fedora-accounts export-shell-accounts.py, 1.3, 1.4 export-shell-accounts.sh, 1.17, 1.18
Michael Patrick McGrath (mmcgrath)
fedora-extras-commits at redhat.com
Wed Dec 5 03:07:02 UTC 2007
- Previous message (by thread): rpms/olpc-utils/OLPC-2 .cvsignore, 1.16, 1.17 olpc-utils.spec, 1.22, 1.23 sources, 1.18, 1.19
- Next message (by thread): rpms/python-turbocheetah/devel .cvsignore, 1.2, 1.3 python-turbocheetah.spec, 1.6, 1.7 sources, 1.2, 1.3 python-turbocheetah-0.9.5-setuptools.patch, 1.1, NONE
- Messages sorted by:
[ date ]
[ thread ]
[ subject ]
[ author ]
Author: mmcgrath
Update of /cvs/fedora/fedora-accounts
In directory cvs-int.fedora.redhat.com:/tmp/cvs-serv10984
Modified Files:
export-shell-accounts.py export-shell-accounts.sh
Log Message:
created new hosted method for creating users and added more groups / types to the hosted group
Index: export-shell-accounts.py
===================================================================
RCS file: /cvs/fedora/fedora-accounts/export-shell-accounts.py,v
retrieving revision 1.3
retrieving revision 1.4
diff -u -r1.3 -r1.4
--- export-shell-accounts.py 9 Jul 2007 19:25:18 -0000 1.3
+++ export-shell-accounts.py 5 Dec 2007 03:07:00 -0000 1.4
@@ -1,4 +1,4 @@
-#!/usr/bin/python2
+#!/usr/bin/python -tt
### Note: do not change the /home/fedora/* home directory pattern here
### without also updating the process-shell-accounts script.
@@ -7,85 +7,116 @@
import website, crypt
import getopt, re
+VALIDSCMS = ['svn', 'hg', 'cvs', 'git', 'bzr']
+
opts, args = getopt.getopt(sys.argv[1:], '', ('usage', 'help'))
-if len(args) < 1 or ('--usage','') in opts or ('--help','') in opts:
- print """
-Usage: export-accounts.py OUTDIR [GROUPS]
+if len(args) < 2 or ('--usage','') in opts or ('--help','') in opts:
+ print """
+Usage: export-accounts.py OUTDIR GROUPS...
"""
- sys.exit(1)
-
+ sys.exit(1)
outdir = args[0]
our_groups = args[1:]
-if len(args) < 2:
- our_groups = []
-
+
fh_passwd = open(outdir + '/passwd', 'w')
fh_shadow = open(outdir + '/shadow', 'w')
fh_group = open(outdir + '/group', 'w')
-dbh = website.get_dbh(dbctx='live')
-dbc = dbh.cursor()
+def write_logins(dbres, type, ctr, gctr, admins):
+ global outdir
+ global fh_passwd
+ global fh_shadow
+ global fh_group
+
+ for res in dbres:
+ uid, username, email, password, gecos, ssh_key = res
+
+ if type == 'scm' and username in admins:
+ # Admins get full access, no need to restrict
+ continue
+
+ # Change any ':' to something more innoculous
+ username = username.replace(':','_')
+ encodedPass = crypt.crypt(password, '$1$' + website.get_rand_str(length=8, prand=1))
+ gecos = gecos.replace(':','_')
+
+ if type == 'scm':
+ # Scm groups can only run specific commands
+ if ssh_key and ssh_key.startswith('ssh-dss') or \
+ ssh_key.startswith('ssh-rsa'):
+ ssh_key = ssh_key.replace('ssh-rsa', 'command="/usr/bin/run-git",no-port-forwarding,no-X11-forwarding,no-agent-forwarding,no-pty ssh-rsa').replace('ssh-dss', 'command="/usr/bin/run-git",no-port-forwarding,no-X11-forwarding,no-agent-forwarding,no-pty ssh-dss')
+ open('%s/%s.pub' % (outdir, username), 'w').write(ssh_key + '\n')
+ else:
+ open('%s/%s.pub' % (outdir, username), 'w').write('INVALID_KEY' + '\n')
+ basic_line = "%s:x:%s:%s:%s:/home/fedora/%s:/usr/bin/run-git" % (
+ username, uid, uid, gecos, username)
+ else:
+ # Admin groups get full shell access
+ if ssh_key:
+ open('%s/%s.pub' % (outdir, username), 'w').write(ssh_key + '\n')
+ basic_line = "%s:x:%s:%s:%s:/home/fedora/%s:/bin/bash" % (
+ username, uid, uid, gecos, username)
+
+ basic_group_line = "%s:x:%s:" % (username, uid)
+ basic_shadow_line = "%s:%s:99999:0:99999:7:::" % (username, encodedPass)
+
+ fh_passwd.write("=%s %s\n" % (uid, basic_line))
+ fh_passwd.write("0%d %s\n" % (ctr, basic_line))
+ fh_passwd.write(".%s %s\n" % (username, basic_line))
+ fh_shadow.write("=%s %s\n" % (uid, basic_shadow_line))
+ fh_shadow.write("0%d %s\n" % (ctr, basic_shadow_line))
+ fh_shadow.write(".%s %s\n" % (username, basic_shadow_line))
+ fh_group.write("=%s %s\n" % (uid, basic_group_line))
+ fh_group.write("0%d %s\n" % (gctr, basic_group_line))
+ fh_group.write(".%s %s\n" % (username, basic_group_line))
-if not our_groups:
- # first get all the groups which do NOT begin with cla_* then put that as the list as acceptable groups
- qry = """select name from project_group where name NOT LIKE 'cla%'"""
-
- dbc.execute(qry)
- dbc.execute(qry)
- for groups in dbc.fetchall():
- for grp in groups:
- our_groups.append(grp)
-
-
-# now get the list of userids in the cla_done group to pass to this next query to get the list of users we care about
-# find cla_done id
-qry = """select id from project_group where name = 'cla_done'"""
-dbc.execute(qry)
-cla_id = dbc.fetchone()[0]
+ ctr += 1
+ gctr += 1
-good_users = []
-qry = """select person_id from role where role_status = 'approved' and project_group_id = %s"""
-dbc.execute(qry, (cla_id, ))
-for userlists in dbc.fetchall():
- good_users.extend(userlists)
-
+dbh = website.get_dbh(dbctx='live')
+dbc = dbh.cursor()
+dbc2 = dbh.cursor()
-qry = """
+groups = []
+scms = []
+for group in our_groups:
+ if group in VALIDSCMS:
+ scms.append(group)
+ else:
+ groups.append(group)
+
+admins = []
+dbres = None
+dbres2 = None
+if groups:
+ qry = """
SELECT DISTINCT person.id, person.username, person.email, person.password, person.human_name, person.ssh_key
FROM role, person, project_group WHERE person.id = role.person_id AND project_group.id = role.project_group_id
-AND person.approval_status = 'approved' AND role.role_status = 'approved' AND project_group.name IN %s AND person.id in %s
+AND person.approval_status = 'approved' AND role.role_status = 'approved' AND project_group.name IN %s
"""
+ dbc.execute(qry, (groups, ))
+ dbres = dbc.fetchall()
+ for admin in dbres:
+ admins.append(admin[1])
-dbc.execute(qry, (our_groups, good_users))
+if scms:
+ qryscm = """
+SELECT DISTINCT person.id, person.username, person.email, person.password, person.human_name, person.ssh_key
+FROM role, person, project_group WHERE person.id = role.person_id AND project_group.id = role.project_group_id
+AND person.approval_status = 'approved' AND role.role_status = 'approved' AND project_group.group_type IN %s
+"""
+ dbc2.execute(qryscm, (scms, ))
+ dbres2 = dbc2.fetchall()
ctr = 0
gctr = 0
-while 1:
- arow = dbc.fetchone()
- if not arow: break
- uid, username, email, password, gecos, ssh_key = arow
-
- if ssh_key:
- open('%s/%s.pub' % (outdir, username), 'w').write(ssh_key + '\n')
+if dbres2:
+ write_logins(dbres2, 'scm', ctr, gctr, admins)
- basic_line = "%s:x:%s:%s:%s:/home/fedora/%s:/bin/bash" % (username, uid, uid, gecos, username)
- basic_group_line = "%s:x:%s:" % (username, uid)
- basic_shadow_line = "%s:%s:99999:0:99999:7:::" % (username,
- crypt.crypt(password, '$1$' + website.get_rand_str(length=8, prand=1))
- )
- fh_passwd.write("=%s %s\n" % (uid, basic_line))
- fh_passwd.write("0%d %s\n" % (ctr, basic_line))
- fh_passwd.write(".%s %s\n" % (username, basic_line))
- fh_shadow.write("=%s %s\n" % (uid, basic_shadow_line))
- fh_shadow.write("0%d %s\n" % (ctr, basic_shadow_line))
- fh_shadow.write(".%s %s\n" % (username, basic_shadow_line))
- fh_group.write("=%s %s\n" % (uid, basic_group_line))
- fh_group.write("0%d %s\n" % (gctr, basic_group_line))
- fh_group.write(".%s %s\n" % (username, basic_group_line))
+if dbres:
+ write_logins(dbres, 'admin', ctr, gctr, admins)
- ctr += 1
- gctr += 1
qry = """
SELECT project_group.id, project_group.name, person.username FROM project_group, role, person WHERE project_group.id = role.project_group_id AND role.person_id = person.id AND person.approval_status = 'approved' AND role.role_status = 'approved'
Index: export-shell-accounts.sh
===================================================================
RCS file: /cvs/fedora/fedora-accounts/export-shell-accounts.sh,v
retrieving revision 1.17
retrieving revision 1.18
diff -u -r1.17 -r1.18
--- export-shell-accounts.sh 3 Dec 2007 23:15:29 -0000 1.17
+++ export-shell-accounts.sh 5 Dec 2007 03:07:00 -0000 1.18
@@ -17,7 +17,7 @@
$ESA /srv/web/accounts/shell-accounts-test sysadmin-main sysadmin-test sysadmin-noc
$ESA /srv/web/accounts/shell-accounts-dba sysadmin-main sysadmin-dba
$ESA /srv/web/accounts/shell-accounts-releng sysadmin-main sysadmin-noc sysadmin-releng
-$ESA /srv/web/accounts/shell-accounts-hosted sysadmin-hosted sysadmin-main sysadmin-noc
+$ESA /srv/web/accounts/shell-accounts-hosted sysadmin-hosted sysadmin-main sysadmin-noc svn git hg git bzr
$ESA /srv/web/accounts/shell-accounts-people
for I in buildsign build cvs main web fpserv torrent all bastion security people test dba releng hosted; do
- Previous message (by thread): rpms/olpc-utils/OLPC-2 .cvsignore, 1.16, 1.17 olpc-utils.spec, 1.22, 1.23 sources, 1.18, 1.19
- Next message (by thread): rpms/python-turbocheetah/devel .cvsignore, 1.2, 1.3 python-turbocheetah.spec, 1.6, 1.7 sources, 1.2, 1.3 python-turbocheetah-0.9.5-setuptools.patch, 1.1, NONE
- Messages sorted by:
[ date ]
[ thread ]
[ subject ]
[ author ]
More information about the fedora-extras-commits
mailing list