[Date Prev][Date Next]   [Thread Prev][Thread Next]   [Thread Index] [Date Index] [Author Index]

[Cluster-devel] conga/luci site/luci/var/Data.fs utils/luci_admin



CVSROOT:	/cvs/cluster
Module name:	conga
Branch: 	RHEL4
Changes by:	rmccabe sourceware org	2007-08-13 21:41:00

Modified files:
	luci/site/luci/var: Data.fs 
	luci/utils     : luci_admin 

Log message:
	- Update the luci zope database file.
	- Fixes for the luci_manage script for the RHEL5 CVS branch

Patches:
http://sourceware.org/cgi-bin/cvsweb.cgi/conga/luci/site/luci/var/Data.fs.diff?cvsroot=cluster&only_with_tag=RHEL4&r1=1.20.2.14&r2=1.20.2.15
http://sourceware.org/cgi-bin/cvsweb.cgi/conga/luci/utils/luci_admin.diff?cvsroot=cluster&only_with_tag=RHEL4&r1=1.52.2.2&r2=1.52.2.3

Binary files /cvs/cluster/conga/luci/site/luci/var/Data.fs	2007/08/10 02:00:49	1.20.2.14 and /cvs/cluster/conga/luci/site/luci/var/Data.fs	2007/08/13 21:40:47	1.20.2.15 differ
rcsdiff: /cvs/cluster/conga/luci/site/luci/var/Data.fs: diff failed
--- conga/luci/utils/luci_admin	2007/08/10 18:33:30	1.52.2.2
+++ conga/luci/utils/luci_admin	2007/08/13 21:40:59	1.52.2.3
@@ -2,13 +2,13 @@
 
 # Copyright (C) 2006-2007 Red Hat, Inc.
 
-import sys, os, stat, select, string, pwd
-from sys import stderr, argv
+import sys, os, pwd
+from select import select
+from stat import S_ISREG
 import types
 import xml
 import xml.dom
-from xml.dom import minidom
-	
+
 sys.path.extend((
 	'/usr/lib/luci/zope/lib/python',
 	'/usr/lib/luci/zope/lib/python/Products',
@@ -25,14 +25,14 @@
 ))
 
 from Products import __path__
-for i in ['/usr/lib/luci/zope/lib/python/Products',
+for pdir in ['/usr/lib/luci/zope/lib/python/Products',
 	  '/usr/lib64/luci/zope/lib/python/Products',
 	  '/usr/lib64/luci/zope/lib64/python/Products',
 	  '/usr/lib64/zope/lib/python/Products',
 	  '/usr/lib64/zope/lib64/python/Products',
 	  '/usr/lib/zope/lib/python/Products']:
-	if os.path.isdir(i):
-		__path__.append(i)
+	if os.path.isdir(pdir):
+		__path__.append(pdir)
 
 LUCI_INIT_DEBUG = 0
 
@@ -59,6 +59,12 @@
 SSL_HTTPS_PUBKEY_PATH  = LUCI_CERT_DIR + SSL_HTTPS_PUBKEY_NAME
 SSL_KEYCONFIG_PATH     = LUCI_CERT_DIR + SSL_KEYCONFIG_NAME
 
+# only root should run this
+if os.getuid() != 0:
+	sys.stderr.write('Only the \'root\' user can run %s\n' % sys.argv[0])
+	sys.stderr.write('Try again with root privileges.\n')
+	sys.exit(2)
+
 ssl_key_data = [
 	{ 'id'  : SSL_PRIVKEY_PATH,
 	  'name': SSL_PRIVKEY_NAME,
@@ -81,12 +87,14 @@
 	  'type': 'config',
 	  'mode': 0644 }
 ]
+
 for name in os.listdir(LUCI_PEERS_DIR):
-	path = LUCI_PEERS_DIR + name
-	if stat.S_ISREG(os.stat(path).st_mode):
-		ssl_key_data.append({'id'   : path, 
-				     'name' : path.lstrip(LUCI_CERT_DIR), 
-				     'type' : 'public', 
+	cert_path = LUCI_PEERS_DIR + name
+	if S_ISREG(os.stat(cert_path).st_mode):
+		ssl_key_data.append({
+				     'id'   : cert_path,
+				     'name' : cert_path.lstrip(LUCI_CERT_DIR),
+				     'type' : 'public',
 				     'mode' : 0644})
 
 #null = file(os.devnull, 'rwb+', 0)   - available on python 2.4 and above!!!
@@ -109,21 +117,42 @@
 			raise
 		return luci
 	except:
-		msg = 'Cannot find the \"' + LUCI_USER + '\" user.\n'
+		msg = 'Cannot find the "%s" user.\n' % LUCI_USER
 		sys.stderr.write(msg)
-		raise msg
-	
+		raise Exception, msg
+
 
 def set_default_passwd_reset_flag():
 	# set flag marking admin password has been set
-	uid, gid = get_luci_uid_gid()
-	open(LUCI_ADMIN_SET_PATH, 'w').write('True')
+
+	try:
+		uid, gid = get_luci_uid_gid()
+	except:
+		sys.stderr.write('Unable to find the luci user\'s UID\n')
+		return False
+
+	try:
+		open(LUCI_ADMIN_SET_PATH, 'w').write('True')
+	except IOError, e:
+		if e[0] != 2:
+			sys.stderr.write('Unable to open "%s" for writing: %s\n' \
+				% (LUCI_ADMIN_SET_PATH, e[1]))
+			return False
+	except Exception, e:
+		sys.stderr.write('Unable to open "%s" for writing: %s\n' \
+			% (LUCI_ADMIN_SET_PATH, str(e)))
+		return False
+
 	os.chown(LUCI_ADMIN_SET_PATH, uid, gid)
 	os.chmod(LUCI_ADMIN_SET_PATH, 0640)
 	return True
 
 def get_default_passwd_reset_flag():
-	return open(LUCI_ADMIN_SET_PATH, 'r').read(16).strip() == 'True'
+	try:
+		return open(LUCI_ADMIN_SET_PATH, 'r').read(16).strip() == 'True'
+	except:
+		return False
+	return False
 
 
 def read_passwd(prompt, confirm_prompt):
@@ -138,7 +167,7 @@
 			continue
 		s2 = getpass(confirm_prompt)
 		if s1 != s2:
-			print 'Passwords mismatch, try again'
+			print 'Password mismatch, try again'
 			continue
 		return s1
 
@@ -146,41 +175,37 @@
 
 def restore_luci_db_fsattr():
 	uid, gid = -1, -1
+
 	try:
 		uid, gid = get_luci_uid_gid()
 	except:
 		return -1
-	
+
 	try:
 		os.chown(LUCI_DB_PATH, uid, gid)
 		os.chmod(LUCI_DB_PATH, 0600)
-		for i in [ '.tmp', '.old', '.index', '.lock' ]:
+
+		for fext in [ '.tmp', '.old', '.index', '.lock' ]:
 			try:
-				os.chown(LUCI_DB_PATH + i, uid, gid)
-				os.chmod(LUCI_DB_PATH + i, 0600)
-			except: pass
-	except:
-		sys.stderr.write('Unable to change ownership of the Luci database back to user \"' + LUCI_USER + '\"\n')
+				os.chown('%s%s' % (LUCI_DB_PATH, fext), uid, gid)
+				os.chmod('%s%s' % (LUCI_DB_PATH, fext), 0600)
+			except:
+				pass
+	except Exception, e:
+		sys.stderr.write('Unable to change ownership of the Luci database back to user "%s": %s\n' % (LUCI_USER, str(e)))
 		return -1
 
 def set_zope_passwd(user, passwd):
 	sys.stderr = null
-	import ZODB
 	from ZODB.FileStorage import FileStorage
 	from ZODB.DB import DB
-	import OFS
 	from OFS.Application import AppInitializer
-	import OFS.Folder
 	import AccessControl
 	import AccessControl.User
 	from AccessControl.AuthEncoding import SSHADigestScheme
 	from AccessControl.SecurityManagement import newSecurityManager
 	import transaction
-	import Products.CMFCore
-	import Products.CMFCore.MemberDataTool
 	import App.ImageFile
-	import Products.PluggableAuthService.plugins.ZODBUserManager
-	import BTrees.OOBTree
 	# Zope wants to open a www/ok.gif and images/error.gif
 	# when you initialize the application object. This keeps
 	# the AppInitializer(app).initialize() call below from failing.
@@ -196,10 +221,10 @@
 			sys.stderr.write('It appears that Luci is running. Please stop Luci before attempting to reset passwords.\n')
 			return -1
 		else:
-			sys.stderr.write('Unable to open the Luci database \"' + dbfn + '\":' + str(e) + '\n')
+			sys.stderr.write('Unable to open the Luci database \"' + LUCI_DB_PATH + '\":' + str(e) + '\n')
 			return -1
 	except Exception, e:
-		sys.stderr.write('Unable to open the Luci database \"' + dbfn + '\":' + str(e) + '\n')
+		sys.stderr.write('Unable to open the Luci database \"' + LUCI_DB_PATH + '\":' + str(e) + '\n')
 		return -1
 
 	try:
@@ -238,10 +263,10 @@
 
 	if restore_luci_db_fsattr():
 		return -1
-	
+
 	if user == 'admin' and ret == 0:
 		set_default_passwd_reset_flag()
-	
+
 	return ret
 
 
@@ -254,6 +279,7 @@
 	if not certList or len(certList) < 1:
 		sys.stderr.write('Your backup file contains no certificate data. Please check that your backup file is not corrupt.\n')
 		return -1
+
 	uid, gid = -1, -1
 	try:
 		uid, gid = get_luci_uid_gid()
@@ -300,22 +326,14 @@
 
 def luci_restore(argv):
 	sys.stderr = null
-	import ZODB
 	from ZODB.FileStorage import FileStorage
 	from ZODB.DB import DB
-	import OFS
 	from OFS.Application import AppInitializer
-	import OFS.Folder
 	import AccessControl
 	import AccessControl.User
-	from AccessControl.AuthEncoding import SSHADigestScheme
 	from AccessControl.SecurityManagement import newSecurityManager
 	import transaction
-	import Products.CMFCore
-	import Products.CMFCore.MemberDataTool
 	import App.ImageFile
-	import Products.PluggableAuthService.plugins.ZODBUserManager
-	import BTrees.OOBTree
 	from DateTime import DateTime
 	App.ImageFile.__init__ = lambda x, y: None
 	sys.stderr = orig_stderr
@@ -497,7 +515,7 @@
 		try:
 			title = str(s.getAttribute('title'))
 		except:
-			title = '__luci__:system'
+			title = ''
 
 		x.manage_addFolder(id, title)
 		try:
@@ -505,7 +523,8 @@
 			if not new_system:
 				raise
 			new_system.manage_acquiredPermissions([])
-			new_system.manage_role('View', ['Access contents information','View'])
+			new_system.manage_role('View',
+				['Access contents information', 'View'])
 		except:
 			transaction.abort()
 			sys.stderr.write('An error occurred while restoring storage system \"' + id + '\"\n')
@@ -556,7 +575,7 @@
 
 		title = c.getAttribute('title')
 		if not title:
-			title = '__luci__:cluster'
+			title = ''
 		else:
 			title = str(title)
 
@@ -567,7 +586,8 @@
 			if not new_cluster:
 				raise
 			new_cluster.manage_acquiredPermissions([])
-			new_cluster.manage_role('View', ['Access contents information','View'])
+			new_cluster.manage_role('View',
+				['Access contents information', 'View'])
 		except:
 			transaction.abort()
 			sys.stderr.write('An error occurred while restoring the cluster \"' + id + '\"\n')
@@ -606,7 +626,7 @@
 				newsys = str(newsys)
 				stitle = i.getAttribute('title')
 				if not stitle:
-					stitle = '__luci__:csystem:' + id
+					stitle = ''
 				else:
 					stitle = str(stitle)
 
@@ -616,7 +636,8 @@
 					if not newcs:
 						raise
 					newcs.manage_acquiredPermissions([])
-					newcs.manage_role('View', ['Access contents information','View'])
+					newcs.manage_role('View',
+						['Access contents information', 'View'])
 				except:
 					transaction.abort()
 					sys.stderr.write('An error occurred while restoring the storage system \"' + newsys + '\" for cluster \"' + id + '\"\n')
@@ -655,24 +676,24 @@
 	return 0
 
 # This function's ability to work is dependent
-# upon the structure of @dict
-def dataToXML(doc, dict, tltag):
+# upon the structure of @obj_dict
+def dataToXML(doc, obj_dict, tltag):
 	node = doc.createElement(tltag)
-	for i in dict:
-		if isinstance(dict[i], types.DictType):
+	for i in obj_dict:
+		if isinstance(obj_dict[i], types.DictType):
 			if i[-4:] == 'List':
 				tagname = i
 			else:
 				tagname = tltag[:-4]
-			temp = dataToXML(doc, dict[i], tagname)
+			temp = dataToXML(doc, obj_dict[i], tagname)
 			node.appendChild(temp)
-		elif isinstance(dict[i], types.StringType) or isinstance(dict[i], types.IntType):
-			node.setAttribute(i, str(dict[i]))
-		elif isinstance(dict[i], types.ListType):
-			if len(dict[i]) < 1:
+		elif isinstance(obj_dict[i], types.StringType) or isinstance(obj_dict[i], types.IntType):
+			node.setAttribute(i, str(obj_dict[i]))
+		elif isinstance(obj_dict[i], types.ListType):
+			if len(obj_dict[i]) < 1:
 				continue
 			temp = doc.createElement(i)
-			for x in dict[i]:
+			for x in obj_dict[i]:
 				t = doc.createElement('ref')
 				t.setAttribute('name', x)
 				temp.appendChild(t.cloneNode(True))
@@ -681,23 +702,15 @@
 
 def luci_backup(argv):
 	sys.stderr = null
-	import ZODB
 	from ZODB.FileStorage import FileStorage
 	from ZODB.DB import DB
-	import OFS
 	from OFS.Application import AppInitializer
-	import OFS.Folder
 	import AccessControl
 	import AccessControl.User
-	from AccessControl.AuthEncoding import SSHADigestScheme
 	from AccessControl.SecurityManagement import newSecurityManager
 	import transaction
-	import Products.CMFCore
-	import Products.CMFCore.MemberDataTool
 	from CMFPlone.utils import getToolByName
 	import App.ImageFile
-	import Products.PluggableAuthService.plugins.ZODBUserManager
-	import BTrees.OOBTree
 	App.ImageFile.__init__ = lambda x, y: None
 	sys.stderr = orig_stderr
 
@@ -706,11 +719,6 @@
 	else:
 		dbfn = LUCI_DB_PATH
 
-	if len(argv) > 1:
-		backupfn = argv[1]
-	else:
-		backupfn = LUCI_BACKUP_PATH
-
 	try:
 		fs = FileStorage(dbfn)
 		db = DB(fs)
@@ -800,7 +808,7 @@
 				continue
 	except:
 		pass
-		
+
 	try:
 		storagedir = app.luci.systems.storage
 		clusterdir = app.luci.systems.cluster
@@ -822,7 +830,7 @@
 					systems[i[0]]['permList'] = map(lambda x: x[0], filter(lambda x: len(x) > 1 and 'View' in x[1], roles.items()))
 			else:
 				systems[i[0]]['permList'] = {}
-			
+
 	if clusterdir and len(clusterdir):
 		for i in clusterdir.objectItems():
 			cluster_name = i[0]
@@ -854,7 +862,7 @@
 	db.close()
 	fs.close()
 
-	backup = {
+	backup_data = {
 		'userList': users,
 		'systemList': systems,
 		'clusterList': clusters
@@ -863,7 +871,7 @@
 	doc = xml.dom.minidom.Document()
 	luciData = doc.createElement('luci')
 	doc.appendChild(luciData)
-	dataNode = dataToXML(doc, backup, 'backupData')
+	dataNode = dataToXML(doc, backup_data, 'backupData')
 
 	certList = doc.createElement('certificateList')
 	for i in ssl_key_data:
@@ -898,15 +906,16 @@
 
 def _execWithCaptureErrorStatus(command, argv, searchPath = 0, root = '/', stdin = 0, catchfd = 1, catcherrfd = 2, closefd = -1):
     if not os.access (root + command, os.X_OK):
-        raise RuntimeError, command + " can not be run"
+        raise RuntimeError, '%s is not executable' % command
 
     (read, write) = os.pipe()
-    (read_err,write_err) = os.pipe()
+    (read_err, write_err) = os.pipe()
 
     childpid = os.fork()
     if (not childpid):
         # child
-        if (root and root != '/'): os.chroot (root)
+        if (root and root != '/'):
+			os.chroot (root)
         if isinstance(catchfd, tuple):
             for fd in catchfd:
                 os.dup2(write, fd)
@@ -943,7 +952,7 @@
     rc_err = ""
     in_list = [read, read_err]
     while len(in_list) != 0:
-        i,o,e = select.select(in_list, [], [], 0.1)
+        i, o, e = select(in_list, [], [], 0.1)
         for fd in i:
             if fd == read:
                 s = os.read(read, 1000)
@@ -992,17 +1001,17 @@
     command = '/bin/rm'
     args = [command, '-f', SSL_PRIVKEY_PATH, SSL_PUBKEY_PATH]
     _execWithCaptureErrorStatus(command, args)
-    
+
     # /usr/bin/openssl genrsa -out /var/lib/luci/var/certs/privkey.pem 2048 > /dev/null 2>&1
     command = '/usr/bin/openssl'
     args = [command, 'genrsa', '-out', SSL_PRIVKEY_PATH, '2048']
     _execWithCaptureErrorStatus(command, args)
-    
+
     # /usr/bin/openssl req -new -x509 -key /var/lib/luci/var/certs/privkey.pem -out /var/lib/luci/var/certs/cacert.pem -days 1825 -config /var/lib/luci/var/certs/cacert.config
     command = '/usr/bin/openssl'
     args = [command, 'req', '-new', '-x509', '-key', SSL_PRIVKEY_PATH, '-out', SSL_PUBKEY_PATH, '-days', '1825', '-config', SSL_KEYCONFIG_PATH]
     _execWithCaptureErrorStatus(command, args)
-    
+
     # take ownership and restrict access
     try:
 	    uid, gid = get_luci_uid_gid()
@@ -1015,7 +1024,7 @@
 	    args = [command, '-f', SSL_PRIVKEY_PATH, SSL_PUBKEY_PATH]
 	    _execWithCaptureErrorStatus(command, args)
 	    return False
-    
+
     return True
 
 
@@ -1037,37 +1046,37 @@
 		sys.stderr.write('If you want to reset admin password, execute\n')
 		sys.stderr.write('\t' + argv[0] + ' password\n')
 		sys.exit(1)
-	
+
 	print 'Initializing the Luci server\n'
-	
+
 	print '\nCreating the \'admin\' user\n'
-	password = read_passwd('Enter password: ', 'Confirm password: ')
+	new_password = read_passwd('Enter password: ', 'Confirm password: ')
 	print '\nPlease wait...'
-	if not set_zope_passwd('admin', password):
+	if not set_zope_passwd('admin', new_password):
 		restore_luci_db_fsattr()
 		print 'The admin password has been successfully set.'
 	else:
 		sys.stderr.write('Unable to set the admin user\'s password.\n')
 		sys.exit(1)
-	
+
 	print 'Generating SSL certificates...'
 	if generate_ssl_certs() == False:
 		sys.stderr.write('failed. exiting ...\n')
 		sys.exit(1)
-	
+
 	print 'Luci server has been successfully initialized'
 	restart_message()
-	
+
 	return
 
 
 def password(argv):
-	password = None
+	passwd = None
 	if '--random' in argv:
 		print 'Resetting the admin user\'s password to some random value\n'
 		try:
 			rand = open('/dev/urandom', 'r')
-			password = rand.read(16)
+			passwd = rand.read(16)
 			rand.close()
 		except:
 			sys.stderr.write('Unable to read from /dev/urandom\n')
@@ -1078,12 +1087,12 @@
 			sys.stderr.write('To initialize it, execute\n')
 			sys.stderr.write('\t' + argv[0] + ' init\n')
 			sys.exit(1)
-		
+
 		print 'Resetting the admin user\'s password\n'
-		password = read_passwd('Enter new password: ', 'Confirm password: ')
-		
+		passwd = read_passwd('Enter new password: ', 'Confirm password: ')
+
 	print '\nPlease wait...'
-	if not set_zope_passwd('admin', password):
+	if not set_zope_passwd('admin', passwd):
 		print 'The admin password has been successfully reset.'
 	else:
 		sys.stderr.write('Unable to set the admin user\'s password.\n')
@@ -1118,7 +1127,7 @@
 		# The LUCI_BACKUP_DIR must not be world-writable
 		# as the code below is obviously not safe against
 		# races.
-		stat = os.stat(LUCI_BACKUP_PATH)
+		os.stat(LUCI_BACKUP_PATH)
 		trynum = 1
 		basename = '/luci_backup-'
 
@@ -1128,7 +1137,7 @@
 				try:
 					os.rename(LUCI_BACKUP_PATH, oldbackup)
 				except:
-					sys.stderr.stderr('Unable to rename the existing backup file.\n')
+					sys.stderr.write('Unable to rename the existing backup file.\n')
 					sys.stderr.write('The Luci backup failed.\n')
 				break
 			trynum += 1
@@ -1162,8 +1171,10 @@
 def restore(argv):
 	print 'Restoring the Luci server...'
 
-	try: os.umask(077)
-	except: pass
+	try:
+		os.umask(077)
+	except:
+		pass
 
 	if luci_restore(argv[2:]):
 		ret = False
@@ -1197,7 +1208,7 @@
 def test_luci_installation():
    # perform basic checks
    # TODO: do more tests
-   
+
    # check if luci user and group are present on the system
    try:
 	   get_luci_uid_gid()
@@ -1206,7 +1217,7 @@
 	   sys.stderr.write('Mising luci\'s system account and group')
 	   sys.stderr.write('Recommended action: reinstall luci\n\n')
 	   sys.exit(3)
-   
+
    return True
 
 
@@ -1214,16 +1225,9 @@
     if len(argv) < 2:
         luci_help(argv)
         sys.exit(1)
-    
-    # only root should run this
-    if os.getuid() != 0:
-        sys.stderr.write('Only \'root\' can run ' + argv[0] + '\n')
-        sys.stderr.write('Try again with root privileges.\n')
-        sys.exit(2)
 
-    # test if luci installation is OK
     test_luci_installation()
-    
+
     if 'init' in argv:
         init(argv)
     elif 'backup' in argv:


[Date Prev][Date Next]   [Thread Prev][Thread Next]   [Thread Index] [Date Index] [Author Index]