDomaintwinbindOfflinetenableDBtenableDirectoriest enableWinbindtenableOdbcbindt enableNIS3t enableNIStenableLDAPbindtenableHesiodbindt enableHesiodt enableDBIbindt enableDBbindt enableCompatt enableWINSt enableMDNSt enableSSSDtpreferDNSinHostst cracklibArgst passwdqcArgst localuserArgst pamAccessArgstenablePAMAccesst mkhomedirArgstenableMkHomeDirt algoRoundst enableShadowt enableNullOktforceBrokenShadowtenableSmartcardtforceSmartcardtenableWinbindAutht enableAFStenableAFSKerberostenableCracklibt enableEPSt enableOTPtenablePasswdQCtenableLocAuthorizetenableSysNetAuthtenableSSSDAutht enableFprintdt pamLinkedtimplicitSSSDAuthtenableForceLegacyt ipav2Servert ipav2Domaint ipav2RealmtipaDomainJoinedt ipav2NoNTP(s enableCacheR&(s implicitSSSDR&(s hesiodLHSR(s hesiodRHSR(s nisDomainR(snisLocalDomainR(s nisServerR(s ldapServerR(s ldapBaseDNR(s enableLDAPSR&(s ldapSchemaR(s ldapCacertDirR(spasswordAlgorithmR(spasswordAlgorithmR(spasswordAlgorithmR(s kerberosRealmR(s kerberosKDCR(s smbSecurityR(ssmbRealmR(s smbServersR(skerberosAdminServerR(skerberosRealmviaDNSR&(skerberosKDCviaDNSR&(s ldapServerR(s ldapBaseDNR(s enableLDAPSR&(s ldapSchemaR(s ldapCacertDirR(senableCacheCredsR&(s kerberosRealmR(s kerberosKDCR(skerberosAdminServerR(sforceSSSDUpdateR&(s enableLDAPR&(senableKerberosR&(senableLDAPAuthR&(s enableIPAv2R&(ssmartcardActionR(ssmartcardModuleR(s smbWorkgroupR(s smbServersR(ssmbRealmR(s smbSecurityR(s smbIdmapRangeR(swinbindSeparatorR(swinbindTemplateHomedirR(swinbindTemplatePrimaryGroupR(swinbindTemplateShellR(swinbindUseDefaultDomainR&(swinbindOfflineR&(senableDBR&(senableDirectoriesR&(s enableWinbindR&(senableOdbcbindR&(s enableNIS3R&(s enableNISR&(senableLDAPbindR&(s enableLDAPR&(senableHesiodbindR&(s enableHesiodR&(s enableDBIbindR&(s enableDBbindR&(s enableCompatR&(s enableWINSR&(s enableMDNSR&(s enableNIS3R&(s enableNISR&(s enableIPAv2R&(s enableSSSDR&(spreferDNSinHostsR&(s implicitSSSDR&(s cracklibArgsR(s passwdqcArgsR(s localuserArgsR(s pamAccessArgsR(senablePAMAccessR&(s mkhomedirArgsR(senableMkHomeDirR&(s algoRoundsR(spasswordAlgorithmR(s enableShadowR&(s enableNISR&(s enableNullOkR&(sforceBrokenShadowR&(senableLDAPAuthR&(senableKerberosR&(senableSmartcardR&(sforceSmartcardR&(senableWinbindAuthR&(senableMkHomeDirR&(s enableAFSR&(senableAFSKerberosR&(senableCracklibR&(s enableEPSR&(s enableOTPR&(senablePasswdQCR&(senableLocAuthorizeR&(senableSysNetAuthR&(swinbindOfflineR&(senableSSSDAuthR&(s enableFprintdR&(s pamLinkedR&(simplicitSSSDAuthR&(s enableIPAv2R&(spasswordAlgorithmR(s enableShadowR&(s enableNISR&(s enableLDAPR&(senableLDAPAuthR&(senableKerberosR&(senableSmartcardR&(sforceSmartcardR&(senableWinbindAuthR&(s enableWinbindR&(senableDBR&(s enableHesiodR&(senableCracklibR&(senablePasswdQCR&(senableLocAuthorizeR&(senablePAMAccessR&(senableCacheCredsR&(senableMkHomeDirR&(senableSysNetAuthR&(s enableFprintdR&(s enableSSSDR&(senableSSSDAuthR&(senableForceLegacyR&(s ipav2ServerR(s ipav2DomainR(s ipav2RealmR(s enableIPAv2R&(sipaDomainJoinedR&(s ipav2NoNTPR&(s nisDomainR(s enableShadowR&(s enableNISR&(senableMkHomeDirR&(s enableLDAPR&(senableLDAPAuthR&(s implicitSSSDR&(simplicitSSSDAuthR&(senableForceLegacyR&(s implicitSSSDR&(simplicitSSSDAuthR&(s enableIPAv2R&(s enableSSSDR&(senableSSSDAuthR&(senableForceLegacyR&(s enableWinbindR&(senableWinbindAuthR&(~t messageCBt backupDirRR3R4R R"R.RR<R*R=R,R7R5R6RER:R;R9RFRGRHRIRJRKRLRxRyRzR|RR{t ipaUninstallRDRCR1RXRMRNRUR?R$RRRQRWRVRTRSRPRORYRZR\R[RBRkRlR$RfRmRnR@RAR8RdRoRpReRjRqRaRrRcRhRst brokenShadowRgRiRtRwR2RvR0tjoinUsert joinPasswordR]R^R_R`RbR(t ldapCacertURLR&Rut sssdConfigt sssdDomainR>t SSSDConfigt new_configR<tsetttoggleFunctionsRRttoggleCachingServicet writeHesiodtwriteNISttoggleNisServicet writeLDAPt writeLibusertwriteLogindefst writeKerberost writeSSSDttoggleSSSDServicetwriteSmartcardt writeWinbindttoggleWinbindServicetwriteNSStwritePAMtwriteSysconfigt writeNetworkt toggleShadowttoggleOddjobServicettoggleLDAPServicet save_groups(RR((s!/usr/share/authconfig/authinfo.pyRsD                                                                                                                               cCs^t||}||jo>t||||t||jo|ii|qZndS(N(RtsetattrRtappend(RtattrR"treftoldval((s!/usr/share/authconfig/authinfo.pytsetParamJs  cCs |ip |i otSd }d}d}d}d }xB|D]:}t|d |o ||jotS|d 7}q?q?W|d jotSd }xB|D]:}t|d |o ||jotS|d 7}qqW|d jotS|io|iotStS(NtNIStLDAPtWinbindtHesiodtIPAv2tKerberostLDAPAutht WinbindAutht SmartcardiRi(RRRRR(RRRR(RR(RwRRRR@R<R$(Rtnssalltpamallt idsupportedt authsupportedtnumtt((s!/usr/share/authconfig/authinfo.pyt sssdSupportedQs6    cCsytitti}Wntj otSX|idt|i d||idt|i d||i t S(NR3tlhsR4trhs( tshvfileRt all_configst CFG_HESIODRR<RRR tgetValueR;R$(RRtshv((s!/usr/share/authconfig/authinfo.pyt readHesiodps"" c CsYytttid}Wntj otSXd}x|D]}|i}t|d}|o |iot ||}q>nt|d}|o|i dd}t |djoq>n|d|ijoq>nt |djoq>n|d}t|d}|ot ||}q4q>q>W|i d |||itS( NRRHtypserverRiiitserverR7(R4RtCFG_YPRR<RtstripRR6R#RRRRR;R$(RRtft nisserverRR"((s!/usr/share/authconfig/authinfo.pytreadNISs8   c Csd|jo|id}n |i}x|D]}yp|id}|id}|djo/|djo"titi||d|!nti|i}Wq3ttifj ot SXq3Wt S(s& Check whether LDAP URI is valid. R s://[t]ii( RR,tsockett inet_ptontAF_INET6turlparsetportRRRR$(RR turisturiR0tendtp((s!/usr/share/authconfig/authinfo.pytvalidateLDAPURIs  " cCsd|jo|id}n |i}d}x[|D]S}|oF|o|d7}nd|jo||7}q|d|d7}q9q9W|o(|i| o|itdn|S(NR RHs://sldap://RsInvalid LDAP URI.(RRR}R(RR tvalidatetltrettitem((s!/usr/share/authconfig/authinfo.pytldapHostsToURIss   c Cst|_ytttid}Wntj oytttid}Wqtj ohytttid}Wqtj o8yttt id}Wqtj ot SXqXqXnXx |D]}|i }t |d}|o't |o|id||qnt |d}|o|id||qnt |d}|o|id||qnt |d}|o#|idt|d |qnt |d }|o|id ||qqqW|it|it |_|itS( NRRR"thostR RtsslR$t start_tlst nss_schemaR&(tPATH_LDAP_CACERTSR(R4Rt CFG_NSSLDAPRR<t CFG_NSLCDt CFG_PAMLDAPtCFG_LDAPRRRR)RRRRR R;R$(RRRRR"((s!/usr/share/authconfig/authinfo.pytreadLDAPsP    cCs*y|i|SWntj odSXdS(NRH(tallKerberosKDCstKeyError(RRP((s!/usr/share/authconfig/authinfo.pytgetKerberosKDC scCs*y|i|SWntj odSXdS(NRH(tallKerberosAdminServersR(RRP((s!/usr/share/authconfig/authinfo.pytgetKerberosAdminServersc Csd}h|_h|_ytttid}Wntj otSXx|D]}|i}|dd!djo|dd!}d}qPn|djot |d}|o|i d ||qPnt |d }|o)|i d t |d dj|qPnt |d }|o)|i dt |d dj|qPqNqP|djo|p:|i dd}t|djoqPn|d}qN|dd!djo d}qPn|ip ||_nt |d}|o&t|i|||i|n|djo:t|d}|o |id |i |q>qq>q>W|i t S( NRHRiiRitdefaultst crypt_styleR8( R4Rt CFG_LIBUSERRR<RRRRR R;R$(RRRRRRR"((s!/usr/share/authconfig/authinfo.pyt readLibuserXs&    cCsytttid}Wntj otSXx|D]}|i}t|d}|djo|idd|q8nt|d}|o7|djo d}n|id|i |q8q8q8W|i t S( NRtMD5_CRYPT_ENABtyesR8RatENCRYPT_METHODtDESR_( R4RtCFG_LOGIN_DEFSRR<RRRRR R;R$(RRRRR"((s!/usr/share/authconfig/authinfo.pyt readLogindefsss&      c Cs%|iptSti|_y|iittiWn8ttifj o#ti|_|ii nXy|ii t }|_ Wnti j oy|iid}WnAtj o5y|iid}Wqtj otSXnX|ii |}y|id}Wntij o d}nXy|id}Wq{tij o d}q{XnXxtiD]\}}yp|i|}|djodi|id}n"|djo|djown|i|||Wqtij oqXqWdS( Nit id_providert auth_providerRR R R%trfc2307(RR$Rt import_configRtCFG_SSSDRR<t ParsingErrorRt get_domaintSSSD_AUTHCONFIG_DOMAINRt NoDomainErrortlist_active_domainst IndexErrort list_domainst get_optiont NoOptionErrorRt sssdopt_mapt iteritemsRRR( RRRtdomnametidprovtauthprovRtoptR((s!/usr/share/authconfig/authinfo.pytreadSSSDsL     cCst}tdg}|djod|_tS|id|d|tdg}|djotSx%|D]}d|jo t}qoqoW|o|idtd|n|idtd |tS( Nt use_moduleRHRDit rm_actions lockhelper.shRCRR(RRRRDRR$R(RRtlocktsmartcardmodulet rmactionstaction((s!/usr/share/authconfig/authinfo.pyt readSmartcards"    cCsd}d}ytttid}Wntj o|SXx|D]}|i}t|doqDnt|doqDnt|d}|o |iddi }qDn| p |djoqDnt ||}|o |}qDqDW|i |S( NRHRt#t;RRitglobal( R4RtCFG_SMBRR<RRRRR RUR;(RRtresultRRRR"tres((s!/usr/share/authconfig/authinfo.pytreadWinbindGlobals0  cCsZ|i|}|o@|idjp |idjp |djotStSndS(NRRt1(RR R$RR(RRttmp((s!/usr/share/authconfig/authinfo.pytreadWinbindGlobalBools 3cCsD|id}|o|id||n|id}|o|id||n|id}|o|id||n|id}|o|id||n|ip d |_n|id }|o|id ||n|ip d |_n|id }|o|id||n|id}|o|id||n|id}|o|id||n|id}|o|id||n|ip d|_n|id}|djo|id||n|id}|djo|id||ntS(Nt workgroupREspassword serverR;RPR:tsecurityR9tusersidmap config * : rangeRFs16777216-33554431swinbind separatorRGstemplate homedirRHstemplate primary groupRIstemplate shellRJs /bin/falseswinbind use default domainRKswinbind offline logonRL(RRR9RFRJRRR$(RRR((s!/usr/share/authconfig/authinfo.pyt readWinbindsP        c Csd}ytttid}Wntj otSXx|D]}|i}t|d}|o |}q>t|d}|ot|do|i dt |nt|do|i dt |nt|d }|djot|d}nt|d }|djo*|djo|i d ||j|qMq>q>W|oddd d!d"d#d$d%f}x?|D]7\} } t|| o|i d| t |q}q}W|i dt t|d|n|i t S(&NRHRspasswd:shosts:twinsRYsmdns4_minimal [NOTFOUND=return]RZtnistdnsR\tCompattcompattDBtdbt Directoriest directoriesRthesiodRRrRtNIS3tnisplusRRtRR2Ro(R'R((R)R*(R+R,(sHesiodshesiod(sLDAPRr(sNISR%(R.R/(sWinbindRt(R4Rt CFG_NSSWITCHRR<RRRR2RR$RtboolR;( RRt nssconfigRRR"tnispostdnspostnssmapRtnssentry((s!/usr/share/authconfig/authinfo.pytreadNSSsF   %  & cCs|idt|tS(NR1(RRR$(RR((s!/usr/share/authconfig/authinfo.pyRLsc Csyytttid}WnEtj o9yttdtd}Wqbtj otSXnXd}xZ|D]R}|idd}t |djo|d}n|i }|ddjo||d d 7}qon||}d}|i }d}|idd}t |d joqon|\}}|d jo.|d jo!|d jo|djoqon|i do|idd}n|idd}t |d joqon|ddjoqon|d}|i do|d7}n|d}|idd}t |djoqon|didd\} t |d jo|d}n| i do8|idt||o|id||qoqon| i do|idt|qon| i do|idt|qon| i doQ|idt|d|jo|idt|qo|idt|qon| i do|idt|qon| i d o8|id!t||o|id"||qoqon| i d#o|id$t|qon| i d%o|id&t|qon| i d'o8|id(t||o|id)||qoqon| i d*p| i d+o.|id,t||o ||_qoqon| i d-o8|id.t||o|id/||qoqon|d jo| i d0ox;tD]3} |i| djo|id1| |q;q;WyP|id2} || d3idd} |id4tt| d|Wnttfj onXy$tid5|id6t|Wq/tj o|id6t|q/Xq3n|d jo:| i d0o&|id7|id8dj|qzn|d jo:| i d0o&|id9|id:dj|qqoqoW|i|io!|io|id!t|n|i o"|i o|idt|n|ioD|i o9|i o.|i! o#|i" o|i# o t|_$ntS(;NRs/pam.d/RHRiiis\R iRdReRgRfRRtincludeRt pam_cracklibRmR]tpam_krb5R@tpam_ldapRAt pam_pkcs11Rhtauthinfo_unavailRit pam_fprintdRtt pam_passwdqcRpR^t pam_winbindRjtpam_sssRvt pam_accessRaR`t pam_mkhomedirtpam_oddjob_mkhomedirRct pam_localuserRqR_tpam_unixR8srounds=iRds /etc/shadowReRftnullokRt broken_shadow(%R4RtCFG_PAMRR<t SYSCONFDIRtAUTH_PAM_SERVICERRRR RRRRR$Rbtpassword_algorithmsR,RRRRRR3RR:R;RmRpRRAR@RjRsRhRg( RRRtprevlineRRtargststacktcontroltmoduletalgotridxtrounds((s!/usr/share/authconfig/authinfo.pytreadPAMQs           '   * .  ctCsytitti}y|id|_Wntj onXy|id|_Wntj onXy|id|_ Wntj onXy|id|_ Wntj onXy|id|_ Wntj onXy|id|_ Wntj onXy|id|_ Wntj onXy|id|_Wntj onXy|id |_Wntj onXy|id |_Wntj onXy|id |_Wntj onXy|id |_Wntj onXy|id |_Wntj onXy|id|_Wntj onXy|id|_Wntj onXy|id|_Wntj onXy|id|_Wntj onXy0|id}|o d|_n d|_Wntj onXy|id|_Wntj onXy|id|_Wntj onXy|id|_Wntj onXy|id|_Wntj onXy|id|_Wntj onXy|id|_Wntj onXy|id|_Wntj onXy|id|_ Wntj onXy|id|_!Wntj onXy|id|_"Wntj onXy|id|_#Wntj onXy|id |_$Wntj onXy|id!|_%Wntj onXy|id"|_&Wntj onXy|id#|_'Wntj onXy|id$|_(Wntj onXy|id%|_)Wntj onXy|id&|_*Wntj onXy|id'|_+Wntj onX|i,d(|_-|i,d)|_.|i,d*|_/|i,d+}|t0jo ||_n|i1Wnt2j onXt3S(,NtUSEAFStUSEAFSKERBEROStUSEDBt USECRACKLIBt USEDBBINDt USEDBIBINDtUSEDIRECTORIEStUSEEPSt USEHESIODt USEHESIODBINDt USEKERBEROStUSELDAPt USELDAPAUTHt USESMARTCARDt USEFPRINTDtFORCESMARTCARDt USELDAPBINDtUSEMD5RaR_tUSENISt USENISPLUSt USEODBCBINDtUSEOTPt USEPASSWDQCt USESHADOWt USEWINBINDtUSEWINBINDAUTHtUSESSSDt USESSSDAUTHtUSELOCAUTHORIZEt USEPAMACCESSt USEMKHOMEDIRt USESYSNETAUTHt FORCELEGACYtCACHECREDENTIALStUSEIPAV2tIPADOMAINJOINEDt IPAV2NONTPt IPAV2SERVERt IPAV2DOMAINt IPAV2REALMtPASSWDALGORITHM(4RRRtCFG_AUTHCONFIGRt getBoolValueRkRRlRMRmRWRVRNRnRURTR@R?RARhRtRiRSR8RRt enableNISP3RPRoRpReRORjR[RsRqRaRcRrRwR0RBR{R|RRxRyRzRLR;R<R$(RRt enableMD5RR((s!/usr/share/authconfig/authinfo.pyt readSysconfigsF    cCsytitti}Wntj otSX|id}|o ||_n|i |io|i d|i|nt S(Nt NISDOMAINR5( RRRt CFG_NETWORKRR<RRR6R;RR$(RRRR((s!/usr/share/authconfig/authinfo.pyt readNetworks   cCsm|i}t|i|jpt|i|jotSx)|iD]}|i||otSqGWtS(N(RR1R2RvR$RRR(RR&t sssdsupportedR((s!/usr/share/authconfig/authinfo.pytdifferss ,  cCst|i|_t|i|_t|i|_t|i|_|i|i||_|idjo$|io|ii |_qn|i i |_ |i djo t|_ ndS(Ntads(RR;RxR*R,RR R9R:tupperR8R R0RR$(RR((s!/usr/share/authconfig/authinfo.pytupdates cCs|i}|i|i||i||i||i}|io*| o"|i o|idt |n|i o*| o"|i o|idt |n|i ||i ||i ||i||i||i o|i o|i|n|i||i||ip |i o|i|n|i||i||idS(NR[Rs(tcopyRR7RRURR2RBRR$RvRRR#RRRRRRRR(RRtreallyimplicit((s!/usr/share/authconfig/authinfo.pyRs0               cCs%ti|}d|_d|_|S(NRH(RRR(RR((s!/usr/share/authconfig/authinfo.pyRs  cCs0tti|it|io|i tS(N(Rt CFG_CACHER R~RR1R2R$(R((s!/usr/share/authconfig/authinfo.pyRscCstti|iytitti}Wntj otSX|i d|i |i d|i |i d|i tS(NRRi(RRR R~RtrcreateRR<RtsetValueR3R4RR;R$(RR((s!/usr/share/authconfig/authinfo.pyRs  c Cst}d}d}tti|iztttid}x|iD]}|i }t |d}|o|i dd}t |djoqIn|d|i jo%|d|ijo||7}qIn| o|i o|d|i 7}|ii d}|io|d7}||d7}n |d 7}|d 7}|d}x+|D]#}|o|d |d 7}qVqVWt}qqIt|d ok| o_|i oT|ioJ|ii d}x+|D]#}|o|d |d 7}qqWt}qqI||7}qIW|p|ii d}|i oZ|d|i 7}|do&|d7}||d7}|d}n |d 7}|d 7}nx/|D]#}|o|d |d 7}qqWn|i|i||iWdy|o|inWntj onXXtS( NRHiRiisdomain R s server s broadcasts s ypserver R(RRRRR R~RRRRRRRR5R6R7R$RRRRR;R<( RtwrittenRRJRtlsR"tserversR ((s!/usr/share/authconfig/authinfo.pyR s~  (            c Cst}t} t} t} t} t} d}d}|io*|idjo|idjo d}nd}z&t|d}xp|iD]e}|i}t||oW| oK|ioA||d7}|di|ii d7}|d 7}t } qqt||o |io|d |7}qqt ||oE| o9|i o/||d7}||i 7}|d 7}t }qq|o[t|d oK| p@|d 7}|i o|d 7}n |d7}|d 7}t } qq|oQt|doA| o5|io+|d7}||i7}|d 7}t } qqt|doO| pD|o|d7}n |d7}|d|i7}|d 7}t } qq|o=t|do-| p"|d|7}|d 7}t } qq||7}qW| oE|io;||d7}|di|ii d7}|d 7}n| o3|i o)||d7}||i 7}|d 7}n|oB| o:|d 7}|i o|d 7}n |d7}|d 7}n|o7| o/|io%|d7}||i7}|d 7}n| p>|o|d7}n |d7}|d|i7}|d 7}n|o$| o|d|7}|d 7}n|i|i||iWdy|o|inWntj onXXt S(NRHR_R`RatcryptiR R s RRsssl RtnoRs nss_schema t tls_cacertdirt TLS_CACERTDIRt pam_passwords pam_password (RRR8RRRRR RRR$R*R"R$R&R!R(RRRR;R<(RR=RRRt writepadlt writeschematwritepamt wrotebasednt wroteservertwrotesslt wroteschemat wrotepasstwrotecacertdirRRJtpassalgoRR((s!/usr/share/authconfig/authinfo.pyt writeLDAP2X s                          cCstiittio>tti|i|ittidddt t t ntiitt io>tt i|i|itt idddt t t ntiitt io>tt i|i|itt idddt t t ntiitt io>tt i|i|itt idddt t t ntti|i|ittidddt t t }|S(NRRRtURItHOSTtBASE(R3RR RRRR R~RR$RRRRt CFG_OPENLDAP(RR((s!/usr/share/authconfig/authinfo.pyR s(cCsWd}|idjo |dS|idjp|idjo ||iS|dSdS(Nscrypt_style = RaRbRctdes(R8(RR((s!/usr/share/authconfig/authinfo.pyt cryptStyle s    c Cst}t}d}d}d}tti|izPtttid}x|iD]}|i }|djo1t |do!||i d7}t }qUnt |doh|djo&| o||i d7}t }n|di ddd }|djo t }qn||7}qUW|p.|d 7}||i d7}t }t }n|i|i||iWdy|o|inWntj onXXt S( NRHiRRs RiRis [defaults] (RRRRR R~RRRRRRR$RRRRR;R<(Rtwrotecryptstylet wrotedefaultsRRRJRR((s!/usr/share/authconfig/authinfo.pyR sJ        c Cst}t}d}d}d}tti|i|idjo d}nd}|idjp|idjo d}nd|iid }zttti d }xu|i D]j}|i } t | d o||7}t }qnt | d o||7}t }qn||7}qW|p||7}n|p||7}n|i|i||iWdy|o|inWntj onXXt S( NRHRasMD5_CRYPT_ENAB yes sMD5_CRYPT_ENAB no R_R`sENCRYPT_METHOD DES sENCRYPT_METHOD s iRR(RRRRR R~R8RRRRRRR$RRRR;R<( Rt wrotemd5crypttwroteencmethodRRRJtmd5cryptt encmethodRR((s!/usr/share/authconfig/authinfo.pyR" sN         c Cs t}t}t}t}t}t}t}t}t} t} t} t} t} t}t}d}d}d}d}tti|i|io|io |i}nE|ip |i o'|i djo|i o |i }n |i}|i|i jo t }nzK t ttid}x5|iD]*}|i}|djo`|oY||ijoIt|do9|p+|io|t|i7}nt }q+q+n|djop|i djo`|oY||i joIt|do9|p+|io|t|i7}nt }q+q+n|djo`|oY||ijoIt|do9|p+|io|t|i7}nt }q+q+n|djo| o|idd}t|djo||7}q+n|d}|io||ijo t }n|i o||i jo t }q5n|djo|ot|d o|io\||ijoL|p|t|i7}t }n|p|t|i7}t }qn|i o8||i jo(|p|t|i7}t }qnd}n|d joNt|d o>|o0| o(|d 7}||7}|d 7}t } q+q+n|d jo[t|doK| p=|d7}|tt|ii7}|d 7}t } q+q+n|d jo[t|doK| p=|d7}|tt|ii7}|d 7}t } q+q+n|djoW|ioMt||iipt|d|iio||7}t } q+nt|do|djo;|io1| o)|t|i|i|i7}t }n|djo8|i o.| o&|t|i |id7}t }n|d jo|o0| o(|d 7}||7}|d 7}t } n| p=|d7}|tt|ii7}|d 7}t } n| p=|d7}|tt|ii7}|d 7}t } qn|djo|iov| on|d|ii7}|d|i7}|d 7}|d|ii7}|d|i7}|d 7}t } qn|oI|djo t }q|d jo t } q|djo t }qn|diddd}|djo t }qK|d jo t }qK|djo t }qKn||7}q+W| p|p|d7}n|o*| o"|d 7}||7}|d 7}n| p7|d7}|tt|ii7}|d 7}n| p7|d7}|tt|ii7}|d 7}q& n|pj|p|d7}n|p#|t|i|i|i7}n|p |t|i |id7}q n|p|p|d7}n|iop| oh|d|ii7}|d|i7}|d 7}|d|ii7}|d|i7}|d 7}q1 n|i|i ||i!Wdy|o|i"nWnt#j onXXt S(NRHRiRRKRiiRRRs default_realm = s Rs dns_lookup_realm = Rs dns_lookup_kdc = t domain_realmR~RR s = s .Rs[libdefaults] s [realms] s[domain_realm] ($RRRRR R~R@R.RORjR9R:R$RRRRRR*RLR;R,RORRRR1R<R R=RQRRRR;R<(Rt wroterealmtwrotekdct wroteadmint wrotesmbrealmt wrotesmbkdct wroterealmstwrotelibdefaultst wroterealms2twrotelibdefaults2twrotedefaultrealmt wrotednsrealmt wrotednskdctwroteourdomrealmt wrotedomrealmtwrotedomrealm2RRRRJt defaultrealmRRR"((s!/usr/share/authconfig/authinfo.pyRX s  $     $  $   $     $            0                                 $   cCsyy|i|d}Wntij o d}nX||jo2|djo|i|n|i||ndS(Nt _provider(RRRRtremove_providert add_provider(RRt newprovidertsubtypetprov((s!/usr/share/authconfig/authinfo.pytchangeProviderB s   cCs|iptStti|i|iotS|ipZ|iptSy|ii t |_Wqt i j o|ii t |_qXn|i}y|iidWn&t ij o|iidnX|iidt}|io0t}|i|dd|i|ddn|io*|i|dd|i|ddn5|io*|i|dd|i|ddnxtiD]\}}yt||}|djot|}nt|tjo|i||nMt|tjo,|o|i||qO|i|n|i|Wqt i j oqXqW|ii!||o|ii"|i#n|ii$|i#y|ii%tti&Wnt'j onXtS(NtautofsRrtidRkRdtchpassR((RR$RRR R~RBRR2t new_domainRRtDomainAlreadyExistsErrorRt get_servicetNoServiceErrort new_servicetactivate_serviceRR?RR@RARR RRttypeR1t set_optionRt remove_optionRt save_domaintactivate_domaintget_nametdeactivate_domainRRR<(RRtactivateRtoptionR((s!/usr/share/authconfig/authinfo.pyRL sj           cCs|idjotStti|id}d}d}|itdjo|d7}|d7}d}nt d|id|d |gt i d d d |tS( Ns/usr/sbin/gdm-safe-restarttnoneRs ,/etc/pkcs11/lockhelper.sh -locks&,/etc/pkcs11/lockhelper.sh -deactivatet lock_screens use_module=s ins_action=s rm_action=sgconftool-2 --directs= --config-source=xml:readwrite:/etc/gconf/gconf.xml.mandatorysH -s /desktop/gnome/peripherals/smartcard/removal_action %s --type string( RDRR$RtCFG_PAM_PKCS11R R~RCRRR3R(RtinsacttrmactR((s!/usr/share/authconfig/authinfo.pyR s      c Csd}|d7}|dtidd7}|d7}|d7}|d7}|io+|d7}||i7}|d7}t}n|io7|d7}||iid d 7}|d7}t}n|io+|d 7}||i7}|d7}t}n|io+|d 7}||i7}|d7}t}n|io+|d 7}||i7}|d7}t}n|i o+|d7}||i 7}|d7}t}n|i o+|d7}||i 7}|d7}t}n|i o+|d7}||i 7}|d7}t} n|i o+|d7}||i 7}|d7}t} n|d7}|t t|ii7}|d7}|d7}|t t|ii7}|d7}|d7}|d7}|S(Ns#--authconfig--start-line-- s s# Generated by authconfig on s%Y/%m/%d %H:%M:%SsF# DO NOT EDIT THIS SECTION (delimited by --start-line--/--end-line--) sE# Any modification may be deleted or altered by authconfig in future s workgroup = s password server = R R s realm = s security = s idmap config * : range = s winbind separator = s template homedir = s template primary group = s template shell = s winbind use default domain = s winbind offline logon = s#--authconfig--end-line-- (ttimetstrftimeRER$R;RR:R9RFRGRHRIRJRR1RKR RL( RRJtwroteworkgroupt wroteserversRt wrotesecuritytwroteidmaprangetwroteseparatortwrotetemplatehtwrotetemplateptwrotetemplates((s!/usr/share/authconfig/authinfo.pyt paramsWinbind sx                                                      cCs@d}x)|D]!}t||o d}Pq q W||7}|S(NRHR(RU(RRRRRJR ((s!/usr/share/authconfig/authinfo.pytcheckLineWinbind s  c Cs:t}t}d}tti|idddddddd d d d d ddg}d}d}ztttid}x>|iD]3}|i }|o!t |do t}qqnt |do t }qnt |dpt |do||7}qnt |d} | o^d| joQ| i ddi}||7}|djo||i7}t }qqn|djo ||i|||7}qn||7}qW|p|d7}||i7}n|i|i||iWdy|o|inWntj onXXt S(NRHR spassword serverRPR!s domain logonss domain masters idmap uids idmap gidswinbind separatorstemplate homedirstemplate primary groupstemplate shellswinbind use default domainswinbind offline logonis#--authconfig--end-line--s#--authconfig--start-line--RRRRiRs [global] (RRRR R~RRRRRRR$RRR RRRRRR;R<( Rt authsectiontwroteauthsectionRRRRJRRR"((s!/usr/share/authconfig/authinfo.pyR sf               c Csyd}d}d}t}t}t}t}t}t} t} d} d} tti|iztttid} |io|d7}n|d7}|} |i o|d7}n|i o|d7}n|i o|d7}n|i o|d7}n|i p|ip |io|d 7}| d 7} n|io|d 7}n|io|i o|d 7}n|io|d 7}n|io|d 7}n|io|d7}n|io|d7}n|}|io|idd}n|}|io|d7}ntittip@|io |io|idd}qh|id d}n|d7}|io|d7}n|io|d7}n|io|d7}n|i o|d7}n|i o|d7}n|ip|d7}nx| i D]}|i!}t"|do3|p(| d7} | |7} | d7} t#}qq t"|do3|p(| d7} | |7} | d7} t#}qq t"|do3|p(| d7} | |7} | d7} t#}qq t"|do3|p(| d 7} | |7} | d7} t#}qq t"|d!o3|p(| d"7} | |7} | d7} t#}qq t"|d#o3| p(| d$7} | |7} | d7} t#} qq t"|d%o3| p(| d&7} | | 7} | d7} t#} qq | |7} q W|p"| d7} | |7} | d7} n|p"| d7} | |7} | d7} n|p"| d7} | |7} | d7} n|p"| d 7} | |7} | d7} n|p"| d"7} | |7} | d7} n| p"| d$7} | |7} | d7} n| p"| d&7} | | 7} | d7} n| i$| i%| | i&Wdy| o| i'nWnt(j onXXt#S('NRHis dbs filess directoriess odbcbinds nispluss niss ssss ldapbinds ldaps hesiodbinds hesiods dbibinds dbbindtfilesR(s winbindRoRrs mdns4_minimal [NOTFOUND=return]s dnss winsspasswd:s passwd: s sshadow:s shadow: sgroup:s group: s netgroup:s netgroup: s automount:s automount: shosts:s hosts: s services:s services: ()RRRR0R R~RRRMRNRPRQRRR[R2RBRSR?RTRURVRWRXRROR3RvtPATH_LIBSSS_AUTOFStR_OKRZR\RYRRRR$RRRR;R<(Rtuserstnormalthostst wrotepasswdt wrotegroupt wroteshadowt wrotenetgrouptwroteautomountt wrotehostst wroteservicesRRJtservicestnetgroupRR((s!/usr/share/authconfig/authinfo.pyR; s(                                                            c Cst|t}|t}|t}d}|o|od}|djoY|djoL|o-|io t}nt}dit}q|io t }qn|djo+|djo|i o t }qt }n|djo2|djo%|t jo|io t}qn|djo*tid td ftio d }n|d |||f7}|o_||ijoOtid t|fti o.|itd t|ft|i||i& oP| ttjo?| tdjo.| tt'jo||i(| || 7}qqW|i)|i*||i+Wdy|o|i,nWnt-j onXX|i.|t/d|t S(NRHis #%PAM-1.0 s# This file is auto-generated. s/# User changes will be destroyed the next time sauthconfig is run. s Rpsafs.krbRxtepsRkRlRrRiRjRuRmRsRyRtRoRwRvR}s/pam.d/(0RRR R~RRRiRhRtRtSTANDARDR$t FINGERPRINTt SMARTCARDt pam_modulesRt MANDATORYRkRRlRmRnR@RvR targv_krb5_sc_authtAUTHRARRRoRpRjRsRBRqRaRcRrtLOGIC_REQUISITERRRRR;R<RRJ( RRtcfgt cfg_basenametcfg_linkRRJRiRhRtRt prevmoduleRQ((s!/usr/share/authconfig/authinfo.pytwritePAMServiceT s|               &""&"/"!  cCseh|_|itttt|itttt |it t t t |itttttS(N(R R%RRItAUTH_PAM_SERVICE_ACRKt PASSWORD_ONLYtCFG_PASSWORD_PAMtPASSWORD_AUTH_PAM_SERVICE_ACRRtCFG_FINGERPRINT_PAMtFINGERPRINT_AUTH_PAM_SERVICE_ACRRtCFG_SMARTCARD_PAMtSMARTCARD_AUTH_PAM_SERVICE_ACRR$(R((s!/usr/share/authconfig/authinfo.pyR s  cCstti|iytitti}Wntj otSX|i d|i |i d|i |i d|i |i d|i |i d|i|i d|i|i d|i|i d|i|i d |i|i d |i|i d |i|i d |i|i d |i|id|i|idd|i d|i|i d|i|i d|i|i d|i|i d|i|i d|i|i d|i |i d|i!|i d|i"|i d|i#|i d|i$|i d|i%|id|i&|id|i'|id|i(|i)d|i*t+S( NRYRXR^RaRhRlRnRpR`RbRcReRdR~RgRmRoRqRrRsRtRuRvRwRxRyRzR{R|R}i(,RRR R~RRRR<Rt setBoolValueRmRMRUR?RRRpROR[R@RARhRiRtRR8RReRjRsRqRaRcRrRwR0RBR{R|RxRyRzRR;R$(RR((s!/usr/share/authconfig/authinfo.pyR sL  cCsstti|iytitti}Wntj otSX|i d|i |i d|i t S(NRi(RRR R~RRRR<RRR5RR;R$(RR((s!/usr/share/authconfig/authinfo.pyR s  cCs|i}|i|_|_|i o5|i o*|io| o|iidq_nt}t|djo!|i |jo|d|_ n|i o!|i ot |_ t |_ndS(NR>i(R2RRvR[RsRRRRRDR{RBRR$R(Rt oldimplicittmodules((s!/usr/share/authconfig/authinfo.pytprewriteUpdate s  # cCsV|it|i|itdy|i}|o |i}|o |i}|io|o |i }n|i p |i o|o |i }n|i p|io'|idjo|o |i}n|io|o |i}n|io|o |i}n|ip |io|o |i}n|ip |io|o |i}n|o |i}|o |i}|o |i}|o |i}|o |i}Wn>tt fj o,t!i"i#t$t!i%ddt&SXx2|i'D]'}|i(o|i)i*|i(q'q'W|S(Ns/lastRis (+RR$R1t setupBackuptPATH_CONFIG_BACKUPSRRRRURR?RARR@RjR9RRhRRRRRORR2RvRRRRRRR:R<RRRRtexc_infoRRRRtadd(RRR((s!/usr/share/authconfig/authinfo.pyR sH        $  cCs|i|it|i|itdt}yqxj|iD]_}|i||oF|io|o |i}n|i o|i i |i qqEqEWWn>t t fj o,tiittiddtSX|S(Ns/lastis (RRR$R1R2R3RRRRRR5R:R<RRRRR4R(RRRR((s!/usr/share/authconfig/authinfo.pyt writeChangeds"      #$cCsd}d}g}g}tidgtidgtidgtidgg}ti}|pdS|idp|d7}n||id}d|}ti|titi}xL|D]D}|i tijo+|i i i d|_ t||_qqWd|}ti|titi}|p)d|}ti|titi}nxC|D];}|i tijo"|i i|_|ioPqqgqgW|iold|i}ti|titi}x|D]}|i tijoh|i i i d}|i io|d |i i7}n|io|id |7_q`||_qqWd |i}ti|titi}x|D]}|i tijoh|i i i d}|i io|d |i i7}n|io|id |7_q||_qqWnx|D]}|d |}ti||d ti}xY|D]Q}|i tijo8|i|jo(d|d |_|i d|_PqZqZWq#WdS(NRHthstnsR~s _ldap._tcps _kerberos.t _kerbeross_kerberos._udp.R+R s_kerberos-adm._udp.ii(t dnsclienttDNS_C_INtDNS_C_HSRtgetfqdntendswithR,Rt DNS_T_SRVtdns_typetrdataRR R RR"t DNS_T_TXTtdataR.RR*R,t DNS_T_SOAtdns_nameR3R4(RthostnametqnametresultsRR-Rth((s!/usr/share/authconfig/authinfo.pytprobe#s                cCsdt|iGHdGHdt|iGHdt|iGHdt|iGHd|iGHd|iGHdt|iGHd t|iGHd |i GHd |i GHd t|i GHd |i GHd|i GHdt|iGHdt|iGHd|iGHd|iGHd|iGHd|iGHd|iGHd|iGHdt|iGHdt|iGHdt|iGHdt|iGHdGHdt|iGHd|iGHdt|iGHd|iGHd t|iGHd!|iGHd"t|i GHd#|i!GHd$t|i"GHd t|iGHd |i GHd |i GHd%|i#pd&GHd't|i$GHd(t|i%GHd)|i&GHd*|i'GHd+t|i(GHd,t|i)GHd|iGHd|iGHd|iGHd|iGHd-t|i*GHd.t|i+GHd/t|i, GHd0t|i-GHd1|i. od2pd3GHd4|i/GHd5|i0GHd6|i1GHd7t|i2|i3fGHd8t|i4|i5fGHd9t|i6|i7fGHd:t|i8|i9fGHd;t|i:|i;fGHd<t|i<GHdS(=Ns caching is %ssnss_files is always enabledsnss_compat is %ss nss_db is %ssnss_hesiod is %ss hesiod LHS = "%s"s hesiod RHS = "%s"snss_ldap is %ss LDAP+TLS is %ss LDAP server = "%s"s LDAP base DN = "%s"s nss_nis is %ss NIS server = "%s"s NIS domain = "%s"snss_nisplus is %ssnss_winbind is %ss SMB workgroup = "%s"s SMB servers = "%s"s SMB security = "%s"s SMB realm = "%s"s Winbind template shell = "%s"s SMB idmap range = "%s"snss_sss is %s by defaultsnss_wins is %ssnss_mdns4_minimal is %ss%DNS preference over NSS or WINS is %sspam_unix is always enableds shadow passwords are %ss! password hashing algorithm is %sspam_krb5 is %ss krb5 realm = "%s"s krb5 realm via dns is %ss krb5 kdc = "%s"s krb5 kdc via dns is %ss krb5 admin server = "%s"spam_ldap is %ss LDAP schema = "%s"Rspam_pkcs11 is %ss# use only smartcard for login is %ss smartcard module = "%s"s smartcard removal action = "%s"spam_fprintd is %sspam_winbind is %sspam_sss is %s by defaults! credential caching in SSSD is %ss6 SSSD use instead of legacy services if possible is %ss IPAv2 is %ssIPAv2 domain was %sjoinedsnot RHs IPAv2 server = "%s"s IPAv2 realm = "%s"s IPAv2 domain = "%s"spam_cracklib is %s (%s)spam_passwdqc is %s (%s)spam_access is %s (%s)s0pam_mkhomedir or pam_oddjob_mkhomedir is %s (%s)s'Always authorize local users is %s (%s)s;Authenticate system accounts against network services is %s(=RR1RXRMRUR3R4R?R$R R"RRR7R5RQRORER;R9R:RJRFR[RYRZR\ReR8R@R.R<R*R=R,RAR&RhRiRDRCRtRjRsR0RwRBR{RxRzRyRmR]RpR^RaR`RcRbRqR_Rr(R((s!/usr/share/authconfig/authinfo.pyt printInfovs                                cCswx.ttttfD]}t|i|iqW|ioti dti dnti dti dt S(Ns/usr/sbin/pwconvs/usr/sbin/grpconvs/usr/sbin/pwunconvs/usr/sbin/grpunconv( t CFG_SHADOWt CFG_PASSWDt CFG_GSHADOWt CFG_GROUPRR R~ReR3RR$(RR!((s!/usr/share/authconfig/authinfo.pyRs    c Csd}|ip |io|io|iidddidddiddd}|i}|i}|p d}n|djo|djodSd|od pd ||od pd ||if}|otii d |n|i p| o"t ||d |i \}}n)t |gdt }|i|i}|o(|djo|itdqq|djo+td} | d|7} |i| qn|djS(NiR iR s RRs!/usr/bin/net join %s%s %s%s -U %ss-w RHs-S s[%s] ssword:Rs'Winbind domain join was not successful.s]Winbind domain join was not successful. The net join command failed with the following error:s (RORjRR;RRER9RRRRRRR$RRR}R( RRRRRtprotocoltcmdRRterrmsg((s!/usr/share/authconfig/authinfo.pyt joinDomains89    "     c Csd}|io|i}|i}|i}|i}|i}|io d}nd}td|odpd||odpd||odpd||odpd||| od pd f } |o@ti i d | t | gd t } | i | i}nt| |d|\}} |djo t |_n|o(|djo|itd qq|djo+td} | d| 7} |i| qn|djS(Nis-NRHs! --noac %s%s %s%s %s%s %s%s %s %ss --domain=s --server=s--realm=s --principal=s --unattendeds-Ws[%s] Rs%IPAv2 domain join was not successful.seIPAv2 domain join was not successful. The ipa-client-install command failed with the following error:s (RBRxRyRzRRR|tPATH_IPA_CLIENT_INSTALLRRRRR$RRRR{R}R( RRRRRRPt principalRgtnontpRQRRRR((s!/usr/share/authconfig/authinfo.pyt joinIPADomainsB               cCstd}ti|dS(Ns --uninstall --noac(RTR3R(RRQ((s!/usr/share/authconfig/authinfo.pyt uninstallIPAs cCs^|pS|iotidtidqZytidWqZtj oqZXntS(NR(R1RRR0R:R$(RR((s!/usr/share/authconfig/authinfo.pyRs   cCs^|io|io|ptid|iny6tittid|ptidnWnt j onXyCtit tid|pti dtidnWqZt j oqZXn|ptidnyPtit |p+yti dWq6t j oq6Xnti dWnt j onXt S(Ns/bin/domainname trpcbindtypbinds/bin/domainname "(none)"(RRR5R3RRt PATH_RPCBINDRRR0R:t PATH_YPBINDRRR$(RR((s!/usr/share/authconfig/authinfo.pyR#s>        cCs/t|ip |io|i td|tS(Ntnslcd(RR?RAR2t PATH_NSLCDR$(RR((s!/usr/share/authconfig/authinfo.pyREs  cCs$t|ip|itd|dS(NRt(RRORjt PATH_WINBIND(RR((s!/usr/share/authconfig/authinfo.pyRLscCs|io |ip7|iotiitp|iotiit}|ip|ip|ip|}t |t d|p#|o|ip|ip|i dS(Ntsssd( R[RsR3RtexiststPATH_SSSD_CONFIGR2RvRBRt PATH_SSSD(RRtexplicitenableR((s!/usr/share/authconfig/authinfo.pyRQscCsE|io7tidtdftiotttd|ndS(Ns %s/pam_%s.soRtoddjobd(RcR3RvR R RR$t PATH_ODDJOBD(RR((s!/usr/share/authconfig/authinfo.pyR\s cCs:x|iD]}||q W|io|indS(N(RRRX(RRR((s!/usr/share/authconfig/authinfo.pytpostds   cCs|ip |iogyti|iWnBtj o6\}}|tijoti|idqmnXt |iSt S(Ni( R?RAR3RR(R:RAtENOENTRRR(RRR((s!/usr/share/authconfig/authinfo.pyttestLDAPCACertsjscCsJ|ip |io2|ipd|ijotid|indS(Nsldaps:s/usr/sbin/cacertdir_rehash (R?RAR$R R3RR((R((s!/usr/share/authconfig/authinfo.pytrehashLDAPCACertsuscCs|iptS|iyWti|i}t|idtd}|i|i |i |i Wn0t t t fj o|itdtSX|itS(NRis Error downloading CA certificate(RRRiturllib2turlopenRGR(tLDAP_CACERT_DOWNLOADEDRRR;R<R:RR}RRjR$(Rtreadftwritef((s!/usr/share/authconfig/authinfo.pytdownloadLDAPCACertzs    c Cs|ddjotd|}n||_t|pmySti|}x=|D]5}yti|d|WqRtj oqRXqRWWqtj oqXndS(NiRs/backup-(R3R~RR3RRR:(RR RR=((s!/usr/share/authconfig/authinfo.pyR2s   cCsA|i|t}x'tD]}|i|io|}qW|S(N(R2R$RR R~(RR RR!((s!/usr/share/authconfig/authinfo.pyt saveBackups  cCsT|ddjotd|}nt}x$tD]}|i|o|}q0W|S(NiRs/backup-(R3R$RR (RR RR!((s!/usr/share/authconfig/authinfo.pyt restoreBackupscCs|itdS(Ns/last(RrR3(R((s!/usr/share/authconfig/authinfo.pyt restoreLasts(LRRRRRRRRRRRRRRRRRRRR#R7RRURRRRRRRRRRRRRRRRRRRRRRRRRRR%RRRR1RR6RJRKRRSRWRXRRRRRRRgRiRjRpR2RqRrRs(((s!/usr/share/authconfig/authinfo.pyRs    *   9   A   '  . .         U u  5 6 C  A I J  H  +   &  S G # (  "         ((((((RR3RR6RRRRRR:RRARkRRRt subprocessRtgettexttlgettextRRt ImportErrorRRJRKR&RR)RR+RR-RRtglobalstLIBDIRR t PATH_PWCONVR[Rt PATH_NSCD_PIDR^tPATH_NSLCD_PIDt PATH_DBBINDtPATH_DBBIND_PIDt PATH_DBIBINDtPATH_DBIBIND_PIDtPATH_HESIODBINDtPATH_HESIODBIND_PIDt PATH_LDAPBINDtPATH_LDAPBIND_PIDt PATH_ODBCBINDtPATH_ODBCBIND_PIDR_tPATH_WINBIND_PIDRct PATH_SSSD_PIDR\tPATH_YPBIND_PIDRftPATH_ODDJOBD_PIDt PATH_SEBOOLt PATH_SCEVENTDtPATH_SCEVENTD_PIDRtPATH_LIBNSS_DBtPATH_LIBNSS_LDAPRR tPATH_LIBNSS_NIStPATH_LIBNSS_HESIODtPATH_LIBNSS_ODBCBINDtPATH_LIBNSS_WINBINDtPATH_LIBNSS_WINStPATH_LIBNSS_SSSt PATH_PAM_KRB5t PATH_PAM_LDAPtPATH_PAM_WINBINDtPATH_PAM_PKCS11tPATH_PAM_FPRINTDt PATH_PAM_SSSRtPATH_WINBIND_NETRTRRmR3RbtLOGIC_REQUIREDR tLOGIC_SUFFICIENTtLOGIC_OPTIONALRRt LOGIC_PKCS11RRRRRR RRRRR!R#R(R)R*R2RCRGRLRORQRUtargv_unix_authtargv_unix_passwordt argv_afs_authtargv_afs_passwordtargv_cracklib_passwordtargv_passwdqc_passwordt argv_eps_authtargv_eps_passwordtargv_fprintd_authtargv_pkcs11_authRtargv_krb5_authRtargv_krb5_passwordtargv_ldap_authtargv_ldap_passwordt argv_otp_authtargv_succeed_if_authtargv_succeed_if_accounttargv_succeed_if_sessiontargv_succeed_if_nonlogintargv_winbind_authtargv_winbind_passwordt argv_sss_authtargv_sss_passwordtargv_keyinit_sessionRLtrangeRtACCOUNTtSESSIONtPASSWORDRRRRRR RR'RRt_[1]RRR$RRtDEFAULT_DNS_QUERY_SIZERRRRRRRRRRRRRRRRRRRRRRRRtCFG_KRBRRR0RRIR(R*R,RRRRRRLRMRNRORRR(((s!/usr/share/authconfig/authinfo.pyts                                                                            -                                                                                                                                                                                                                                                                                       Z    S  7]