|
|
|
@ -22,17 +22,25 @@ import pwd
|
|
|
|
|
import time
|
|
|
|
|
import traceback
|
|
|
|
|
|
|
|
|
|
from calculate.desktop._cl_keys import getKey, clearKey
|
|
|
|
|
from datavars import DataVarsDesktop, DataVars, __version__,__app__
|
|
|
|
|
|
|
|
|
|
from calculate.lib.cl_template import (Template, ProgressTemplate,TemplatesError)
|
|
|
|
|
from calculate.lib.cl_template import (Template, ProgressTemplate,
|
|
|
|
|
TemplatesError,templateFunction,iniParser)
|
|
|
|
|
from calculate.lib.utils.files import (runOsCommand, isMount,process,
|
|
|
|
|
getRunCommands)
|
|
|
|
|
from calculate.lib.utils.common import getpathenv
|
|
|
|
|
getRunCommands,STDOUT,childMounts)
|
|
|
|
|
from calculate.lib.utils.common import (getpathenv,appendProgramToEnvFile,
|
|
|
|
|
removeProgramToEnvFile,mountEcryptfs,
|
|
|
|
|
CommonError, isBootstrapDataOnly)
|
|
|
|
|
from calculate.core.server.func import safetyWrapper
|
|
|
|
|
|
|
|
|
|
from calculate.lib.cl_lang import setLocalTranslate,getLazyLocalTranslate
|
|
|
|
|
setLocalTranslate('cl_desktop3',sys.modules[__name__])
|
|
|
|
|
__ = getLazyLocalTranslate(_)
|
|
|
|
|
from itertools import ifilter
|
|
|
|
|
import tarfile
|
|
|
|
|
import tempfile
|
|
|
|
|
import shutil
|
|
|
|
|
|
|
|
|
|
|
|
|
|
|
class DesktopError(Exception):
|
|
|
|
@ -50,7 +58,66 @@ class Desktop:
|
|
|
|
|
self.clTempl = None
|
|
|
|
|
self.clVars = None
|
|
|
|
|
|
|
|
|
|
def createUserDir(self, uid, gid, userDir, mode=0700):
|
|
|
|
|
def createCryptDir(self,userName,uid,gud,userDir):
|
|
|
|
|
"""
|
|
|
|
|
Создать шифрование домашней директории, или подключить существующую
|
|
|
|
|
"""
|
|
|
|
|
userPwd = getKey(userName)
|
|
|
|
|
if not userPwd or userPwd == "XXXXXXXX":
|
|
|
|
|
raise DesktopError(_("User password not found"))
|
|
|
|
|
ecryptfsPath = path.join('/home/.ecryptfs',userName)
|
|
|
|
|
if path.exists(ecryptfsPath):
|
|
|
|
|
for d in (".ecryptfs",".Private"):
|
|
|
|
|
source,target = path.join(ecryptfsPath,d),path.join(userDir,d)
|
|
|
|
|
if not path.lexists(target):
|
|
|
|
|
os.symlink(source,target)
|
|
|
|
|
try:
|
|
|
|
|
if not mountEcryptfs(userName,userPwd,userDir):
|
|
|
|
|
raise DesktopError(_("Failed to mount ecrypted data"))
|
|
|
|
|
except CommonError as e:
|
|
|
|
|
raise DesktopError(_("Failed to mount ecrypted data")+": \"%s\""%str(e))
|
|
|
|
|
else:
|
|
|
|
|
tf = None
|
|
|
|
|
try:
|
|
|
|
|
# если профиль содержит только данные от бутстрапа core
|
|
|
|
|
if isBootstrapDataOnly(userDir):
|
|
|
|
|
if childMounts(userDir):
|
|
|
|
|
raise DesktopError(
|
|
|
|
|
_("Failed to create encrypt user profile")+":"+
|
|
|
|
|
_("User home directory contains mount points"))
|
|
|
|
|
# поместить данные во временный tarfile
|
|
|
|
|
calculateName = ".calculate"
|
|
|
|
|
calculatePath = path.join(userDir,calculateName)
|
|
|
|
|
tf = tempfile.TemporaryFile()
|
|
|
|
|
with tarfile.open(fileobj=tf,mode='w:') as tarf:
|
|
|
|
|
tarf.add(calculatePath,calculateName)
|
|
|
|
|
tf.flush()
|
|
|
|
|
tf.seek(0)
|
|
|
|
|
# удалить эти данные
|
|
|
|
|
shutil.rmtree(calculatePath)
|
|
|
|
|
|
|
|
|
|
# создать шифрованные данные
|
|
|
|
|
e = process('/usr/bin/ecryptfs-setup-private','-u',userName,
|
|
|
|
|
'-b','-l',userPwd,stderr=STDOUT)
|
|
|
|
|
if e.failed():
|
|
|
|
|
raise DesktopError(e.read())
|
|
|
|
|
# если были данные от бутстрапа, то распаковать их
|
|
|
|
|
if tf:
|
|
|
|
|
with tarfile.open(fileobj=tf,mode='r:') as tarf:
|
|
|
|
|
tarf.extractall(userDir)
|
|
|
|
|
except Exception as e:
|
|
|
|
|
if tf:
|
|
|
|
|
tf.seek(0)
|
|
|
|
|
bakArchName = path.join(userDir,".calculate.tar.bz2")
|
|
|
|
|
with open(bakArchName,'w') as f:
|
|
|
|
|
f.write(tf.read())
|
|
|
|
|
raise DesktopError(str(e)+
|
|
|
|
|
_("Failed to create encrypt user profile"))
|
|
|
|
|
finally:
|
|
|
|
|
if tf:
|
|
|
|
|
tf.close()
|
|
|
|
|
|
|
|
|
|
def createUserDir(self, userName, uid, gid, userDir, mode=0700):
|
|
|
|
|
"""
|
|
|
|
|
Create user directory with need uid and gid
|
|
|
|
|
"""
|
|
|
|
@ -117,44 +184,36 @@ class Desktop:
|
|
|
|
|
"""
|
|
|
|
|
Creating user profile and userdir
|
|
|
|
|
"""
|
|
|
|
|
self.initVars(datavars)
|
|
|
|
|
#uid = os.getuid()
|
|
|
|
|
#try:
|
|
|
|
|
# realUserName = pwd.getpwuid(uid).pw_name
|
|
|
|
|
#except:
|
|
|
|
|
# realUserName = ""
|
|
|
|
|
#userName = self.clVars.Get("ur_login")
|
|
|
|
|
#uidGid = False
|
|
|
|
|
#if self.clVars.isModuleInstalled("client"):
|
|
|
|
|
# # domain host
|
|
|
|
|
# domain = self.clVars.Get("client.cl_remote_host")
|
|
|
|
|
# # authorized in domain or local
|
|
|
|
|
# hostAuth = self.clVars.Get("client.os_remote_auth")
|
|
|
|
|
#else:
|
|
|
|
|
# domain = ""
|
|
|
|
|
# hostAuth = ""
|
|
|
|
|
#uid = self.clVars.Get('ur_uid')
|
|
|
|
|
#gid = self.clVars.Get('ur_gid')
|
|
|
|
|
#if not uid or not gid:
|
|
|
|
|
# raise DesktopError(_("Failed to determine the user UID"))
|
|
|
|
|
#uid,gid = int(uid),int(gid)
|
|
|
|
|
self.homeDir = self.clVars.Get('ur_home_path')
|
|
|
|
|
rootPath = self.clVars.Get('cl_root_path')
|
|
|
|
|
# real path to home dir
|
|
|
|
|
self.homeDir = path.join(rootPath, self.homeDir[1:])
|
|
|
|
|
if not path.exists(self.homeDir):
|
|
|
|
|
self.startTask(_("Creating the home directory for %s")%self.homeDir)
|
|
|
|
|
self.createUserDir(userName,uid,gid,self.homeDir)
|
|
|
|
|
self.endTask()
|
|
|
|
|
if (self.clVars.Get('ur_home_crypt_set') == 'on' and
|
|
|
|
|
self.clVars.Get('install.cl_autologin') != userName):
|
|
|
|
|
self.createCryptDir(userName,uid,gid,self.homeDir)
|
|
|
|
|
|
|
|
|
|
domainUser = self.clVars.Get('ur_domain_set') == 'on'
|
|
|
|
|
lastTimestamp = templateFunction.getLastElog()
|
|
|
|
|
iniEnv = path.join(self.homeDir,'.calculate/ini.env')
|
|
|
|
|
userIni = iniParser(iniEnv)
|
|
|
|
|
userTimestamp = userIni.getVar('main','elog').encode('utf-8')
|
|
|
|
|
|
|
|
|
|
#self.homeDir = self.clVars.Get('ur_home_path')
|
|
|
|
|
#rootPath = self.clVars.Get('cl_root_path')
|
|
|
|
|
## real path to home dir
|
|
|
|
|
#self.homeDir = path.join(rootPath, self.homeDir[1:])
|
|
|
|
|
#if not path.exists(self.homeDir):
|
|
|
|
|
# self.startTask(_("Creating the home directory for %s")%self.homeDir)
|
|
|
|
|
# self.createUserDir(uid,gid,self.homeDir)
|
|
|
|
|
## action - "user profile configuration"
|
|
|
|
|
#self.clVars.Set("cl_action", "desktop", True)
|
|
|
|
|
## apply user profiles
|
|
|
|
|
#self.startTask(_("Setting up the user profile"),progress=True)
|
|
|
|
|
#dirsAndFiles = self.applyTemplatesFromUser()
|
|
|
|
|
#self.endTask()
|
|
|
|
|
#if not dirsAndFiles:
|
|
|
|
|
# raise DesktopError(_("Failed to apply user profile templates"))
|
|
|
|
|
#return True
|
|
|
|
|
if (domainUser or not path.exists(iniEnv) or
|
|
|
|
|
userTimestamp != lastTimestamp):
|
|
|
|
|
# action - "user profile configuration"
|
|
|
|
|
self.clVars.Set("cl_action", "desktop", True)
|
|
|
|
|
# apply user profiles
|
|
|
|
|
self.startTask(_("Setting up the user profile"),progress=True)
|
|
|
|
|
dirsAndFiles = self.applyTemplatesFromUser()
|
|
|
|
|
self.endTask()
|
|
|
|
|
if not dirsAndFiles:
|
|
|
|
|
raise DesktopError(_("Failed to apply user profile templates"))
|
|
|
|
|
self.printSUCCESS(_("User account %s is configured")%userName + " ...")
|
|
|
|
|
return True
|
|
|
|
|
|
|
|
|
|
def getMountUserPaths(self, homeDir=False):
|
|
|
|
|
"""
|
|
|
|
@ -219,15 +278,15 @@ class Desktop:
|
|
|
|
|
where='cl_desktop_online_user',eq=urLogin,limit=1)
|
|
|
|
|
session = self.clVars.Get('cl_desktop_xsession')
|
|
|
|
|
if session == 'xfce':
|
|
|
|
|
logoutCommand = "org.xfce.SessionManager " \
|
|
|
|
|
logoutCommand = "/usr/bin/qdbus org.xfce.SessionManager " \
|
|
|
|
|
"/org/xfce/SessionManager Logout False False"
|
|
|
|
|
elif session == 'kde':
|
|
|
|
|
logoutCommand = "org.kde.ksmserver /KSMServer logout 0 0 0"
|
|
|
|
|
logoutCommand = "/usr/bin/kquitapp ksmserver"
|
|
|
|
|
elif session == 'gnome':
|
|
|
|
|
logoutCommand = "org.gnome.SessionManager " \
|
|
|
|
|
logoutCommand = "/usr/bin/qdbus org.gnome.SessionManager " \
|
|
|
|
|
"/org/gnome/SessionManager Logout 1"
|
|
|
|
|
else:
|
|
|
|
|
raise DesktopError(_("Unable detect X session"))
|
|
|
|
|
raise DesktopError(_("Unable to detect the X session"))
|
|
|
|
|
if process("su",urLogin,"-c",
|
|
|
|
|
("DISPLAY=:%s /usr/bin/qdbus "%display)+logoutCommand).failed():
|
|
|
|
|
raise DesktopError(_("Unable send logout command"))
|
|
|
|
|