[yast-commit] r45217 - in /trunk/users: ./ package/ src/

Author: jsuchome Date: Wed Mar 5 15:52:46 2008 New Revision: 45217 URL: http://svn.opensuse.org/viewcvs/yast?rev=45217&view=rev Log: - check home directory of first user right before writing - do not allow decrypting home when user is logged in (bnc#365547), remove old home directory after all critical actions are done - added installation proposal for user settings (fate#302980) - 2.16.16 Added: trunk/users/src/users_proposal.ycp (with props) Modified: trunk/users/VERSION trunk/users/package/yast2-users.changes trunk/users/src/Makefile.am trunk/users/src/Users.pm trunk/users/src/UsersRoutines.pm trunk/users/src/dialogs.ycp trunk/users/src/inst_root.ycp trunk/users/src/inst_root_first.ycp trunk/users/src/inst_user.ycp trunk/users/src/inst_user_first.ycp trunk/users/src/routines.ycp trunk/users/src/widgets.ycp Modified: trunk/users/VERSION URL: http://svn.opensuse.org/viewcvs/yast/trunk/users/VERSION?rev=45217&r1=45216&r2=45217&view=diff ============================================================================== --- trunk/users/VERSION (original) +++ trunk/users/VERSION Wed Mar 5 15:52:46 2008 @@ -1 +1 @@ -2.16.15 +2.16.16 Modified: trunk/users/package/yast2-users.changes URL: http://svn.opensuse.org/viewcvs/yast/trunk/users/package/yast2-users.changes?rev=45217&r1=45216&r2=45217&view=diff ============================================================================== --- trunk/users/package/yast2-users.changes (original) +++ trunk/users/package/yast2-users.changes Wed Mar 5 15:52:46 2008 @@ -1,4 +1,13 @@ ------------------------------------------------------------------- +Wed Mar 5 15:42:07 CET 2008 - jsuchome@suse.cz + +- check home directory of first user right before writing +- do not allow decrypting home when user is logged in (bnc#365547), + remove old home directory after all critical actions are done +- added installation proposal for user settings (fate#302980) +- 2.16.16 + +------------------------------------------------------------------- Wed Mar 5 09:36:14 CET 2008 - jsuchome@suse.cz - during installation, check if future /home doesn't contain home Modified: trunk/users/src/Makefile.am URL: http://svn.opensuse.org/viewcvs/yast/trunk/users/src/Makefile.am?rev=45217&r1=45216&r2=45217&view=diff ============================================================================== --- trunk/users/src/Makefile.am (original) +++ trunk/users/src/Makefile.am Wed Mar 5 15:52:46 2008 @@ -43,6 +43,7 @@ users_finish.ycp \ inst_auth.ycp \ users_auto.ycp \ + users_proposal.ycp \ users_plugin_ldap_all.ycp \ users_plugin_ldap_passwordpolicy.ycp \ users_plugin_ldap_shadowaccount.ycp \ Modified: trunk/users/src/Users.pm URL: http://svn.opensuse.org/viewcvs/yast/trunk/users/src/Users.pm?rev=45217&r1=45216&r2=45217&view=diff ============================================================================== --- trunk/users/src/Users.pm (original) +++ trunk/users/src/Users.pm Wed Mar 5 15:52:46 2008 @@ -5389,7 +5389,7 @@ # do not check pw when it wasn't changed - must be tested directly if (defined ($user{"userpassword"}) || ($user{"what"} || "") eq "add_user") { - $error = $self->CheckPassword ($user{"userpassword"}); + $error = UsersSimple->CheckPassword ($user{"userpassword"}, $type); } } @@ -5448,12 +5448,13 @@ %group = %{$_[0]}; } + my $type = $group{"type"} || ""; my $error = $self->CheckGID ($group{"gidnumber"}); if ($error eq "") { if ((defined $group{"userpassword"}) && ! bool ($group{"encrypted"})) { - $error = $self->CheckPassword ($group{"userpassword"}); + $error = UsersSimple->CheckPassword ($group{"userpassword"}, $type); } } @@ -5464,7 +5465,7 @@ my $error_map = UsersPlugins->Apply ("Check", { "what" => "group", - "type" => $group{"type"} || "", + "type" => $type, "modified" => $group{"modified"} || "", "plugins" => $group{"plugins"} }, \%group); Modified: trunk/users/src/UsersRoutines.pm URL: http://svn.opensuse.org/viewcvs/yast/trunk/users/src/UsersRoutines.pm?rev=45217&r1=45216&r2=45217&view=diff ============================================================================== --- trunk/users/src/UsersRoutines.pm (original) +++ trunk/users/src/UsersRoutines.pm Wed Mar 5 15:52:46 2008 @@ -16,6 +16,7 @@ ##------------------------------------ ##------------------- global imports +YaST::YCP::Import ("Report"); YaST::YCP::Import ("SCR"); ##------------------------------------ @@ -320,6 +321,7 @@ { SCR->Write (".target.string", $pw_path, $pw); my $command = "$cryptconfig open --key-file=$org_key $org_img < $pw_path"; + y2debug ("cmd: $command"); my $out = SCR->Execute (".target.bash_output", $command); SCR->Execute (".target.remove", $pw_path); if ($out->{"exit"} ne 0) { @@ -345,9 +347,8 @@ # TODO translated message for mount error return 0; } - SCR->Execute (".target.bash", "/bin/rm -rf $home"); - # copy the directory content - $command = "/bin/cp -ar $mnt_dir $home"; + # copy the directory content to tmp home + $command = "/bin/cp -ar $mnt_dir $tmpdir/$username"; y2debug ("cmd: $command"); $out = SCR->Execute (".target.bash_output", $command); if ($out->{"exit"} ne 0 && $out->{"stderr"}) { @@ -377,6 +378,11 @@ Report->Error ($out->{"stderr"}); return 0; } + # Now, after everything succeeded, remove old home and replace it + # with the data from crypted image: + SCR->Execute (".target.bash", "/bin/rm -rf $home"); + $out = SCR->Execute (".target.bash_output", "/bin/mv $tmpdir/$username $home"); + y2error ("error while mv: ", $out->{"stderr"}) if ($out->{"stderr"}); # remove image and key files SCR->Execute (".target.bash", "/bin/rm -rf $org_img"); SCR->Execute (".target.bash", "/bin/rm -rf $org_key"); @@ -497,10 +503,17 @@ if (defined $pam_mount_cont && defined $pam_mount_cont->{"pam_mount"}{"volume"}) { - foreach my $usermap (@{$pam_mount_cont->{"pam_mount"}{"volume"}}) { - my $username = $usermap->{"user"}{"value"}; - next if !defined $username; - $pam_mount->{$username} = $usermap; + my $volumes = $pam_mount_cont->{"pam_mount"}{"volume"}; + if (ref ($volumes) eq "HASH") { + my $username = $volumes->{"user"}{"value"}; + $pam_mount->{$username} = $volumes if defined $username; + } + elsif (ref ($volumes) eq "ARRAY") { + foreach my $usermap (@{$volumes}) { + my $username = $usermap->{"user"}{"value"}; + next if !defined $username; + $pam_mount->{$username} = $usermap; + } } } return 1 if defined $pam_mount; Modified: trunk/users/src/dialogs.ycp URL: http://svn.opensuse.org/viewcvs/yast/trunk/users/src/dialogs.ycp?rev=45217&r1=45216&r2=45217&view=diff ============================================================================== --- trunk/users/src/dialogs.ycp (original) +++ trunk/users/src/dialogs.ycp Wed Mar 5 15:52:46 2008 @@ -980,7 +980,7 @@ } if ((pw1 != "" || !tab) && pw1 != default_pw) { - error = Users::CheckPassword (pw1); + error = UsersSimple::CheckPassword (pw1, user_type); if (error != "") { Report::Error (error); @@ -1149,6 +1149,15 @@ if (current == `details && ret == `crypted_home) { boolean checked = (boolean) UI::QueryWidget (`id (`crypted_home), `Value); + if (!checked && UserLogged (org_username)) + { + // error popup + Report::Error(_("The home directory for this user cannot be decrypted, +because the user is currently logged in. +Log the user out first.")); + UI::ChangeWidget (`id (`crypted_home), `Value, true); + continue; + } if (checked && (integer) UI::QueryWidget (`id (`dirsize), `Value) == 10) UI::ChangeWidget (`id (`dirsize), `Value, default_crypted_size); UI::ChangeWidget (`id (`dirsize), `Enabled, checked); @@ -1964,7 +1973,7 @@ } if ( pw1 != "" && pw1 != default_pw ) { - error = Users::CheckPassword (pw1); + error = UsersSimple::CheckPassword (pw1, group_type); if (error != "") { Report::Error (error); Modified: trunk/users/src/inst_root.ycp URL: http://svn.opensuse.org/viewcvs/yast/trunk/users/src/inst_root.ycp?rev=45217&r1=45216&r2=45217&view=diff ============================================================================== --- trunk/users/src/inst_root.ycp (original) +++ trunk/users/src/inst_root.ycp Wed Mar 5 15:52:46 2008 @@ -66,14 +66,16 @@ // advise user to remember his new password `Label(_("Do not forget what you enter here.")), `VSpacing(0.8), - // Label: get password for user root - `Password (`id(`pw1), _("&Password for root User"), ""), + `Password (`id(`pw1), `opt (`hstretch), + // Label: get password for user root + _("&Password for root User"), ""), `VSpacing(0.8), - // Label: get same password again for verification - `Password (`id(`pw2), _("Con&firm Password"), ""), + `Password (`id(`pw2), `opt (`hstretch), + // Label: get same password again for verification + _("Con&firm Password"), ""), `VSpacing (2.4), // text entry label - `TextEntry (_("&Test Keyboard Layout")) + `InputField (`opt(`hstretch),_("&Test Keyboard Layout")) )), `VSpacing(2), // push button Modified: trunk/users/src/inst_root_first.ycp URL: http://svn.opensuse.org/viewcvs/yast/trunk/users/src/inst_root_first.ycp?rev=45217&r1=45216&r2=45217&view=diff ============================================================================== --- trunk/users/src/inst_root_first.ycp (original) +++ trunk/users/src/inst_root_first.ycp Wed Mar 5 15:52:46 2008 @@ -33,6 +33,8 @@ // Title for root-password dialogue string title = _("Password for the System Administrator \"root\""); + string password = UsersSimple::GetRootPassword (); + term contents = `VBox ( `VStretch (), `HSquash (`VBox ( @@ -41,11 +43,13 @@ `VSpacing(0.8), `Password (`id(`pw1), `opt (`hstretch), // Label: get password for user root - _("&Password for root User"), ""), + _("&Password for root User"), + password == nil ? "" : "*****"), `VSpacing(0.8), `Password (`id(`pw2), `opt (`hstretch), // Label: get same password again for verification - _("Con&firm Password"), "") + _("Con&firm Password"), + password == nil ? "" : "*****") )), `VStretch () ); @@ -95,7 +99,6 @@ if (Mode::normal ()) Wizard::CreateDialog (); // for testing only -// Wizard::SetDesktopIcon("yast-users"); Wizard::SetDesktopIcon("yast-users"); Wizard::SetContents (title, contents, helptext, GetInstArgs::enable_back(), @@ -121,6 +124,8 @@ continue; } } + if (ret == `accept) // from proposal + ret = `next; if (ret == `next) { Modified: trunk/users/src/inst_user.ycp URL: http://svn.opensuse.org/viewcvs/yast/trunk/users/src/inst_user.ycp?rev=45217&r1=45216&r2=45217&view=diff ============================================================================== --- trunk/users/src/inst_user.ycp (original) +++ trunk/users/src/inst_user.ycp Wed Mar 5 15:52:46 2008 @@ -13,6 +13,7 @@ textdomain "users"; import "Autologin"; + import "FileUtils"; import "GetInstArgs"; import "Package"; import "Label"; @@ -30,6 +31,7 @@ if (!GetInstArgs::going_back()) UsersSimple::Read (); + // check if the user was configured in the 1st stage if (!GetInstArgs::going_back() && UsersSimple::AfterAuth () == "users" && UsersSimple::GetUser () != $[]) @@ -38,6 +40,18 @@ y2milestone ("user defined in 1st stage, let's save now..."); boolean progress_orig = Progress::set (false); Users::Read (); + + // now, check if home directory exists and adapt uidnumber to its owner + string home = user["home"]:""; + if (home == "" && user["uid"]:"" != "") + home = Users::GetDefaultHome ("local") + user["uid"]:""; + if (home != "" && FileUtils::IsDirectory (home)) + { + map stat = (map) SCR::Read (.target.stat, home); + integer uid = stat["uid"]:-1; + if (uid != -1) + user["uidnumber"] = uid; + } string error = Users::AddUser (user); if (error == "") error = Users::CheckUser ($[]); Modified: trunk/users/src/inst_user_first.ycp URL: http://svn.opensuse.org/viewcvs/yast/trunk/users/src/inst_user_first.ycp?rev=45217&r1=45216&r2=45217&view=diff ============================================================================== --- trunk/users/src/inst_user_first.ycp (original) +++ trunk/users/src/inst_user_first.ycp Wed Mar 5 15:52:46 2008 @@ -17,15 +17,12 @@ import "Package"; import "Progress"; import "Report"; - import "Storage"; import "String"; import "UsersSimple"; import "Wizard"; textdomain "users"; - map home_map = Storage::GetEntryForMountpoint( "/home" ); - string tmpdir = Directory::tmpdir; map display_info = UI::GetDisplayInfo (); boolean text_mode = display_info["TextMode"]:false; @@ -351,14 +348,6 @@ `InputField (`id (`username), `opt (`notify, `hstretch), // input field for login name _("&Username"),username), - /* - `TextEntry (`id (`cn), `opt (`notify, `hstretch), - // text entry - _("User's &Full Name"), cn), - `TextEntry (`id (`username), `opt (`notify, `hstretch), - // input field for login name - _("&Username"),username), - */ `Password (`id (`pw1), `opt (`hstretch), Label::Password(), password == nil ? "" : "*****"), `Password (`id (`pw2), `opt (`hstretch), Label::ConfirmPassword(), @@ -436,6 +425,8 @@ { login_modified = true; } + if (ret == `accept) // from proposal + ret = `next; if (ret == `next) { string error = ""; @@ -525,18 +516,6 @@ continue; } // set UID if home directory is found on future home partition - if (home_map != $[] && home_map["format"]:false == false) - { - string dir = tmpdir + "/home"; - SCR::Execute (.target.mkdir, dir); - if ((boolean) - SCR::Execute (.target.mount, [home_map["device"]:"", dir])) - { - map stat = (map)SCR::Read (.target.stat, dir+"/"+ username); - uidnumber = stat["uid"]:-1; - SCR::Execute (.target.umount, dir); - } - } password = pw1; } if (contains ([`back, `abort, `cancel, `next], ret)) @@ -554,8 +533,6 @@ "userpassword" : password, "cn" : cn ]; - if (uidnumber != -1) - user_map["uidnumber"] = uidnumber; UsersSimple::SetUser (user_map); boolean root_pw = (boolean) UI::QueryWidget (`id (`root_pw),`Value); UsersSimple::SkipRootPasswordDialog (root_pw); Modified: trunk/users/src/routines.ycp URL: http://svn.opensuse.org/viewcvs/yast/trunk/users/src/routines.ycp?rev=45217&r1=45216&r2=45217&view=diff ============================================================================== --- trunk/users/src/routines.ycp (original) +++ trunk/users/src/routines.ycp Wed Mar 5 15:52:46 2008 @@ -8,6 +8,8 @@ * */ { +import "Mode"; + textdomain "users"; /** @@ -77,5 +79,14 @@ if ( what == `givenName ) return givenName; } +// if the user has log on system +define boolean UserLogged (string name) { + + map out = (map) SCR::Execute (.target.bash_output, + sformat ("ps --no-headers -u %1", name)); + string proc = out["stdout"]:""; + return (size (proc) != 0 && !Mode::config ()); +} + } // EOF Added: trunk/users/src/users_proposal.ycp URL: http://svn.opensuse.org/viewcvs/yast/trunk/users/src/users_proposal.ycp?rev=45217&view=auto ============================================================================== --- trunk/users/src/users_proposal.ycp (added) +++ trunk/users/src/users_proposal.ycp Wed Mar 5 15:52:46 2008 @@ -0,0 +1,81 @@ +/** + * File: users_proposal.ycp + * Author: Jiri Suchomel + * Purpose: Proposal for user and root setting + * + * $Id:$ + */ +{ + textdomain "users"; + + import "HTML"; + import "UsersSimple"; + import "Wizard"; + + string func = (string) WFM::Args(0); + map param = (map) WFM::Args(1); + map ret = $[]; + + if ( func == "MakeProposal" ) + { + boolean force_reset = param["force_reset" ]:false; + + string root_proposal = UsersSimple::GetRootPassword () != "" ? + // summary label <%1>-<%2> are HTML tags, leave untouched + sformat (_("<%1>Root Password<%2> is set"), + "a href=\"users--root\"", "/a") : + sformat (_("<%1>Root Password<%2> is not set"), + "a href=\"users--root\"", "/a"); + + // FIXME + list<string> proposal = [ + // summary label <%1>-<%2> are HTML tags, leave untouched + sformat (_("<%1>Authentication<%2>: %3"), + "a href=\"users--user\"", "/a", UsersSimple::AfterAuth () + ) + ]; + + ret = $[ + "preformatted_proposal" : HTML::List (add (proposal,root_proposal)), + "language_changed" : false, + "links" : [ "users--user", "users--root" ], + ]; + } + else if ( func == "Description" ) + { + ret = $[ + // rich text label + "rich_text_title" : _("User Settings"), + "menu_titles" : [ + // menu button label + $[ "id" : "users--user", "title" : _("&User") ], + // menu button label + $[ "id" : "users--root", "title" : _("&Root Password") ] + ], + "id" : "users", + ]; + } + else if (func == "AskUser") + { + + Wizard::OpenAcceptDialog(); + map args = $[ + "enable_back" : true, + "enable_next" : param["has_next"]:false, + ]; + symbol result = `back; + if (param["chosen_id"]:"" == "users--root") + { + UsersSimple::SkipRootPasswordDialog (false); // do not skip now... + result = (symbol)WFM::CallFunction ("inst_root_first", [args]); + } + else + result = (symbol)WFM::CallFunction ("inst_user_first", [args]); + + Wizard::CloseDialog(); + + ret = $[ "workflow_sequence" : result ]; + y2debug( "Returning from users_proposal AskUser() with: %1", ret ); + } + return ret; +} Modified: trunk/users/src/widgets.ycp URL: http://svn.opensuse.org/viewcvs/yast/trunk/users/src/widgets.ycp?rev=45217&r1=45216&r2=45217&view=diff ============================================================================== --- trunk/users/src/widgets.ycp (original) +++ trunk/users/src/widgets.ycp Wed Mar 5 15:52:46 2008 @@ -671,11 +671,7 @@ return nil; } - // if the user has log on system - map out = (map) SCR::Execute (.target.bash_output, - sformat ("ps --no-headers -u %1", uid)); - string proc = out["stdout"]:""; - if (size (proc) != 0 && !Mode::config ()) + if (UserLogged (username)) { // error popup Report::Error(_("You cannot delete this user, because the user is -- To unsubscribe, e-mail: yast-commit+unsubscribe@opensuse.org For additional commands, e-mail: yast-commit+help@opensuse.org