From 814da1fbc7d4085fc2b13eae26047bde5070203e Mon Sep 17 00:00:00 2001
From: Michael McGrath
Date: Mon, 3 Mar 2008 10:45:00 -0600
Subject: [PATCH 1/3] Require less info initially (lower barrier, less scary).
Notify users when signing the CLA that we need more information
---
fas/fas/cla.py | 7 ++++++-
fas/fas/templates/cla/index.html | 11 +++++++----
fas/fas/templates/user/new.html | 3 +--
fas/fas/user.py | 2 +-
4 files changed, 15 insertions(+), 8 deletions(-)
diff --git a/fas/fas/cla.py b/fas/fas/cla.py
index 3f1a6bd..3b83756 100644
--- a/fas/fas/cla.py
+++ b/fas/fas/cla.py
@@ -46,6 +46,11 @@ class CLA(controllers.Controller):
'''View CLA'''
username = turbogears.identity.current.user_name
person = People.by_username(username)
+ if not person.telephone or \
+ not person.postal_address or \
+ not person.gpg_keyid:
+ turbogears.flash(_('To sign the CLA we must have your telephone number, postal address and gpg key id. Please ensure they have been filled out'))
+ turbogears.redirect('/user/edit/%s' % username)
if type == 'click':
if signedCLAPrivs(person):
@@ -82,7 +87,7 @@ class CLA(controllers.Controller):
'''Sign CLA'''
username = turbogears.identity.current.user_name
person = People.by_username(username)
-
+
if signedCLAPrivs(person):
turbogears.flash(_('You have already signed the CLA.'))
turbogears.redirect('/cla/')
diff --git a/fas/fas/templates/cla/index.html b/fas/fas/templates/cla/index.html
index b63e85e..31fd226 100644
--- a/fas/fas/templates/cla/index.html
+++ b/fas/fas/templates/cla/index.html
@@ -11,10 +11,13 @@
${Markup(_('There are two ways to sign the CLA. Most users will want to do a signed CLA as it will promote them to a full contributor in Fedora. The click-through CLA only grants partial access but may be preferred for those with special legal considerations. See: <a href="http://fedoraproject.org/wiki/Legal/CLAAcceptanceHierarchies">CLA Acceptance Hierarchies</a> for more information.'))}
-
+
+
+
+
${Markup(_('You have already sucessfully signed the <a href="%s">CLA</a>.') % tg.url('/cla/view'))}
diff --git a/fas/fas/templates/user/new.html b/fas/fas/templates/user/new.html
index 8d07f5a..786cd5b 100644
--- a/fas/fas/templates/user/new.html
+++ b/fas/fas/templates/user/new.html
@@ -26,7 +26,6 @@
${_('Bugzilla Email:')}
- -->
${_('Telephone Number:')}
@@ -34,7 +33,7 @@
${_('Postal Address:')}
-
+
-->
diff --git a/fas/fas/user.py b/fas/fas/user.py
index fe023ee..be3712c 100644
--- a/fas/fas/user.py
+++ b/fas/fas/user.py
@@ -255,7 +255,7 @@ class User(controllers.Controller):
@validate(validators=UserCreate())
@error_handler(error)
@expose(template='fas.templates.new')
- def create(self, username, human_name, email, telephone, postal_address):
+ def create(self, username, human_name, email, telephone=None, postal_address=None):
# TODO: Ensure that e-mails are unique?
# Also, perhaps implement a timeout- delete account
# if the e-mail is not verified (i.e. the person changes
From 58e23d41e1ec6eb449579c6cf5e2fee81880ed30 Mon Sep 17 00:00:00 2001
From: Michael McGrath
Date: Mon, 3 Mar 2008 12:40:06 -0600
Subject: [PATCH 2/3] Added initial client config file
---
fas/client/fas.conf | 8 ++++++++
fas/client/fasClient.py | 37 ++++++++++++++++++++++++++++---------
2 files changed, 36 insertions(+), 9 deletions(-)
create mode 100644 fas/client/fas.conf
diff --git a/fas/client/fas.conf b/fas/client/fas.conf
new file mode 100644
index 0000000..160dcc8
--- /dev/null
+++ b/fas/client/fas.conf
@@ -0,0 +1,8 @@
+[global]
+url = http://localhost:8088/fas/
+temp = /var/db
+
+[users]
+# default user info
+shell = /bin/bash
+home = /home/fedora
diff --git a/fas/client/fasClient.py b/fas/client/fasClient.py
index bc1f33a..d8fa719 100755
--- a/fas/client/fasClient.py
+++ b/fas/client/fasClient.py
@@ -30,8 +30,7 @@ from optparse import OptionParser
from shutil import move, rmtree
from rhpl.translate import _
-FAS_URL = 'http://localhost:8088/fas/'
-
+import ConfigParser
parser = OptionParser()
@@ -40,6 +39,11 @@ parser.add_option('-i', '--install',
default = False,
action = 'store_true',
help = _('Download and sync most recent content'))
+parser.add_option('-c', '--config',
+ dest = 'CONFIG_FILE',
+ default = '/etc/fas.conf',
+ metavar = 'CONFIG_FILE',
+ help = _('Specify config file (default "%default")'))
parser.add_option('--nogroup',
dest = 'no_group',
default = False,
@@ -57,9 +61,9 @@ parser.add_option('--noshadow',
help = _('Do not sync shadow information'))
parser.add_option('-s', '--server',
dest = 'FAS_URL',
- default = FAS_URL,
+ default = None,
metavar = 'FAS_URL',
- help = _('Specify URL of fas server (default "%default")'))
+ help = _('Specify URL of fas server.'))
parser.add_option('-e', '--enable',
dest = 'enable',
default = False,
@@ -71,14 +75,29 @@ parser.add_option('-d', '--disable',
action = 'store_true',
help = _('Disable FAS synced shell accounts'))
-
(opts, args) = parser.parse_args()
+try:
+ config = ConfigParser.ConfigParser()
+ if os.path.exists(opts.CONFIG_FILE):
+ config.read(opts.CONFIG_FILE)
+ elif os.path.exists('fas.conf'):
+ config.read('fas.conf')
+ print >> sys.stderr, "Could not open %s, defaulting to ./fas.conf" % opts.CONFIG_FILE
+ else:
+ print >> sys.stderr, "Could not open %s." % opts.CONFIG_FILE
+ sys.exit(5)
+except ConfigParser.MissingSectionHeaderError, e:
+ print >> sys.stderr, "Config file does not have proper formatting - %s" % e
+ sys.exit(6)
+
+FAS_URL = config.get('global', 'url')
+
class MakeShellAccounts(BaseClient):
temp = None
def mk_tempdir(self):
- self.temp = tempfile.mkdtemp('-tmp', 'fas-', '/var/db')
+ self.temp = tempfile.mkdtemp('-tmp', 'fas-', config.get('global', 'temp'))
def rm_tempdir(self):
rmtree(self.temp)
@@ -108,8 +127,8 @@ class MakeShellAccounts(BaseClient):
uid = person['id']
username = person['username']
human_name = person['human_name']
- home_dir = "/home/fedora/%s" % username
- shell = "/bin/bash"
+ home_dir = "%s/%s" % (config.get('users', 'home'), username)
+ shell = config.get('users', 'shell')
file.write("=%s %s:x:%i:%i:%s:%s:%s\n" % (uid, username, uid, uid, human_name, home_dir, shell))
file.write("0%i %s:x:%i:%i:%s:%s:%s\n" % (i, username, uid, uid, human_name, home_dir, shell))
file.write(".%s %s:x:%i:%i:%s:%s:%s\n" % (username, username, uid, uid, human_name, home_dir, shell))
@@ -236,7 +255,7 @@ if __name__ == '__main__':
try:
fas = MakeShellAccounts(FAS_URL, 'admin', 'admin', False)
except AuthError, e:
- print e
+ print >> sys.stderr, e
sys.exit(1)
fas.mk_tempdir()
fas.make_group_db()
From 75105add68a14627750a98ade5d65a9117125a50 Mon Sep 17 00:00:00 2001
From: Michael McGrath
Date: Mon, 3 Mar 2008 14:34:29 -0600
Subject: [PATCH 3/3] use already existing methods for enabling db and
pam_security
---
fas/client/fas.conf | 5 ++
fas/client/fasClient.py | 101 ++++++++++++++++++++++------------------
2 files changed, 61 insertions(+), 45 deletions(-)
diff --git a/fas/client/fas.conf b/fas/client/fas.conf
index 160dcc8..2b075b4 100644
--- a/fas/client/fas.conf
+++ b/fas/client/fas.conf
@@ -1,6 +1,11 @@
[global]
url = http://localhost:8088/fas/
temp = /var/db
+login = admin
+password = admin
+
+[host]
+groups = accounts,fedorabugs
[users]
# default user info
diff --git a/fas/client/fasClient.py b/fas/client/fasClient.py
index d8fa719..04832b4 100755
--- a/fas/client/fasClient.py
+++ b/fas/client/fasClient.py
@@ -95,12 +95,15 @@ FAS_URL = config.get('global', 'url')
class MakeShellAccounts(BaseClient):
temp = None
+ groups = None
+ People = None
def mk_tempdir(self):
self.temp = tempfile.mkdtemp('-tmp', 'fas-', config.get('global', 'temp'))
def rm_tempdir(self):
rmtree(self.temp)
+
def shadow_text(self, people=None):
i = 0
@@ -121,18 +124,20 @@ class MakeShellAccounts(BaseClient):
def passwd_text(self, people=None):
i = 0
file = open(self.temp + '/passwd.txt', 'w')
- if not people:
+ if not self.people:
people = self.people_list()
- for person in people:
- uid = person['id']
- username = person['username']
- human_name = person['human_name']
- home_dir = "%s/%s" % (config.get('users', 'home'), username)
- shell = config.get('users', 'shell')
- file.write("=%s %s:x:%i:%i:%s:%s:%s\n" % (uid, username, uid, uid, human_name, home_dir, shell))
- file.write("0%i %s:x:%i:%i:%s:%s:%s\n" % (i, username, uid, uid, human_name, home_dir, shell))
- file.write(".%s %s:x:%i:%i:%s:%s:%s\n" % (username, username, uid, uid, human_name, home_dir, shell))
- i = i + 1
+ local_groups = config.get('host', 'groups')
+ for group in local_groups.split(','):
+ for person in people:
+ uid = person['id']
+ username = person['username']
+ human_name = person['human_name']
+ home_dir = "%s/%s" % (config.get('users', 'home'), username)
+ shell = config.get('users', 'shell')
+ file.write("=%s %s:x:%i:%i:%s:%s:%s\n" % (uid, username, uid, uid, human_name, home_dir, shell))
+ file.write("0%i %s:x:%i:%i:%s:%s:%s\n" % (i, username, uid, uid, human_name, home_dir, shell))
+ file.write(".%s %s:x:%i:%i:%s:%s:%s\n" % (username, username, uid, uid, human_name, home_dir, shell))
+ i = i + 1
file.close()
def groups_text(self, groups=None, people=None):
@@ -176,18 +181,18 @@ class MakeShellAccounts(BaseClient):
def group_list(self, search='*'):
params = {'search' : search}
- data = self.send_request('group/list', auth=True, input=params)
- return data
-
+ self.groups = self.send_request('group/list', auth=True, input=params)
+ return self.groups
+
def people_list(self, search='*'):
params = {'search' : search}
- data = self.send_request('user/list', auth=True, input=params)
- return data['people']
+ self.people = self.send_request('user/list', auth=True, input=params)['people']
+ return self.people
def make_group_db(self):
self.groups_text()
os.system('makedb -o %s/group.db %s/group.txt' % (self.temp, self.temp))
-
+
def make_passwd_db(self):
self.passwd_text()
os.system('makedb -o %s/passwd.db %s/passwd.txt' % (self.temp, self.temp))
@@ -216,44 +221,54 @@ class MakeShellAccounts(BaseClient):
print "ERROR: Could not write group db - %s" % e
def enable():
- old = open('/etc/nsswitch.conf', 'r')
- new = open('/tmp/.fas.nsswitch.conf', 'w')
+ temp = tempfile.mkdtemp('-tmp', 'fas-', config.get('global', 'temp'))
+
+ old = open('/etc/sysconfig/authconfig', 'r')
+ new = open(temp + '/authconfig', 'w')
for line in old:
- if line.startswith('passwd') or line.startswith('shadow') or line.startswith('group'):
- parts = line.split()
- if 'db' in parts:
- print "%s already has db enabled" % parts[0].split(':')[0]
- else:
- line = line.strip('\n')
- line += ' db\n'
- new.write(line)
+ if line.startswith("USEDB"):
+ new.write("USEDB=yes\n")
+ else:
+ new.write(line)
new.close()
+ old.close()
try:
- move('/tmp/.fas.nsswitch.conf', '/etc/nsswitch.conf')
+ move(temp + '/authconfig', '/etc/sysconfig/authconfig')
except IOError, e:
- print "ERROR: Could not write nsswitch.conf - %s" % e
+ print "ERROR: Could not write /etc/sysconfig/authconfig - %s" % e
+ sys.exit(5)
+ os.system('/usr/sbin/authconfig --enablepamaccess --updateall')
+ rmtree(temp)
def disable():
- old = open('/etc/nsswitch.conf', 'r')
- new = open('/tmp/.fas.nsswitch.conf', 'w')
+ temp = tempfile.mkdtemp('-tmp', 'fas-', config.get('global', 'temp'))
+ old = open('/etc/sysconfig/authconfig', 'r')
+ new = open(temp + '/authconfig', 'w')
for line in old:
- if line.startswith('passwd') or line.startswith('shadow') or line.startswith('group'):
- parts = line.split()
- if 'db' in parts:
- line = line.replace(' db', '')
- else:
- print "%s already has db disabled" % parts[0].split(':')[0]
- new.write(line)
+ if line.startswith("USEDB"):
+ new.write("USEDB=no\n")
+ else:
+ new.write(line)
+ old.close()
new.close()
try:
- move('/tmp/.fas.nsswitch.conf', '/etc/nsswitch.conf')
+ move(temp + '/authconfig', '/etc/sysconfig/authconfig')
except IOError, e:
- print "ERROR: Could not write nsswitch.conf - %s" % e
+ print "ERROR: Could not write /etc/sysconfig/authconfig - %s" % e
+ sys.exit(5)
+ os.system('/usr/sbin/authconfig --disablepamaccess --updateall')
+ rmtree(temp)
+
if __name__ == '__main__':
+ if opts.enable:
+ enable()
+ if opts.disable:
+ disable()
+
if opts.install:
try:
- fas = MakeShellAccounts(FAS_URL, 'admin', 'admin', False)
+ fas = MakeShellAccounts(FAS_URL, config.get('global', 'login'), config.get('global', 'password'), False)
except AuthError, e:
print >> sys.stderr, e
sys.exit(1)
@@ -268,9 +283,5 @@ if __name__ == '__main__':
if not opts.no_shadow:
fas.install_shadow_db()
fas.rm_tempdir()
- if opts.enable:
- enable()
- if opts.disable:
- disable()
if not (opts.install or opts.enable or opts.disable):
parser.print_help()