|
|
|
@ -27,6 +27,7 @@ import types
|
|
|
|
|
|
|
|
|
|
import getpass
|
|
|
|
|
|
|
|
|
|
from os import path
|
|
|
|
|
from datavars import DataVarsClient, DataVars, __version__,__app__
|
|
|
|
|
|
|
|
|
|
from calculate.lib.cl_template import (Template, iniParser,TemplatesError,
|
|
|
|
@ -35,10 +36,11 @@ from calculate.lib.cl_print import color_print
|
|
|
|
|
from calculate.lib.cl_ldap import ldapUser
|
|
|
|
|
from calculate.lib.utils.ip import Pinger, isOpenPort, IPError
|
|
|
|
|
from calculate.lib.utils.files import (runOsCommand, getModeFile, removeDir,
|
|
|
|
|
isMount, readFile, pathJoin, tarLinks)
|
|
|
|
|
from calculate.lib.utils.common import (getpathenv, appendProgramToEnvFile,
|
|
|
|
|
removeProgramToEnvFile)
|
|
|
|
|
from _cl_keys import getKey, clearKey
|
|
|
|
|
isMount, readFile, pathJoin, tarLinks,process,STDOUT,
|
|
|
|
|
readLinesFile,listDirectory)
|
|
|
|
|
from calculate.lib.utils.common import (getpathenv, appendProgramToEnvFile,
|
|
|
|
|
CommonError,removeProgramToEnvFile,mountEcryptfs)
|
|
|
|
|
from calculate.desktop._cl_keys import getKey, clearKey
|
|
|
|
|
from calculate.lib.convertenv import convertEnv
|
|
|
|
|
from calculate.lib.encrypt import encrypt
|
|
|
|
|
from cl_client_cache import userCache
|
|
|
|
@ -46,6 +48,7 @@ from shutil import copy2
|
|
|
|
|
from socket import gethostbyname
|
|
|
|
|
import tarfile
|
|
|
|
|
from collections import OrderedDict
|
|
|
|
|
from itertools import *
|
|
|
|
|
|
|
|
|
|
from calculate.core.server.func import safetyWrapper
|
|
|
|
|
|
|
|
|
@ -1126,6 +1129,51 @@ class Client(commandServer, encrypt):
|
|
|
|
|
return umountResult
|
|
|
|
|
return True
|
|
|
|
|
|
|
|
|
|
def createCryptDir(self,userName,uid,gid,userDir):
|
|
|
|
|
"""
|
|
|
|
|
Создать шифрование домашней директории, или подключить существующую
|
|
|
|
|
"""
|
|
|
|
|
userPwd = getKey(userName)
|
|
|
|
|
if not userPwd or userPwd == "XXXXXXXX":
|
|
|
|
|
raise ClientError(_("User password not found"))
|
|
|
|
|
ecryptfsPath = path.join('/home/.ecryptfs',userName)
|
|
|
|
|
if path.exists(ecryptfsPath):
|
|
|
|
|
for d in (".ecryptfs",".Private"):
|
|
|
|
|
source,target = path.join(ecryptfsPath,d),path.join(userDir,d)
|
|
|
|
|
if not path.lexists(target):
|
|
|
|
|
os.symlink(source,target)
|
|
|
|
|
error = ""
|
|
|
|
|
try:
|
|
|
|
|
if mountEcryptfs(userName,userPwd,userDir):
|
|
|
|
|
return True
|
|
|
|
|
except CommonError as e:
|
|
|
|
|
error = str(e)
|
|
|
|
|
if error:
|
|
|
|
|
if self.getMountUserPaths(userDir):
|
|
|
|
|
raise ClientError(_("Failed to use crypt directory"))
|
|
|
|
|
for source in (userDir,ecryptfsPath):
|
|
|
|
|
if path.exists(source):
|
|
|
|
|
if listDirectory(source):
|
|
|
|
|
target = source+".bak"
|
|
|
|
|
newtarget = target
|
|
|
|
|
for i in count(2):
|
|
|
|
|
if not path.exists(newtarget):
|
|
|
|
|
break
|
|
|
|
|
newtarget = "%s.%d"%(target,i)
|
|
|
|
|
os.rename(source,newtarget)
|
|
|
|
|
else:
|
|
|
|
|
os.rmdir(source)
|
|
|
|
|
if not os.path.exists(userDir):
|
|
|
|
|
os.makedirs(userDir)
|
|
|
|
|
os.chown(userDir,uid,gid)
|
|
|
|
|
os.chmod(userDir,0700)
|
|
|
|
|
|
|
|
|
|
e = process('/usr/bin/ecryptfs-setup-private',
|
|
|
|
|
'-u',userName,'-b','-l',userPwd,stderr=STDOUT)
|
|
|
|
|
if e.failed():
|
|
|
|
|
raise ClientError(e.read()+
|
|
|
|
|
_("Failed to create encrypt user profile"))
|
|
|
|
|
|
|
|
|
|
def initEnv(self):
|
|
|
|
|
"""
|
|
|
|
|
Init object variables
|
|
|
|
@ -1179,16 +1227,18 @@ class Client(commandServer, encrypt):
|
|
|
|
|
# check for domain workstation and [remote] was mounted
|
|
|
|
|
if not self.isDomain():
|
|
|
|
|
raise ClientError(_("The computer is not in the domain"))
|
|
|
|
|
# user config filename
|
|
|
|
|
configFileName = os.path.join(self.homeDir, self.configFileDesktop)
|
|
|
|
|
# user time object from config file
|
|
|
|
|
currentTimeObj = self.getDateObjClientConf(configFileName)
|
|
|
|
|
currentStatusSync = self.getSyncStatus(self.homeDir)
|
|
|
|
|
# create home directory if it is not exists
|
|
|
|
|
if not os.path.exists(self.homeDir):
|
|
|
|
|
os.makedirs(self.homeDir)
|
|
|
|
|
os.chown(self.homeDir,self.uid,self.gid)
|
|
|
|
|
os.chmod(self.homeDir,0700)
|
|
|
|
|
if self.clVars.Get('ur_home_crypt_set') == 'on':
|
|
|
|
|
self.createCryptDir(self.userName,self.uid,self.gid,self.homeDir)
|
|
|
|
|
# user config filename
|
|
|
|
|
configFileName = os.path.join(self.homeDir, self.configFileDesktop)
|
|
|
|
|
# user time object from config file
|
|
|
|
|
currentTimeObj = self.getDateObjClientConf(configFileName)
|
|
|
|
|
currentStatusSync = self.getSyncStatus(self.homeDir)
|
|
|
|
|
# get local date and statusSync
|
|
|
|
|
# write into config status "process"
|
|
|
|
|
self.setVarToConfig("main", {"status_sync":"process"}, configFileName)
|
|
|
|
@ -1348,6 +1398,7 @@ class Client(commandServer, encrypt):
|
|
|
|
|
# remote link to Moved in home directory
|
|
|
|
|
if os.path.islink(movedLink) and not os.path.exists(movedPath):
|
|
|
|
|
os.unlink(movedLink)
|
|
|
|
|
os.chdir(pathProg)
|
|
|
|
|
return True
|
|
|
|
|
if not os.path.exists(movedPath):
|
|
|
|
|
os.mkdir(movedPath)
|
|
|
|
@ -1366,11 +1417,13 @@ class Client(commandServer, encrypt):
|
|
|
|
|
textLine = self.execProg(execStr)
|
|
|
|
|
if textLine is False:
|
|
|
|
|
self.printERROR(_("Failed to execute") + " " + str(execStr))
|
|
|
|
|
os.chdir(pathProg)
|
|
|
|
|
return False
|
|
|
|
|
execStr = "rm -rf '%s'" %fd
|
|
|
|
|
textLine = self.execProg(execStr)
|
|
|
|
|
if textLine is False:
|
|
|
|
|
self.printERROR(_("Failed to execute") + " " + str(execStr))
|
|
|
|
|
os.chdir(pathProg)
|
|
|
|
|
return False
|
|
|
|
|
os.chdir(pathProg)
|
|
|
|
|
return True
|
|
|
|
@ -1684,11 +1737,12 @@ class Client(commandServer, encrypt):
|
|
|
|
|
dirStart, dirEnd = os.path.split(homeDir)
|
|
|
|
|
mountTemplateDir = os.path.join(dirStart, ".%s" %dirEnd)
|
|
|
|
|
mountRemoteTemplateDir = os.path.join(dirStart, ".%s.remote" %dirEnd)
|
|
|
|
|
return filter(lambda x: x.startswith(homeDir) or\
|
|
|
|
|
x.startswith(mountTemplateDir) or\
|
|
|
|
|
x.startswith(mountRemoteTemplateDir),
|
|
|
|
|
map(lambda x: x.split(" ")[1],\
|
|
|
|
|
open("/proc/mounts").readlines()))
|
|
|
|
|
return filter(lambda x:x != homeDir,
|
|
|
|
|
filter(lambda x: (x.startswith(homeDir) or
|
|
|
|
|
x.startswith(mountTemplateDir) or
|
|
|
|
|
x.startswith(mountRemoteTemplateDir)),
|
|
|
|
|
map(lambda x: x.split(" ")[1],
|
|
|
|
|
readLinesFile('/proc/mounts'))))
|
|
|
|
|
|
|
|
|
|
def execProg(self, cmdStrProg, inStr=False, envProg={}):
|
|
|
|
|
"""
|
|
|
|
@ -2216,6 +2270,13 @@ class Client(commandServer, encrypt):
|
|
|
|
|
if not self.setServerCommand(["passwd_samba"], varsConfig, fileConfig,
|
|
|
|
|
self.uid,self.gid):
|
|
|
|
|
raise ClientError(_("Failed to change password"))
|
|
|
|
|
if self.clVars.Get('ur_home_crypt_set') == 'on':
|
|
|
|
|
passphraseFile = path.join('/home/.ecryptfs',
|
|
|
|
|
self.clVars.Get('ur_login'),".ecryptfs/wrapped-passphrase")
|
|
|
|
|
p = process('/usr/bin/ecryptfs-rewrap-passphrase',passphraseFile, "-",stderr=STDOUT)
|
|
|
|
|
p.write("%s\n%s"%(curPassword,password))
|
|
|
|
|
if p.failed():
|
|
|
|
|
raise ClientError(p.read()+_("Failed to rewrap passphrase"))
|
|
|
|
|
self.printSUCCESS(_("%s's password changed")%
|
|
|
|
|
self.clVars.Get('ur_login'))
|
|
|
|
|
self.printSUCCESS(_("The password will be changed when you log "
|
|
|
|
|