Merge branch 'master' of ssh://git.fedorahosted.org/git/fedora-infrastructure

2008-03-11 16:29:22 -07:00 · 2008-03-11 16:29:22 -07:00 · e2a0bf4fa2
commit e2a0bf4fa2
parent 3bed8914ca 674628e480
7 changed files with 84 additions and 72 deletions
--- a/fas/client/fas.conf
+++ b/fas/client/fas.conf
@ -11,6 +11,9 @@ login = admin
 ; password - password for login name
 password = admin

+; prefix - Install db files, etc, to a prefix (like a chroot for example)
+prefix = /
+
 [host]
 ; Group hierarchy is 1) groups, 2) restricted_groups 3) ssh_restricted_groups
 ; so if someone is in all 3, the client behaves the same as if they were just
--- a/fas/client/fasClient
+++ b/fas/client/fasClient
@ -78,6 +78,11 @@ parser.add_option('-s', '--server',
                     default = None,
                     metavar = 'FAS_URL',
                     help = _('Specify URL of fas server.'))
+parser.add_option('-p', '--prefix',
+                     dest = 'prefix',
+                     default = None,
+                     metavar = 'prefix',
+                     help = _('Specify install prefix.  Useful for testing'))
 parser.add_option('-e', '--enable',
                     dest = 'enable',
                     default = False,
@ -114,6 +119,10 @@ except ConfigParser.MissingSectionHeaderError, e:
        sys.exit(6)

 FAS_URL = config.get('global', 'url').strip('"')
+if opts.prefix:
+    prefix = opts.prefix
+else:
+    prefix = config.get('global', 'prefix').strip('"')

 def _chown(arg, dir_name, files):
    os.chown(dir_name, arg[0], arg[1])
@ -131,7 +140,7 @@ class MakeShellAccounts(BaseClient):
    usernames = {}

    def mk_tempdir(self):
-        self.temp = tempfile.mkdtemp('-tmp', 'fas-', config.get('global', 'temp').strip('"'))
+        self.temp = tempfile.mkdtemp('-tmp', 'fas-', os.path.join(prefix + config.get('global', 'temp').strip('"')))

    def rm_tempdir(self):
        rmtree(self.temp)
@ -235,7 +244,7 @@ class MakeShellAccounts(BaseClient):
        return '/sbin/nologin'

    def install_aliases_txt(self):
-        move(self.temp + '/aliases', '/etc/aliases')
+        move(self.temp + '/aliases', prefix + '/etc/aliases')

    def passwd_text(self, people=None):
        i = 0
@ -381,25 +390,25 @@ class MakeShellAccounts(BaseClient):

    def install_passwd_db(self):
        try:
-            move(self.temp + '/passwd.db', '/var/db/passwd.db')
+            move(self.temp + '/passwd.db', os.path.join(prefix + '/var/db/passwd.db'))
        except IOError, e:
            print "ERROR: Could not write passwd db - %s" % e
    
    def install_shadow_db(self):
        try:
-            move(self.temp + '/shadow.db', '/var/db/shadow.db')
+            move(self.temp + '/shadow.db', os.path.join(prefix + '/var/db/shadow.db'))
        except IOError, e:
            print "ERROR: Could not write shadow db - %s" % e
    
    def install_group_db(self):
        try:
-            move(self.temp + '/group.db', '/var/db/group.db')
+            move(self.temp + '/group.db', os.path.join(prefix + '/var/db/group.db'))
        except IOError, e:
            print "ERROR: Could not write group db - %s" % e
    
    def create_homedirs(self):
        ''' Create homedirs and home base dir if they do not exist '''
-        home_base = config.get('users', 'home').strip('"')
+        home_base = os.path.join(prefix + config.get('users', 'home').strip('"'))
        if not os.path.exists(home_base):
            os.makedirs(home_base, mode=0755)
        for person in self.people:
@ -411,7 +420,7 @@ class MakeShellAccounts(BaseClient):

    def remove_stale_homedirs(self):
        ''' Remove homedirs of users that no longer have access '''
-        home_base = config.get('users', 'home').strip('"')
+        home_base = os.path.join(prefix + config.get('users', 'home').strip('"'))
        try:
            home_backup_dir = config.get('users', 'home_backup_dir').strip('"')
        except ConfigParser.NoOptionError:
@ -423,7 +432,7 @@ class MakeShellAccounts(BaseClient):
                    os.makedirs(home_backup_dir)
                syslog.syslog('Backed up %s to %s' % (user, home_backup_dir))
                target = '%s-%s' % (user, time.mktime(datetime.datetime.now().timetuple()))
-                move(os.path.join(home_base, user), os.path.join(home_backup_dir, target))
+                move(os.path.join(home_base, user), os.path.join(prefix + home_backup_dir, target))

    def create_ssh_keys(self):
        ''' Create ssh keys '''
--- a/fas/fas.cfg
+++ b/fas/fas.cfg
@ -53,7 +53,7 @@ mail.encoding = 'utf-8'
 # If you have sqlite, here's a simple default to get you started
 # in development
 sqlalchemy.dburi="postgres://fedora:test@localhost/fas2"
-sqlalchemy.echo=True
+#sqlalchemy.echo=True

 # if you are using a database or table type without transactions
 # (MySQL default, for example), you should turn off transactions
--- a/fas/fas/templates/home.html
+++ b/fas/fas/templates/home.html
@ -10,26 +10,24 @@
    <?python from fas import auth ?>
      <h2>Todo queue:</h2>
      <py:for each="group in sorted(person.memberships)">
-          <dl>
-              <py:if test="auth.canSponsorGroup(person, group) and group.unapproved_roles">
-                 <dd>
-                   <ul class="queue">
-                     <li py:for="role in group.unapproved_roles[:5]">
-                       ${Markup(_('&lt;strong&gt;%(user)s&lt;/strong&gt; requests approval to join &lt;a href="group/view/%(group)s"&gt;%(group)s&lt;/a&gt;.') % {'user': role.member.username, 'group': group.name, 'group': group.name})}
-                     </li>
-                   </ul>
-                 </dd>
-               </py:if>
-          </dl>
+      <py:if test="auth.canSponsorGroup(person, group) and group.unapproved_roles">
+      <dd>
+      <ul class="queue">
+        <li py:for="role in group.unapproved_roles[:5]">
+        ${Markup(_('&lt;strong&gt;%(user)s&lt;/strong&gt; requests approval to join &lt;a href="group/view/%(group)s"&gt;%(group)s&lt;/a&gt;.') % {'user': role.member.username, 'group': group.name, 'group': group.name})}
+        </li>
+      </ul>
+      </dd>
+      </py:if>
      </py:for>
      <ul class="queue">
-        <span py:if="cla == 'clicked'" class="approved">${_('Click-through CLA')} (<a href="${tg.url('/cla/')}">${_('GPG Sign it!')}</a>)</span>
-        <span py:if="not cla" class="unapproved">${_('Not Done')} (<a href="${tg.url('/cla/')}">${_('Sign it!')}</a>)</span>
-
-        <li py:if="cla == None">
-          ${_('CLA Not Signed.  To become a full Fedora Contributor please ')}<a href="${tg.url('/cla/')}">${_('sign the CLA')}</a>.
-        </li>
-        <li py:if="not person.ssh_key">You have not submitted an SSH key, some Fedora resources require an ssh key.  Please submit yours by editing <a href="${tg.url('/user/edit')}">My Account</a></li>
+        <li py:if="cla == 'clicked'" class="approved">${_('Click-through CLA')} (<a href="${tg.url('/cla/')}">${_('GPG Sign it!')}</a>)</li>
+        <li py:if="not cla" class="unapproved">${_('CLA Not Signed.  To become a full Fedora Contributor please ')}<a href="${tg.url('/cla/')}">${_('Sign the CLA')}</a>.</li>
+        <li py:if="not person.ssh_key">You have not submitted an SSH key, some Fedora resources require an SSH key.  Please submit yours by editing <a href="${tg.url('/user/edit')}">My Account</a></li>
      </ul>
+      <div>
+        <!-- TODO: Make this entire page more friendly -->
+        <a href="${tg.url('/user/gencert')}">Download a client-side certificate</a>
+      </div>
  </body>
 </html>
--- a/fas/fas/templates/master.html
+++ b/fas/fas/templates/master.html
@ -62,7 +62,7 @@
              <li><a href="${tg.url('/group/new')}">${_('New Group')}</a></li>
              <li><a href="${tg.url('/user/list')}">${_('User List')}</a></li>
            </div>
-            <li py:if="not tg.identity.anonymous"><a href="${tg.url('/group/list')}">${_('Group List')}</a></li>
+            <li py:if="not tg.identity.anonymous"><a href="${tg.url('/group/list/A*')}">${_('Group List')}</a></li>
            <li py:if="not tg.identity.anonymous"><a href="${tg.url('/group/list/A*')}">${_('Apply For a new Group')}</a></li>
            <li><a href="http://fedoraproject.org/wiki/FWN/LatestIssue">${_('News')}</a></li>
          </ul>
--- a/fas/fas/templates/user/view.html
+++ b/fas/fas/templates/user/view.html
@ -7,7 +7,11 @@
    <title>${_('View Account')}</title>
  </head>
  <body>
-    <?python from fas import auth ?>
+    <?python
+    from fas import auth
+    from fas.model import People
+    viewer = People.by_username(tg.identity.user.username)
+    ?>
    <h2 class="account" py:if="personal">${_('Your Fedora Account')}</h2>
    <h2 class="account" py:if="not personal">${_('%s\'s Fedora Account') % person.human_name}</h2>
    <h3>${_('Account Details')} <a href="${tg.url('/user/edit/%s' % person.username)}" py:if="personal or admin">${_('(edit)')}</a></h3>
@ -22,8 +26,8 @@
        <py:if test="personal"><dt>${_('Telephone Number:')}</dt><dd>${person.telephone}&nbsp;</dd></py:if>
        <py:if test="personal"><dt>${_('Postal Address:')}</dt><dd>${person.postal_address}&nbsp;</dd></py:if>
        <py:if test="personal"><dt>${_('Public SSH Key:')}</dt>
-            <dd py:if="person.ssh_key" title="${person.ssh_key}">${person.ssh_key[:20]}....&nbsp;</dd>
-            <dd py:if="not person.ssh_key">No ssh key provided&nbsp;</dd>
+        <dd py:if="person.ssh_key" title="${person.ssh_key}">${person.ssh_key[:20]}....&nbsp;</dd>
+        <dd py:if="not person.ssh_key">No ssh key provided&nbsp;</dd>
        </py:if>
        <dt>${_('Comments:')}</dt><dd>${person.comments}&nbsp;</dd>
        <py:if test="personal"><dt>${_('Password:')}</dt><dd><span class="approved">${_('Valid')}</span> <a href="${tg.url('/user/changepass')}">(change)</a></dd></py:if>
@ -42,20 +46,20 @@
    </div>
    <h3 py:if="personal">${_('Your Roles')}</h3>
    <h3 py:if="not personal">${_('%s\'s Roles') % person.human_name}</h3>
-<!--mpm    <ul class="roleslist">
+    <!--mpm    <ul class="roleslist">
      <li py:for="group in sorted(groups.keys())"><span class="team approved">${groupdata[group].fedoraGroupDesc} (${group})</span></li>
      <li py:for="group in sorted(groupsPending.keys())"><span class="team unapproved">${groupdata[group].fedoraGroupDesc} (${group})</span></li>
    </ul>
-->
+    -->
    <!--
    <ul class="actions" py:if="personal">
      <li><a href="${tg.url('/group/list/A*')}">${_('(Join another project)')}</a></li>
      <li><a href="/">${_('(Create a new project)')}</a></li>
    </ul>
    -->
-    <ul id="rolespanel" py:if="personal">
+    <ul id="rolespanel">
      <py:for each="group in sorted(person.memberships)">
-      <li py:if="auth.canViewGroup(person, group)" class="role">
+      <li py:if="auth.canViewGroup(viewer, group)" class="role">
      <h4>${group.display_name}</h4> (${group.group_type})
      <dl>
        <dt>${_('Status:')}</dt>
@ -63,6 +67,7 @@
        <span class="approved" py:if="group in person.approved_memberships">${_('Approved')}</span>
        <span class="unapproved" py:if="group in person.unapproved_memberships">${_('None')}</span>
        </dd>
+        <py:if test="personal">
        <dt>${_('Tools:')}</dt>
        <dd>
        <ul class="tools">
@ -73,14 +78,15 @@
        </ul>
        </dd>
        <py:if test="auth.canSponsorGroup(person, group) and group.unapproved_roles">
-          <dt>${_('Queue:')}</dt>
-          <dd>
-          <ul class="queue">
-            <li py:for="role in group.unapproved_roles[:5]">
-            ${Markup(_('&lt;strong&gt;%(user)s&lt;/strong&gt; requests approval to join &lt;strong&gt;%(group)s&lt;/strong&gt;.') % {'user': role.member.username, 'group': group.name})}
-            </li>
-          </ul>
-          </dd>
+        <dt>${_('Queue:')}</dt>
+        <dd>
+        <ul class="queue">
+          <li py:for="role in group.unapproved_roles[:5]">
+          ${Markup(_('&lt;strong&gt;%(user)s&lt;/strong&gt; requests approval to join &lt;strong&gt;%(group)s&lt;/strong&gt;.') % {'user': role.member.username, 'group': group.name})}
+          </li>
+        </ul>
+        </dd>
+        </py:if>
        </py:if>
      </dl>
      </li>
--- a/fas/fas/user.py
+++ b/fas/fas/user.py
@ -280,14 +280,12 @@ class User(controllers.Controller):
            turbogears.redirect("/user/view/%s" % target.username)
        return dict(target=target)

-    # TODO: Decide who is allowed to see this.
-    #@identity.require(turbogears.identity.in_group("accounts")) #TODO: Use auth.py
+    # TODO: This took about 55 seconds for me to load - might want to limit it to the right accounts (systems user, accounts group)
    @identity.require(turbogears.identity.not_anonymous())
    @expose(template="fas.templates.user.list", allow_json=True)
    def list(self, search="a*"):
        '''List users
        '''
-        
        re_search = re.sub(r'\*', r'%', search).lower()
        if self.jsonRequest():
            people = []
@ -516,36 +514,34 @@ Please go to https://admin.fedoraproject.org/fas/ to change it.
      username = turbogears.identity.current.user_name
      person = People.by_username(username)

-      person.certificate_serial = person.certificate_serial + 1
+      if signedCLAPrivs(person):
+          person.certificate_serial = person.certificate_serial + 1

-      pkey = openssl_fas.createKeyPair(openssl_fas.TYPE_RSA, 1024);
+          pkey = openssl_fas.createKeyPair(openssl_fas.TYPE_RSA, 1024);

-      digest = config.get('openssl_digest')
-      expire = config.get('openssl_expire')
-      cafile = config.get('openssl_ca_file')
+          digest = config.get('openssl_digest')
+          expire = config.get('openssl_expire')
+          cafile = config.get('openssl_ca_file')

-      cakey = openssl_fas.retrieve_key_from_file(cafile)
-      cacert = openssl_fas.retrieve_cert_from_file(cafile)
+          cakey = openssl_fas.retrieve_key_from_file(cafile)
+          cacert = openssl_fas.retrieve_cert_from_file(cafile)

-      req = openssl_fas.createCertRequest(pkey, digest=digest,
-          C=config.get('openssl_c'),
-          ST=config.get('openssl_st'),
-          L=config.get('openssl_l'),
-          O=config.get('openssl_o'),
-          OU=config.get('openssl_ou'),
-          CN=person.username,
-          emailAddress=person.emails['primary'],
-          )
+          req = openssl_fas.createCertRequest(pkey, digest=digest,
+              C=config.get('openssl_c'),
+              ST=config.get('openssl_st'),
+              L=config.get('openssl_l'),
+              O=config.get('openssl_o'),
+              OU=config.get('openssl_ou'),
+              CN=person.username,
+              emailAddress=person.emails['primary'],
+              )

-      cert = openssl_fas.createCertificate(req, (cacert, cakey), person.certificate_serial, (0, expire), digest='md5')
-      certdump = crypto.dump_certificate(crypto.FILETYPE_PEM, cert)
-      keydump = crypto.dump_privatekey(crypto.FILETYPE_PEM, pkey)
-      return dict(cert=certdump, key=keydump)
+          cert = openssl_fas.createCertificate(req, (cacert, cakey), person.certificate_serial, (0, expire), digest='md5')
+          certdump = crypto.dump_certificate(crypto.FILETYPE_PEM, cert)
+          keydump = crypto.dump_privatekey(crypto.FILETYPE_PEM, pkey)
+          return dict(cert=certdump, key=keydump)
+      else:
+          turbogears.flash(_('Before generating a certificate, you must first sign the CLA.'))
+          turbogears.redirect('/cla/')

-    # Not sure where to take this yet.
-    @identity.require(turbogears.identity.not_anonymous())
-    @expose(format="json")
-    def search(self, username=None, groupname=None):
-        people = People.query.filter(People.username.like('%%%s%%' % username))
-        return dict(people=people)