[node-patches] Change in ovirt-node[master]: validate the cim user exists prior to setting password
mburns at redhat.com
mburns at redhat.com
Sat Oct 13 12:58:12 UTC 2012
Michael Burns has uploaded a new change for review.
Change subject: validate the cim user exists prior to setting password
......................................................................
validate the cim user exists prior to setting password
In certain upgrade conditions, the cim user is not created correctly.
This patch adds a validation to the set_password to ensure that
the user is setup and configured correctly prior to setting
the password.
rhbz#858246
Change-Id: I73ba337154728e20229d3814fb484826c335fb89
Signed-off-by: Mike Burns <mburns at redhat.com>
---
M recipe/common-post.ks
M scripts/ovirt-init-functions.sh
M scripts/ovirt_config_setup/cim.py
M scripts/ovirtnode/ovirtfunctions.py
4 files changed, 44 insertions(+), 2 deletions(-)
git pull ssh://gerrit.ovirt.org:29418/ovirt-node refs/changes/24/8524/1
diff --git a/recipe/common-post.ks b/recipe/common-post.ks
index e1c203b..3939419 100644
--- a/recipe/common-post.ks
+++ b/recipe/common-post.ks
@@ -243,7 +243,7 @@
#CIM related changes
# set read-only
echo "readonly = true;" > /etc/libvirt-cim.conf
-useradd -G sfcb cim
+useradd -g cim -G sfcb -s /sbin/nologin cim
# disable yum repos by default
augtool << \EOF_yum
diff --git a/scripts/ovirt-init-functions.sh b/scripts/ovirt-init-functions.sh
index 72825aa..7c182db 100644
--- a/scripts/ovirt-init-functions.sh
+++ b/scripts/ovirt-init-functions.sh
@@ -550,7 +550,7 @@
fi
if ! grep -q ^cim /etc/passwd; then
unmount_config /etc/passwd /etc/shadow
- useradd -g cim -s /usr/libexec/ovirt-admin-shell cim
+ useradd -G sfcb -g cim -s /sbin/nologin cim
persist /etc/shadow /etc/passwd
fi
;;
diff --git a/scripts/ovirt_config_setup/cim.py b/scripts/ovirt_config_setup/cim.py
index 28bf0cd..babf31a 100755
--- a/scripts/ovirt_config_setup/cim.py
+++ b/scripts/ovirt_config_setup/cim.py
@@ -22,6 +22,8 @@
from ovirtnode.password import *
from snack import *
import _snack
+import grp
+import pwd
def enable_cim():
@@ -45,6 +47,10 @@
def __init__(self, ncs):
PluginBase.__init__(self, "CIM", ncs)
+ self.username = "cim"
+ self.shell = "/sbin/nologin"
+ self.main_group = "cim"
+ self.group_list = "sfcb"
def form(self):
elements = Grid(2, 9)
@@ -114,6 +120,7 @@
def __set_cim_password(self):
msg = None
failed = True
+ self.create_cim_user()
if self.valid_password:
if set_password(self.cim_password_1.value(), "cim"):
msg = "CIM Password Successfully Set"
@@ -138,6 +145,23 @@
return
+ def create_cim_user(self):
+ if not check_user_exists(self.username):
+ add_user(self.username, self.shell, self.main_group, self.groups)
+ else:
+ userinfo = pwd.getpwnam(self.username)
+ if not userinfo.pw_gid == grp.getgrnam(self.main_group).gr_gid:
+ system_closefds("usermod -g %s %s" % (self.main_group,
+ self.username))
+ if not userinfo.pw_shell == self.shell:
+ system_closefds("usermod -s %s %s" % (self.shell,
+ self.username))
+ for group in groups.split(","):
+ if self.username not in grp.getgrnam(group).gr_mem:
+ system_closefds("usermod -G %s %s" % (self.groups,
+ self.username))
+ break
+
def get_plugin(ncs):
return Plugin(ncs)
diff --git a/scripts/ovirtnode/ovirtfunctions.py b/scripts/ovirtnode/ovirtfunctions.py
index fe49e7f..7dbf07b 100644
--- a/scripts/ovirtnode/ovirtfunctions.py
+++ b/scripts/ovirtnode/ovirtfunctions.py
@@ -35,6 +35,8 @@
import cracklib
import libvirt
import logging
+import grp
+import pwd
OVIRT_LOGFILE="/var/log/ovirt.log"
OVIRT_TMP_LOGFILE="/tmp/ovirt.log"
@@ -1146,6 +1148,22 @@
else:
return False
+# Check if a user exists on the system
+def check_user_exists(name):
+ try:
+ pwd.getpwnam(name)
+ return True
+ except KeyError:
+ return False
+
+def add_user(username, shell="/usr/libexec/ovirt-admin-shell", group="",
+ sec_groups="", locked=True):
+ cmd = "useradd -g %s -G %s -s %s %s" % (group, sec_groups, shell, username)
+ system_closeFDS(cmd)
+ if locked:
+ cmd = "passwd -l %s" % username
+ system_closefds(cmd)
+
def get_installed_version_number():
if mount_liveos():
existing_version = open("/liveos/version")
--
To view, visit http://gerrit.ovirt.org/8524
To unsubscribe, visit http://gerrit.ovirt.org/settings
Gerrit-MessageType: newchange
Gerrit-Change-Id: I73ba337154728e20229d3814fb484826c335fb89
Gerrit-PatchSet: 1
Gerrit-Project: ovirt-node
Gerrit-Branch: master
Gerrit-Owner: Michael Burns <mburns at redhat.com>
More information about the node-patches
mailing list