| Commit message (Collapse) | Author | Age | Files | Lines |
|---|
| | |
|
| | |
|
| | |
|
| | |
|
| |
|
|
|
|
|
|
| |
* Accounts: separate gpasswd command in two
Specify different commands to add and remove users from a group.
In FreeBSD, the flags used by pw utility are not the same used
by gpasswd.
|
| |
|
|
|
| |
Call activate when two factor enablement changes and OS Login enablement
remains unchanged.
|
| |
|
| |
The gpasswd command takes in an optional argument.
|
| |
|
|
|
|
|
|
| |
* Allow system accounts to skip two-factor auth
* Refactor control file, add two-factor support
* Update account watcher to support two-factor
|
| |
|
|
|
|
|
|
|
|
| |
* Read gpasswd_cmd from config file
With this we can configure the specific FreeBSD command
to remove an user from a group enabling the sudoers removal
feature in it.
* Add gpasswd_cmd to README and config file generation
|
| |
|
|
|
|
| |
For all intents and purposes, we can pretend Fedora works like
Enterprise Linux 7 systems, such as Red Hat Enterprise Linux and CentOS.
Signed-off-by: Neal Gompa <ngompa13@gmail.com>
|
| |
|
|
| |
The scripts inside 'scripts' directory have general names that makes
difficult identify from which package they belong to.
|
| |
|
|
|
|
|
| |
- Create backwards compatible parser.
- Move off of deprecated methods.
- Fixing PyPI build errors.
- Fix linter warnings.
- Fix the flake8 linter to prevent contradictory linter warnings.
|
| | |
|
| |
|
|
| |
Updating a user should not override local changes to group membership
beyond member in the google-sudoers group.
|
| |
|
|
|
|
|
| |
Roll forward of #656 with additional logic to prevent breaking users.
This reverts commit 5f87ca2353953daf0b9ca2f9d8c2b512cfd146a2.
Update user groups regardless of existence.
|
| |
|
| |
This reverts commit 41863c9b89f1e02b5866ab263124df59b327380d.
|
| |
|
|
| |
This prevents the local user account from having elevated privileges
when used by OS Login.
|
| | |
|
| |
|
|
|
|
| |
* Travis CI: Add Python 3.7 to the testing
* Add Python 3.7 trove classifier to setup.py
|
| |
|
|
|
| |
Port specific files are located in /use/local/etc/ in FreeBSD.
This avois having a specific patch in FreeBSD package, making it easier
to maintain.
|
| |
|
|
| |
The default ethernet interface is already enabled. We should not run
dhclient on the interface.
|
| |
|
|
|
|
|
|
|
|
|
|
|
|
| |
* class IpForwardingUtils implemented in distro_lib
The old implementation of IpForwardingUtils uses ip route command, but
this is not suported in FreeBSD. This commit moves the implementation to
distro_lib and transforms IpForwardingUtils into an interface class,
allowing each distro to chose which implementation to use.
class IpForwardingUtilsIprouteTest:
contains the old implemetation using ip route command
class IpForwardingUtilsIfconfig:
contains an implementation using ifconfig command
|
| |
|
|
|
|
|
| |
A user with a username greater than 32 characters (name and email with
special characters converted to _) logged into an instance with
OS Login enabled. The user received "No user exists for uid XXXX"
messages when attempting to run programs. This change verifies that
usernames are at most 32 characters.
|
| |
|
| |
This prevents conflicts with the Python 3 distro module.
|
| |
|
|
|
|
|
|
|
|
|
|
|
|
|
|
|
|
|
|
|
|
| |
This reverts commit 8093d7c6cb798d7c6fad7247313d8d66b892dde8.
Reason:
google_instance_setup starts sshd after generating host keys, but when
FreeBSD boots, this service starts before sshd.
FreeBSD starts sshd through rc utility on boot regardless if
it was already started before. Causing the following error:
```
Starting sshd.
May 15 16:51:18 freebsd sshd[1365]: error: Bind to port 22 on :: failed: Address already in use.
May 15 16:51:18 freebsd sshd[1365]: error: Bind to port 22 on :: failed: Address already in use.
May 15 16:51:18 freebsd sshd[1365]: error: Bind to port 22 on 0.0.0.0 failed: Address already in use.
May 15 16:51:18 freebsd sshd[1365]: error: Bind to port 22 on 0.0.0.0 failed: Address already in use.
May 15 16:51:18 freebsd sshd[1365]: fatal: Cannot bind any address.
May 15 16:51:18 freebsd sshd[1365]: fatal: Cannot bind any address.
```
Solution:
Don't start ssh in instance_setup for FreeBSD, let the rc utility to start it.
|
| |
|
|
|
|
|
|
|
|
|
|
| |
* Add default_shell in instance_config
In some systems, bash is not necessarily installed and not necessarily
the default shell.
FreeBSD for instance doesn't come with bash by default.
Add default_shell option and let the system to chose which shell to use
to execute metadata startup/shutdown scripts.
Fallback to bash
|
| |
|
|
|
|
|
|
|
|
|
| |
* Add HandleClockSync in distro/utils.py for FreeBSD
- There is no hwclock for FreeBSD, use ntpdate instead.
- Check in compat.py if the system is FreeBSD and don't call distro.linux_distribution() if true
- Migrate distro specific logic for clock sync to distro/utils.
- Add the following functions to distro/helpers:
def CallHwclock(logger): # Logic used by Linux systems
def CallNtpdate(logger): # Logic used by FreeBSD
- Add mock tests accordingly
|
| |
|
|
|
| |
Forwarded IPs are returned with a local prefix. The agent splits on the
space and tries to add a route for the IP "local" which generates log
spam. We should strip out the local prefix to prevent this issue.
|
| |
|
|
| |
Add support for enabling network interfaces if they appear while the VM
is running.
|
| |
|
|
|
| |
FreeBSD uses the rc utility.
The path for sshd service in FreeBSD is /etc/rc.d/sshd.
Check for this path and add an appropriate mock test
|
| |
|
|
| |
When we enable and disable OS Login, this is the file that should be
updated or removed.
|
| |
|
|
|
|
|
|
| |
* Refactor network_setup and ip_forwarding.
* Update and add tests.
* Update configurations to remove network_setup and ip_forwarding_daemon.
* Update configurations to start network_setup daemon.
* Update documentation.
|
| |
|
|
|
| |
In _UpdateAuthorizedKeys, before creating ssh dir, also create home
dir if it does not exist. This can happen if _GetUser (getpwnam) returns
non-local user info (e.g., from LDAP).
|
| |
|
|
| |
The cache file should always be updated when the account daemon starts
and OS Login is enabled.
|
| | |
|
| | |
|
| |
|
|
|
|
|
|
| |
* Accounts daemon updates the OS Login NSS cache.
This includes testing for updates to the OS Login NSS cache.
* Remove the OS Login NSS cache on deactivation.
|
| | |
|
| |
|
|
|
|
|
|
|
|
|
|
|
|
|
|
|
|
| |
Muti-Nic network setup support for SUSE 11 and 12.
Adds network setup logic to handle multiple Nics for SUSE 11 and 12.
For SUSE 11
- Run dhcpcd on additional Nics.
For SUSE 12
- For additional Nics, create the ifcfg-eth* files.
- Run wicked ifup eth1... to active the Nics.
Requires installation of `distro` package for python 3.5 and above.
Requires updated `setuptools` for all packages.
|
| |
|
|
| |
This removes a circular dependency - compat imports utils and logger
imports compat.
|
| |
|
|
|
| |
- Finish creating distro directories.
- Import correct module based on distro type.
- Refactor 'network_setup' to use these new directories.
|
| | |
|
| |
|
|
| |
Provide an instance config option for specifying which host key types to
generate.
|
| | |
|
| |
|
|
| |
Accounts daemon handles activation and deactivation of OS Login based on a metadata key.
|
| |
|
|
|
|
|
| |
In Python versions less than 2.7.9, urllib does not check ssl certificates.
- Use curl when Python version does not support ssl certificate validation.
- Add curl package dependency on EL distros.
- Add testing for compat file.
- Improve style in the compat file.
|
| |
|
|
|
| |
BSD doesn't have the path /sys/class/net/<interface>/address
Use netifaces instead for interoperability with BSDs systems
If netifaces is not available, fallback to sysfs method
|
| |
|
| |
Run the user commands as a list of arguments.
|
| | |
|
| | |
|
