From 814da1fbc7d4085fc2b13eae26047bde5070203e Mon Sep 17 00:00:00 2001 From: Michael McGrath Date: Mon, 3 Mar 2008 10:45:00 -0600 Subject: [PATCH 1/3] Require less info initially (lower barrier, less scary). Notify users when signing the CLA that we need more information --- fas/fas/cla.py | 7 ++++++- fas/fas/templates/cla/index.html | 11 +++++++---- fas/fas/templates/user/new.html | 3 +-- fas/fas/user.py | 2 +- 4 files changed, 15 insertions(+), 8 deletions(-) diff --git a/fas/fas/cla.py b/fas/fas/cla.py index 3f1a6bd..3b83756 100644 --- a/fas/fas/cla.py +++ b/fas/fas/cla.py @@ -46,6 +46,11 @@ class CLA(controllers.Controller): '''View CLA''' username = turbogears.identity.current.user_name person = People.by_username(username) + if not person.telephone or \ + not person.postal_address or \ + not person.gpg_keyid: + turbogears.flash(_('To sign the CLA we must have your telephone number, postal address and gpg key id. Please ensure they have been filled out')) + turbogears.redirect('/user/edit/%s' % username) if type == 'click': if signedCLAPrivs(person): @@ -82,7 +87,7 @@ class CLA(controllers.Controller): '''Sign CLA''' username = turbogears.identity.current.user_name person = People.by_username(username) - + if signedCLAPrivs(person): turbogears.flash(_('You have already signed the CLA.')) turbogears.redirect('/cla/') diff --git a/fas/fas/templates/cla/index.html b/fas/fas/templates/cla/index.html index b63e85e..31fd226 100644 --- a/fas/fas/templates/cla/index.html +++ b/fas/fas/templates/cla/index.html @@ -11,10 +11,13 @@

${Markup(_('There are two ways to sign the CLA. Most users will want to do a signed CLA as it will promote them to a full contributor in Fedora. The click-through CLA only grants partial access but may be preferred for those with special legal considerations. See: <a href="http://fedoraproject.org/wiki/Legal/CLAAcceptanceHierarchies">CLA Acceptance Hierarchies</a> for more information.'))}

- +
+

+

+

${Markup(_('You have already sucessfully signed the <a href="%s">CLA</a>.') % tg.url('/cla/view'))}

diff --git a/fas/fas/templates/user/new.html b/fas/fas/templates/user/new.html index 8d07f5a..786cd5b 100644 --- a/fas/fas/templates/user/new.html +++ b/fas/fas/templates/user/new.html @@ -26,7 +26,6 @@ - -->
@@ -34,7 +33,7 @@
-
+
-->
diff --git a/fas/fas/user.py b/fas/fas/user.py index fe023ee..be3712c 100644 --- a/fas/fas/user.py +++ b/fas/fas/user.py @@ -255,7 +255,7 @@ class User(controllers.Controller): @validate(validators=UserCreate()) @error_handler(error) @expose(template='fas.templates.new') - def create(self, username, human_name, email, telephone, postal_address): + def create(self, username, human_name, email, telephone=None, postal_address=None): # TODO: Ensure that e-mails are unique? # Also, perhaps implement a timeout- delete account # if the e-mail is not verified (i.e. the person changes From 58e23d41e1ec6eb449579c6cf5e2fee81880ed30 Mon Sep 17 00:00:00 2001 From: Michael McGrath Date: Mon, 3 Mar 2008 12:40:06 -0600 Subject: [PATCH 2/3] Added initial client config file --- fas/client/fas.conf | 8 ++++++++ fas/client/fasClient.py | 37 ++++++++++++++++++++++++++++--------- 2 files changed, 36 insertions(+), 9 deletions(-) create mode 100644 fas/client/fas.conf diff --git a/fas/client/fas.conf b/fas/client/fas.conf new file mode 100644 index 0000000..160dcc8 --- /dev/null +++ b/fas/client/fas.conf @@ -0,0 +1,8 @@ +[global] +url = http://localhost:8088/fas/ +temp = /var/db + +[users] +# default user info +shell = /bin/bash +home = /home/fedora diff --git a/fas/client/fasClient.py b/fas/client/fasClient.py index bc1f33a..d8fa719 100755 --- a/fas/client/fasClient.py +++ b/fas/client/fasClient.py @@ -30,8 +30,7 @@ from optparse import OptionParser from shutil import move, rmtree from rhpl.translate import _ -FAS_URL = 'http://localhost:8088/fas/' - +import ConfigParser parser = OptionParser() @@ -40,6 +39,11 @@ parser.add_option('-i', '--install', default = False, action = 'store_true', help = _('Download and sync most recent content')) +parser.add_option('-c', '--config', + dest = 'CONFIG_FILE', + default = '/etc/fas.conf', + metavar = 'CONFIG_FILE', + help = _('Specify config file (default "%default")')) parser.add_option('--nogroup', dest = 'no_group', default = False, @@ -57,9 +61,9 @@ parser.add_option('--noshadow', help = _('Do not sync shadow information')) parser.add_option('-s', '--server', dest = 'FAS_URL', - default = FAS_URL, + default = None, metavar = 'FAS_URL', - help = _('Specify URL of fas server (default "%default")')) + help = _('Specify URL of fas server.')) parser.add_option('-e', '--enable', dest = 'enable', default = False, @@ -71,14 +75,29 @@ parser.add_option('-d', '--disable', action = 'store_true', help = _('Disable FAS synced shell accounts')) - (opts, args) = parser.parse_args() +try: + config = ConfigParser.ConfigParser() + if os.path.exists(opts.CONFIG_FILE): + config.read(opts.CONFIG_FILE) + elif os.path.exists('fas.conf'): + config.read('fas.conf') + print >> sys.stderr, "Could not open %s, defaulting to ./fas.conf" % opts.CONFIG_FILE + else: + print >> sys.stderr, "Could not open %s." % opts.CONFIG_FILE + sys.exit(5) +except ConfigParser.MissingSectionHeaderError, e: + print >> sys.stderr, "Config file does not have proper formatting - %s" % e + sys.exit(6) + +FAS_URL = config.get('global', 'url') + class MakeShellAccounts(BaseClient): temp = None def mk_tempdir(self): - self.temp = tempfile.mkdtemp('-tmp', 'fas-', '/var/db') + self.temp = tempfile.mkdtemp('-tmp', 'fas-', config.get('global', 'temp')) def rm_tempdir(self): rmtree(self.temp) @@ -108,8 +127,8 @@ class MakeShellAccounts(BaseClient): uid = person['id'] username = person['username'] human_name = person['human_name'] - home_dir = "/home/fedora/%s" % username - shell = "/bin/bash" + home_dir = "%s/%s" % (config.get('users', 'home'), username) + shell = config.get('users', 'shell') file.write("=%s %s:x:%i:%i:%s:%s:%s\n" % (uid, username, uid, uid, human_name, home_dir, shell)) file.write("0%i %s:x:%i:%i:%s:%s:%s\n" % (i, username, uid, uid, human_name, home_dir, shell)) file.write(".%s %s:x:%i:%i:%s:%s:%s\n" % (username, username, uid, uid, human_name, home_dir, shell)) @@ -236,7 +255,7 @@ if __name__ == '__main__': try: fas = MakeShellAccounts(FAS_URL, 'admin', 'admin', False) except AuthError, e: - print e + print >> sys.stderr, e sys.exit(1) fas.mk_tempdir() fas.make_group_db() From 75105add68a14627750a98ade5d65a9117125a50 Mon Sep 17 00:00:00 2001 From: Michael McGrath Date: Mon, 3 Mar 2008 14:34:29 -0600 Subject: [PATCH 3/3] use already existing methods for enabling db and pam_security --- fas/client/fas.conf | 5 ++ fas/client/fasClient.py | 101 ++++++++++++++++++++++------------------ 2 files changed, 61 insertions(+), 45 deletions(-) diff --git a/fas/client/fas.conf b/fas/client/fas.conf index 160dcc8..2b075b4 100644 --- a/fas/client/fas.conf +++ b/fas/client/fas.conf @@ -1,6 +1,11 @@ [global] url = http://localhost:8088/fas/ temp = /var/db +login = admin +password = admin + +[host] +groups = accounts,fedorabugs [users] # default user info diff --git a/fas/client/fasClient.py b/fas/client/fasClient.py index d8fa719..04832b4 100755 --- a/fas/client/fasClient.py +++ b/fas/client/fasClient.py @@ -95,12 +95,15 @@ FAS_URL = config.get('global', 'url') class MakeShellAccounts(BaseClient): temp = None + groups = None + People = None def mk_tempdir(self): self.temp = tempfile.mkdtemp('-tmp', 'fas-', config.get('global', 'temp')) def rm_tempdir(self): rmtree(self.temp) + def shadow_text(self, people=None): i = 0 @@ -121,18 +124,20 @@ class MakeShellAccounts(BaseClient): def passwd_text(self, people=None): i = 0 file = open(self.temp + '/passwd.txt', 'w') - if not people: + if not self.people: people = self.people_list() - for person in people: - uid = person['id'] - username = person['username'] - human_name = person['human_name'] - home_dir = "%s/%s" % (config.get('users', 'home'), username) - shell = config.get('users', 'shell') - file.write("=%s %s:x:%i:%i:%s:%s:%s\n" % (uid, username, uid, uid, human_name, home_dir, shell)) - file.write("0%i %s:x:%i:%i:%s:%s:%s\n" % (i, username, uid, uid, human_name, home_dir, shell)) - file.write(".%s %s:x:%i:%i:%s:%s:%s\n" % (username, username, uid, uid, human_name, home_dir, shell)) - i = i + 1 + local_groups = config.get('host', 'groups') + for group in local_groups.split(','): + for person in people: + uid = person['id'] + username = person['username'] + human_name = person['human_name'] + home_dir = "%s/%s" % (config.get('users', 'home'), username) + shell = config.get('users', 'shell') + file.write("=%s %s:x:%i:%i:%s:%s:%s\n" % (uid, username, uid, uid, human_name, home_dir, shell)) + file.write("0%i %s:x:%i:%i:%s:%s:%s\n" % (i, username, uid, uid, human_name, home_dir, shell)) + file.write(".%s %s:x:%i:%i:%s:%s:%s\n" % (username, username, uid, uid, human_name, home_dir, shell)) + i = i + 1 file.close() def groups_text(self, groups=None, people=None): @@ -176,18 +181,18 @@ class MakeShellAccounts(BaseClient): def group_list(self, search='*'): params = {'search' : search} - data = self.send_request('group/list', auth=True, input=params) - return data - + self.groups = self.send_request('group/list', auth=True, input=params) + return self.groups + def people_list(self, search='*'): params = {'search' : search} - data = self.send_request('user/list', auth=True, input=params) - return data['people'] + self.people = self.send_request('user/list', auth=True, input=params)['people'] + return self.people def make_group_db(self): self.groups_text() os.system('makedb -o %s/group.db %s/group.txt' % (self.temp, self.temp)) - + def make_passwd_db(self): self.passwd_text() os.system('makedb -o %s/passwd.db %s/passwd.txt' % (self.temp, self.temp)) @@ -216,44 +221,54 @@ class MakeShellAccounts(BaseClient): print "ERROR: Could not write group db - %s" % e def enable(): - old = open('/etc/nsswitch.conf', 'r') - new = open('/tmp/.fas.nsswitch.conf', 'w') + temp = tempfile.mkdtemp('-tmp', 'fas-', config.get('global', 'temp')) + + old = open('/etc/sysconfig/authconfig', 'r') + new = open(temp + '/authconfig', 'w') for line in old: - if line.startswith('passwd') or line.startswith('shadow') or line.startswith('group'): - parts = line.split() - if 'db' in parts: - print "%s already has db enabled" % parts[0].split(':')[0] - else: - line = line.strip('\n') - line += ' db\n' - new.write(line) + if line.startswith("USEDB"): + new.write("USEDB=yes\n") + else: + new.write(line) new.close() + old.close() try: - move('/tmp/.fas.nsswitch.conf', '/etc/nsswitch.conf') + move(temp + '/authconfig', '/etc/sysconfig/authconfig') except IOError, e: - print "ERROR: Could not write nsswitch.conf - %s" % e + print "ERROR: Could not write /etc/sysconfig/authconfig - %s" % e + sys.exit(5) + os.system('/usr/sbin/authconfig --enablepamaccess --updateall') + rmtree(temp) def disable(): - old = open('/etc/nsswitch.conf', 'r') - new = open('/tmp/.fas.nsswitch.conf', 'w') + temp = tempfile.mkdtemp('-tmp', 'fas-', config.get('global', 'temp')) + old = open('/etc/sysconfig/authconfig', 'r') + new = open(temp + '/authconfig', 'w') for line in old: - if line.startswith('passwd') or line.startswith('shadow') or line.startswith('group'): - parts = line.split() - if 'db' in parts: - line = line.replace(' db', '') - else: - print "%s already has db disabled" % parts[0].split(':')[0] - new.write(line) + if line.startswith("USEDB"): + new.write("USEDB=no\n") + else: + new.write(line) + old.close() new.close() try: - move('/tmp/.fas.nsswitch.conf', '/etc/nsswitch.conf') + move(temp + '/authconfig', '/etc/sysconfig/authconfig') except IOError, e: - print "ERROR: Could not write nsswitch.conf - %s" % e + print "ERROR: Could not write /etc/sysconfig/authconfig - %s" % e + sys.exit(5) + os.system('/usr/sbin/authconfig --disablepamaccess --updateall') + rmtree(temp) + if __name__ == '__main__': + if opts.enable: + enable() + if opts.disable: + disable() + if opts.install: try: - fas = MakeShellAccounts(FAS_URL, 'admin', 'admin', False) + fas = MakeShellAccounts(FAS_URL, config.get('global', 'login'), config.get('global', 'password'), False) except AuthError, e: print >> sys.stderr, e sys.exit(1) @@ -268,9 +283,5 @@ if __name__ == '__main__': if not opts.no_shadow: fas.install_shadow_db() fas.rm_tempdir() - if opts.enable: - enable() - if opts.disable: - disable() if not (opts.install or opts.enable or opts.disable): parser.print_help()