Initial commit

.gitignore

@@ -0,0 +1,96 @@
+*~
+
+# Byte-compiled / optimized / DLL files
+__pycache__/
+*.py[cod]
+*$py.class
+
+# C extensions
+*.so
+
+# Distribution / packaging
+.Python
+env/
+build/
+develop-eggs/
+dist/
+downloads/
+eggs/
+.eggs/
+lib/
+lib64/
+parts/
+sdist/
+var/
+wheels/
+*.egg-info/
+.installed.cfg
+*.egg
+
+# PyInstaller
+#  Usually these files are written by a python script from a template
+#  before PyInstaller builds the exe, so as to inject date/other infos into it.
+*.manifest
+*.spec
+
+# Installer logs
+pip-log.txt
+pip-delete-this-directory.txt
+
+# Unit test / coverage reports
+htmlcov/
+.tox/
+.coverage
+.coverage.*
+.cache
+nosetests.xml
+coverage.xml
+*,cover
+.hypothesis/
+
+# Translations
+*.mo
+*.pot
+
+# Django stuff:
+*.log
+local_settings.py
+
+# Flask stuff:
+instance/
+.webassets-cache
+
+# Scrapy stuff:
+.scrapy
+
+# Sphinx documentation
+docs/_build/
+
+# PyBuilder
+target/
+
+# Jupyter Notebook
+.ipynb_checkpoints
+
+# pyenv
+.python-version
+
+# celery beat schedule file
+celerybeat-schedule
+
+# SageMath parsed files
+*.sage.py
+
+# dotenv
+.env
+
+# virtualenv
+.venv
+venv/
+ENV/
+
+# Spyder project settings
+.spyderproject
+
+# Rope project settings
+.ropeproject

flexipam.py

@@ -0,0 +1,97 @@
+#!/usr/bin/env python3
+
+import sys
+import getopt
+
+try:
+    import xml.etree.cElementTree as ET
+except ImportError:
+    import xml.etree.ElementTree as ET
+
+_debug = False
+
+flexipam_config = "/home/lechner/Projects/PAM/flexipam/sample-config/"
+
+def GetFirstChild(e): return e[0] if len(e) else None
+
+def execute(which):
+    if(_debug):
+        print("Exec:\t", which)
+
+    tree = ET.ElementTree(file=flexipam_config + "actions/" + which)
+    action = tree.getroot()
+
+    helper = action.find("helper")
+    config = action.find("config")
+    print("Call:\t", helper.text, "[" + config.text + "]")
+
+def include(which):
+    if(_debug):
+        print("Load:\t", which)
+
+    tree = ET.ElementTree(file=flexipam_config + "modules/" + which)
+    module = tree.getroot()
+
+    for part in module:
+        eval(part)
+
+    return True
+
+def all(parts):
+    for part in parts:
+        if eval(part) == False:
+            return False
+    return True
+
+def any(parts):
+    for part in parts:
+        if eval(part) == True:
+            return True
+    return False
+
+def eval(part):
+    if (_debug):
+        print("Eval:\t", part.tag)
+
+    if part.tag == "all":
+        return all(part)
+
+    elif part.tag == "any":
+        return any(part)
+
+    elif part.tag == "include":
+        return include(part.text)
+
+    elif part.tag == "execute":
+        return execute(part.text)
+
+    return False
+
+def main(argv):                         
+    try:                                
+        opts, args = getopt.getopt(argv, "hp:d", ["help", "grammar="])
+    except getopt.GetoptError:
+        usage()
+        sys.exit(2)
+
+    for opt, arg in opts:
+        if opt in ("-h", "--help"):
+            usage()
+            sys.exit()
+        elif opt == '-d':
+            global _debug
+            _debug = True
+        elif opt in ("-p", "--protocol"):
+            protocol_arg = arg
+
+    tree = ET.ElementTree(file=flexipam_config + "protocols/" + protocol_arg)
+    protocol = tree.getroot()
+
+    for stage in protocol:
+        print("\nOpen:\t", stage.tag)
+        eval(GetFirstChild(stage))
+        print("Close:\t", stage.tag)
+
+
+if __name__ == "__main__":
+    main(sys.argv[1:])

sample-config/actions/ask-for-username.action

@@ -0,0 +1,5 @@
+<?xml version="1.0"?>
+<action>
+  <helper>ask</helper>
+  <config>for-username.ask.config</config>
+</action>

sample-config/actions/authenticate-via-kerberos.action

@@ -0,0 +1,10 @@
+<?xml version="1.0"?>
+<action>
+  <helper>kerberos</helper>
+  <config>authenticate.kerberos.config</config>
+  <conditions>
+    <all>
+      <group>users</group>
+    </all>
+  </conditions>
+</action>

sample-config/actions/check-ldap-expiration.action

@@ -0,0 +1,10 @@
+<?xml version="1.0"?>
+<action>
+  <helper>ldap</helper>
+  <config>check-expiration.ldap.config</config>
+  <conditions>
+    <all>
+      <group>users</group>
+    </all>
+  </conditions>
+</action>

sample-config/actions/check-nss-expiration.action

@@ -0,0 +1,5 @@
+<?xml version="1.0"?>
+<action>
+  <helper>nss</helper>
+  <config>check-expiration.nss.config</config>
+</action>

sample-config/actions/check-nss-password.action

@@ -0,0 +1,5 @@
+<?xml version="1.0"?>
+<action>
+  <helper>nss</helper>
+  <config>check-password.nss.config</config>
+</action>

sample-config/actions/mount-nfs-user-account.action

@@ -0,0 +1,11 @@
+<?xml version="1.0"?>
+<action>
+  <helper>mount</helper>
+  <config>nfs-user-account.mount.config</config>
+  <user>root</user>
+  <conditions>
+    <all>
+      <group>users</group>
+    </all>
+  </conditions>
+</action>

sample-config/actions/mount-personal-volumes.action

@@ -0,0 +1,13 @@
+<?xml version="1.0"?>
+<action>
+  <helper>mount</helper>
+  <config>/acct/$(USER)/absent.wallace/flexipam/personal-volumes.mount.config</config>
+  <user>$(USER)</user>
+  <conditions>
+    <any>
+      <all>
+        <group>users</group>
+      </all>
+    </any>
+  </conditions>
+</action>

sample-config/helpers/mount.helper

@@ -0,0 +1,7 @@
+<?xml version="1.0"?>
+<helper>
+  <script>
+    <name>mount.py</name>
+    <language>python</language>
+  </script>
+</helper>

sample-config/modules/common-admit.module

@@ -0,0 +1,9 @@
+<?xml version="1.0"?>
+<module>
+  <all>
+
+    <execute>check-nss-expiration.action</execute>
+    <execute>check-ldap-expiration.action</execute>
+
+  </all>
+</module>

sample-config/modules/common-contact.module

@@ -0,0 +1,8 @@
+<?xml version="1.0"?>
+<module>
+  <all>
+
+    <execute>ask-for-username.action</execute>
+
+  </all>
+</module>

sample-config/modules/common-engage.module

@@ -0,0 +1,8 @@
+<?xml version="1.0"?>
+<module>
+  <all>
+
+    <execute>mount-nfs-user-account.action</execute>
+
+  </all>
+</module>

sample-config/modules/common-invoice.module

@@ -0,0 +1,6 @@
+<?xml version="1.0"?>
+<module>
+  <all>
+
+  </all>
+</module>

sample-config/modules/common-recognize.module

@@ -0,0 +1,9 @@
+<?xml version="1.0"?>
+<module>
+  <any>
+
+      <execute>authenticate-via-kerberos.action</execute>
+      <execute>check-nss-password.action</execute>
+
+  </any>
+</module>

sample-config/modules/common-seat.module

@@ -0,0 +1,8 @@
+<?xml version="1.0"?>
+<module>
+  <all>
+
+    <execute>mount-personal-volumes.action</execute>
+
+  </all>
+</module>

sample-config/protocols/login.protocol

@@ -0,0 +1,40 @@
+<?xml version="1.0"?>
+<protocol>
+
+  <contact>
+    <all>
+      <include>common-contact.module</include>
+    </all>
+  </contact>
+
+  <engage>
+    <all>
+      <include>common-engage.module</include>
+    </all>
+  </engage>
+
+  <recognize>
+    <any>
+      <include>common-recognize.module</include>
+    </any>
+  </recognize>
+
+  <admit>
+    <all>
+      <include>common-admit.module</include>
+    </all>
+  </admit>
+
+  <seat>
+    <all>
+      <include>common-seat.module</include>
+    </all>
+  </seat>
+
+  <invoice>
+    <all>
+      <include>common-invoice.module</include>
+    </all>
+  </invoice>
+
+</protocol>