Hello community,
here is the log from the commit of package yast2-users
checked in at Thu Feb 22 15:03:41 CET 2007.
--------
--- yast2-users/yast2-users.changes 2007-02-14 12:55:01.000000000 +0100
+++ /mounts/work_src_done/STABLE/yast2-users/yast2-users.changes 2007-02-22 10:06:54.063069000 +0100
@@ -1,0 +2,7 @@
+Wed Feb 21 15:51:14 CET 2007 - jsuchome@suse.cz
+
+- implemented disabling of crypted home directories (#242531)
+- when deleting crypted home, disable pam_mount
+- 2.15.12
+
+-------------------------------------------------------------------
Old:
----
yast2-users-2.15.11.tar.bz2
New:
----
yast2-users-2.15.12.tar.bz2
++++++++++++++++++++++++++++++++++++++++++++++++++++++++++++++++++++++++
Other differences:
------------------
++++++ yast2-users.spec ++++++
--- /var/tmp/diff_new_pack.w19973/_old 2007-02-22 15:03:13.000000000 +0100
+++ /var/tmp/diff_new_pack.w19973/_new 2007-02-22 15:03:13.000000000 +0100
@@ -1,5 +1,5 @@
#
-# spec file for package yast2-users (Version 2.15.11)
+# spec file for package yast2-users (Version 2.15.12)
#
# Copyright (c) 2007 SUSE LINUX Products GmbH, Nuernberg, Germany.
# This file and all modifications and additions to the pristine
@@ -11,12 +11,12 @@
# norootforbuild
Name: yast2-users
-Version: 2.15.11
+Version: 2.15.12
Release: 1
License: GNU General Public License (GPL)
Group: System/YaST
BuildRoot: %{_tmppath}/%{name}-%{version}-build
-Source0: yast2-users-2.15.11.tar.bz2
+Source0: yast2-users-2.15.12.tar.bz2
prefix: /usr
BuildRequires: cracklib-devel doxygen gcc-c++ perl-Digest-SHA1 perl-XML-Writer update-desktop-files yast2 yast2-core-devel yast2-devtools yast2-ldap-client yast2-mail-aliases yast2-perl-bindings yast2-security yast2-testsuite
Requires: yast2 yast2-perl-bindings yast2-country yast2-pam yast2-security yast2-mail-aliases cracklib perl-Digest-SHA1 perl-X500-DN perl-gettext yast2-ldap-client
@@ -42,7 +42,7 @@
Jiri Suchomel
%prep
-%setup -n yast2-users-2.15.11
+%setup -n yast2-users-2.15.12
%build
%{prefix}/bin/y2tool y2autoconf
@@ -85,7 +85,11 @@
%{_libdir}/YaST2/plugin/libpy2ag_crack.la
%doc %{prefix}/share/doc/packages/yast2-users
-%changelog -n yast2-users
+%changelog
+* Wed Feb 21 2007 - jsuchome@suse.cz
+- implemented disabling of crypted home directories (#242531)
+- when deleting crypted home, disable pam_mount
+- 2.15.12
* Wed Feb 14 2007 - jsuchome@suse.cz
- enable bigger size of encrypted directory (#244631)
- 2.15.11
++++++ yast2-users-2.15.11.tar.bz2 -> yast2-users-2.15.12.tar.bz2 ++++++
diff -urN --exclude=CVS --exclude=.cvsignore --exclude=.svn --exclude=.svnignore old/yast2-users-2.15.11/VERSION new/yast2-users-2.15.12/VERSION
--- old/yast2-users-2.15.11/VERSION 2007-02-14 12:43:24.000000000 +0100
+++ new/yast2-users-2.15.12/VERSION 2007-02-21 15:55:14.000000000 +0100
@@ -1 +1 @@
-2.15.11
+2.15.12
diff -urN --exclude=CVS --exclude=.cvsignore --exclude=.svn --exclude=.svnignore old/yast2-users-2.15.11/src/Users.pm new/yast2-users-2.15.12/src/Users.pm
--- old/yast2-users-2.15.11/src/Users.pm 2007-02-05 11:22:06.000000000 +0100
+++ new/yast2-users-2.15.12/src/Users.pm 2007-02-21 15:39:56.000000000 +0100
@@ -3955,6 +3955,17 @@
return $ret;
}
+# Remove crypted direcotries - because of 'cryptconfig pm-disable' call, this
+# must be done when user is still known to PAM...
+sub DeleteCryptedHomes {
+
+ my $ret = 1;
+ foreach my $home (keys %removed_homes) {
+ $ret = $ret && UsersRoutines->DeleteCryptedHome ($home, $removed_homes{$home});
+ };
+ return $ret;
+}
+
##------------------------------------
# remove home directories and
# execute USERDEL_POSTCMD scripts for local/system users which should be deleted
@@ -3964,7 +3975,6 @@
foreach my $home (keys %removed_homes) {
$ret = $ret && UsersRoutines->DeleteHome ($home);
- UsersRoutines->DeleteCryptedHome ($home, $removed_homes{$home});
};
if ($userdel_postcmd eq "" || !FileUtils->Exists($userdel_postcmd)) {
@@ -4169,8 +4179,7 @@
# only remember for which users we need to call cryptconfig
foreach my $username (keys %{$modified_users{"ldap"}}) {
my %user = %{$modified_users{"ldap"}{$username}};
- my $home_size = $user{"crypted_home_size"} || 0;
- if ($home_size > 0) {
+ if (defined $user{"crypted_home_size"}) {
$users_with_crypted_dir{$username} = \%user;
}
}
@@ -4369,8 +4378,7 @@
my $gid = $user{"gidnumber"};
my $create_home = $user{"create_home"};
my $skel = $useradd_defaults{"skel"};
- my $home_size = $user{"crypted_home_size"} || 0;
- if ($home_size > 0) {
+ if (defined $user{"crypted_home_size"}) {
$users_with_crypted_dir{$username} = \%user;
}
if ($user_mod eq "imported" || $user_mod eq "added") {
@@ -4423,6 +4431,19 @@
delete $modified_users{"local"};
delete $modified_users{"system"};
}
+ if (%users_with_crypted_dir) {
+ Package->Install ("cryptconfig");
+ }
+
+ # remove the crypted directories now
+ if ($users_modified) {
+ if (!DeleteCryptedHomes ()) {
+ # error popup
+ $ret = __("An error occurred while removing users.");
+ Report->Error ($ret);
+ return $ret;
+ }
+ }
# Write passwords
if ($use_gui) { Progress->NextStage (); }
@@ -4468,10 +4489,7 @@
}
}
- if (%users_with_crypted_dir) {
- Package->Install ("cryptconfig");
- }
- if (!FileUtils->Exists ("/usr/sbin/cryptconfig")) {
+ if (!FileUtils->Exists (UsersRoutines->CryptconfigPath ())) {
%users_with_crypted_dir = ();
}
foreach my $username (keys %users_with_crypted_dir) {
diff -urN --exclude=CVS --exclude=.cvsignore --exclude=.svn --exclude=.svnignore old/yast2-users-2.15.11/src/UsersRoutines.pm new/yast2-users-2.15.12/src/UsersRoutines.pm
--- old/yast2-users-2.15.11/src/UsersRoutines.pm 2007-01-29 14:30:57.000000000 +0100
+++ new/yast2-users-2.15.12/src/UsersRoutines.pm 2007-02-21 15:29:28.000000000 +0100
@@ -18,6 +18,29 @@
YaST::YCP::Import ("SCR");
+##------------------------------------
+##------------------- global variables
+
+# path to cryptconfig
+my $cryptconfig = "/usr/sbin/cryptconfig";
+
+
+##-------------------------------------------------------------------------
+##----------------- helper routines ---------------------------------------
+
+# set new path to cryptconfig
+BEGIN { $TYPEINFO{SetCryptconfigPath} = ["function", "void", "string"]; }
+sub SetCryptconfigPath {
+ my $self = shift;
+ $cryptconfig = shift;
+}
+
+# return current path to cryptconfig
+BEGIN { $TYPEINFO{CryptconfigPath} = ["function", "string"]; }
+sub CryptconfigPath {
+ return $cryptconfig;
+}
+
##-------------------------------------------------------------------------
##----------------- directory manipulation routines -----------------------
@@ -41,7 +64,6 @@
if (!%{SCR->Read (".target.stat", $home_path)}) {
SCR->Execute (".target.mkdir", $home_path);
}
-
my %stat = %{SCR->Read (".target.stat", $home)};
if (%stat) {
if ($home ne "/var/lib/nobody") {
@@ -228,17 +250,24 @@
return 0 if ((not defined $home) || (not defined $username));
+ if (%{SCR->Read (".target.stat", "$path.key")}) {
+ my $out = SCR->Execute (".target.bash_output", "/bin/rm -rf $path.key");
+ if (($out->{"exit"} || 0) ne 0) {
+ y2error ("error while removing $path.key file: ", $out->{"stderr"} || "");
+ $ret = 0;
+ }
+ }
if (%{SCR->Read (".target.stat", "$path.img")}) {
my $out = SCR->Execute (".target.bash_output", "/bin/rm -rf $path.img");
if (($out->{"exit"} || 0) ne 0) {
y2error ("error while removing $path.img file: ", $out->{"stderr"} || "");
$ret = 0;
}
- }
- if (%{SCR->Read (".target.stat", "$path.key")}) {
- my $out = SCR->Execute (".target.bash_output", "/bin/rm -rf $path.key");
- if (($out->{"exit"} || 0) ne 0) {
- y2error ("error while removing $path.key file: ", $out->{"stderr"} || "");
+ my $command = "$cryptconfig pm-disable $username";
+ $out = SCR->Execute (".target.bash_output", $command);
+ if ($out->{"exit"} ne 0 && $out->{"stderr"}) {
+ y2error ("error calling $command: ", $out->{"stderr"});
+ Report->Error ($out->{"stderr"});
$ret = 0;
}
}
@@ -261,11 +290,11 @@
my $org_size = $user->{"org_user"}{"crypted_home_size"} || 0;
my $org_home = $user->{"org_user"}{"homedirectory"} || $home;
my $org_username = $user->{"org_user"}{"uid"} || $username;
-
my $pw = $user->{"text_userpassword"};
+ return 1 if ($home_size == 0 && $org_size == 0); # nothing to do
+ return 1 if ($home eq $org_home && $username eq $org_username && $home_size == $org_size);
return 0 if !defined $pw; # no change without password provided :-(
- return 0 if ($home eq $org_home && $username eq $org_username && $home_size == $org_size);
# now crypt the home directories
my $tmpdir = Directory->tmpdir ();
@@ -273,14 +302,77 @@
my $pw_path = "$tmpdir/pw";
my $cmd = "";
- # check user renaming or directory move
+
my $key_file = undef;
my $image_file = undef;
my $org_hp = substr ($org_home, 0, rindex ($org_home, "/"));
+ my $org_img = "$org_hp/$org_username.img";
+ my $org_key = "$org_hp/$org_username.key";
+
+ # solve disabling of crypted directory
+ if ($home_size == 0 && $org_size > 0 &&
+ FileUtils->Exists ($org_key) && FileUtils->Exists ($org_img))
+ {
+ SCR->Write (".target.string", $pw_path, $pw);
+ my $command = "$cryptconfig open --key-file=$org_key $org_img < $pw_path";
+ my $out = SCR->Execute (".target.bash_output", $command);
+ SCR->Execute (".target.remove", $pw_path);
+ if ($out->{"exit"} ne 0 && $out->{"stderr"}) {
+ y2error ("error calling $command: ", $out->{"stderr"});
+ Report->Error ($out->{"stderr"});
+ return 0;
+ }
+ my @stdout_l = split (/ /, $out->{"stdout"} || "");
+ my $image_path = pop @stdout_l;
+ chop $image_path;
+ if (!$image_path) {
+ y2error ("path to image could not be acquired from ", $out->{"stdout"} || "");
+ return 0;
+ }
+ my $mnt_dir = "$tmpdir/mnt";
+ SCR->Execute (".target.bash", "/bin/rm -rf $mnt_dir") if (FileUtils->Exists ($mnt_dir));
+ SCR->Execute (".target.mkdir", $mnt_dir);
+ $command = "mount -o loop $image_path $mnt_dir";
+ $out = SCR->Execute (".target.bash_output", $command);
+ if ($out->{"exit"} ne 0 && $out->{"stderr"}) {
+ y2error ("error calling $command: ", $out->{"stderr"});
+ # TODO translated message for mount error
+ return 0;
+ }
+ SCR->Execute (".target.bash", "/bin/rm -rf $home");
+ # copy the directory content
+ $command = "/bin/cp -ar $mnt_dir $home";
+ $out = SCR->Execute (".target.bash_output", $command);
+ if ($out->{"exit"} ne 0 && $out->{"stderr"}) {
+ y2error ("error calling $command: ", $out->{"stderr"});
+ return 0;
+ }
+ SCR->Execute (".target.bash", "umount $mnt_dir");
+ $command = "$cryptconfig pm-disable $username";
+ $out = SCR->Execute (".target.bash_output", $command);
+ if ($out->{"exit"} ne 0 && $out->{"stderr"}) {
+ y2error ("error calling $command: ", $out->{"stderr"});
+ Report->Error ($out->{"stderr"});
+ return 0;
+ }
+ $command = "$cryptconfig close $org_img";
+ $out = SCR->Execute (".target.bash_output", $command);
+ if ($out->{"exit"} ne 0 && $out->{"stderr"}) {
+ y2error ("error calling $command: ", $out->{"stderr"});
+ Report->Error ($out->{"stderr"});
+ return 0;
+ }
+ # remove image and key files
+ SCR->Execute (".target.bash", "/bin/rm -rf $org_img");
+ SCR->Execute (".target.bash", "/bin/rm -rf $org_key");
+ return 1;
+ }
+
+ # check user renaming or directory move
my $hp = substr ($home, 0, rindex ($home, "/"));
if ($hp ne $org_hp || $org_username ne $username) {
- if (FileUtils->Exists ("$org_hp/$org_username.img")) {
- my $command = "/bin/mv $org_hp/$org_username.img $hp/$username.img";
+ if (FileUtils->Exists ($org_img)) {
+ my $command = "/bin/mv $org_img $hp/$username.img";
my %out = %{SCR->Execute (".target.bash_output", $command)};
if (($out{"stderr"} || "") ne "") {
y2error ("error calling $command: ", $out{"stderr"} || "");
@@ -288,8 +380,8 @@
}
$image_file = "$hp/$username.img";
}
- if (FileUtils->Exists ("$org_hp/$org_username.key")) {
- my $command = "/bin/mv $org_hp/$org_username.key $hp/$username.key";
+ if (FileUtils->Exists ($org_key)) {
+ my $command = "/bin/mv $org_key $hp/$username.key";
my %out = %{SCR->Execute (".target.bash_output", $command)};
if (($out{"stderr"} || "") ne "") {
y2error ("error calling $command: ", $out{"stderr"} || "");
@@ -301,7 +393,7 @@
SCR->Write (".target.string", $pw_path, $pw);
if (defined $key_file || defined $image_file) {
- $cmd = "/usr/sbin/cryptconfig pm-enable --replace ";
+ $cmd = "$cryptconfig pm-enable --replace ";
$cmd = $cmd."--key-file=$key_file " if defined $key_file;
$cmd = $cmd."--image-file=$image_file " if defined $image_file;
$cmd = $cmd."$username";
@@ -321,11 +413,11 @@
if ($org_size < $home_size && defined $key_file && defined $image_file) {
my $add = $home_size - $org_size;
- $cmd = "/usr/sbin/cryptconfig enlarge-image --key-file=$key_file $image_file $add < $pw_path";
+ $cmd = "$cryptconfig enlarge-image --key-file=$key_file $image_file $add < $pw_path";
}
else {
# default command for creating the image
- $cmd = "/usr/sbin/cryptconfig make-ehd --no-verify $username $home_size < $pw_path";
+ $cmd = "$cryptconfig make-ehd --no-verify $username $home_size < $pw_path";
}
my $out = SCR->Execute (".target.bash_output", $cmd);
diff -urN --exclude=CVS --exclude=.cvsignore --exclude=.svn --exclude=.svnignore old/yast2-users-2.15.11/src/dialogs.ycp new/yast2-users-2.15.12/src/dialogs.ycp
--- old/yast2-users-2.15.11/src/dialogs.ycp 2007-02-14 12:28:56.000000000 +0100
+++ new/yast2-users-2.15.12/src/dialogs.ycp 2007-02-21 11:37:37.000000000 +0100
@@ -5,7 +5,7 @@
* Authors: Johannes Buchhold ,
* Jiri Suchomel
*
- * $Id: dialogs.ycp 35682 2007-01-29 14:10:31Z jsuchome $
+ * $Id: dialogs.ycp 36132 2007-02-14 11:56:35Z jsuchome $
*/
{
@@ -1531,9 +1531,9 @@
ret = `notnext;
continue;
}
- if ((crypted_home_enabled && what == "edit_user" && user["encrypted"]:true) &&
- ((GetInt (user["crypted_home_size"]:nil, 0) != 0 &&
- GetInt (user["crypted_home_size"]:nil, 0) != GetInt (user["org_user","crypted_home_size"]:nil, 0))
+ if ((crypted_home_enabled && action == "edited" && user["encrypted"]:false
+ && user["text_userpassword"]:nil == nil) &&
+ (GetInt (user["crypted_home_size"]:nil, 0) != GetInt (user["org_user","crypted_home_size"]:nil, 0)
||
(org_username != username))
)
diff -urN --exclude=CVS --exclude=.cvsignore --exclude=.svn --exclude=.svnignore old/yast2-users-2.15.11/src/widgets.ycp new/yast2-users-2.15.12/src/widgets.ycp
--- old/yast2-users-2.15.11/src/widgets.ycp 2006-12-19 16:41:06.000000000 +0100
+++ new/yast2-users-2.15.12/src/widgets.ycp 2007-02-21 15:03:59.000000000 +0100
@@ -616,6 +616,11 @@
boolean no_home = false;
// check if dir exists with this owner
map stat = (map)SCR::Read (.target.stat, home);
+ if (stat == $[]) // check crypted dir image
+ {
+ string home_pth = substring (home, 0, findlastof (home, "/"));
+ stat = (map)SCR::Read (.target.stat, sformat ("%1/%2.img", home_pth, username));
+ }
if ((type == "ldap" && !Ldap::file_server) || (stat["uid"]:-1 != uid))
{
no_home = true;
++++++++++++++++++++++++++++++++++++++++++++++++++++++++++++++++++++++++
Remember to have fun...
---------------------------------------------------------------------
To unsubscribe, e-mail: opensuse-commit+unsubscribe@opensuse.org
For additional commands, e-mail: opensuse-commit+help@opensuse.org