vcl-commits mailing list archives

Site index · List index
Message view « Date » · « Thread »
Top « Date » · « Thread »
From fapee...@apache.org
Subject svn commit: r1482439 - in /vcl/trunk/managementnode/lib/VCL/Module: OS.pm OS/Linux.pm
Date Tue, 14 May 2013 16:38:01 GMT
Author: fapeeler
Date: Tue May 14 16:38:00 2013
New Revision: 1482439

URL: http://svn.apache.org/r1482439
Log:
VCL-692

moved updating external_sshd.config to create_user routine
removed code related to updating updating AllowUsers



Modified:
    vcl/trunk/managementnode/lib/VCL/Module/OS.pm
    vcl/trunk/managementnode/lib/VCL/Module/OS/Linux.pm

Modified: vcl/trunk/managementnode/lib/VCL/Module/OS.pm
URL: http://svn.apache.org/viewvc/vcl/trunk/managementnode/lib/VCL/Module/OS.pm?rev=1482439&r1=1482438&r2=1482439&view=diff
==============================================================================
--- vcl/trunk/managementnode/lib/VCL/Module/OS.pm (original)
+++ vcl/trunk/managementnode/lib/VCL/Module/OS.pm Tue May 14 16:38:00 2013
@@ -2504,7 +2504,6 @@ sub manage_server_access {
 	my @userlist_admin;
 	my @userlist_login;
 	my %user_hash;
-	my $allow_list = $user_login_id_owner;
 
 	if ($server_request_admingroupid) {
 		@userlist_admin = getusergroupmembers($server_request_admingroupid);
@@ -2559,11 +2558,8 @@ sub manage_server_access {
 		next if (!($userid));
 		#Skip reservation owner, this account is processed in the new and reserved states
 		if ($userid eq $user_id_owner) {
-			#Add owner's login id if does not already exist
-         $allow_list .= " $user_login_id_owner" if ($allow_list !~ /$user_login_id_owner/)
;
 			next;
 		}
-		#my $standalone = 0;
 		my $standalone = $user_hash{$userid}{user_info}{STANDALONE};
 
 		if(!$self->user_exists($user_hash{$userid}{username})){
@@ -2571,16 +2567,6 @@ sub manage_server_access {
 		}
 		
 		if(!exists($res_accounts{$userid}) || $request_laststate_name eq "reinstall" ){
-			# check affiliation
-			notify($ERRORS{'DEBUG'}, 0, "checking affiliation for $userid");
-			#my $affiliation_name = get_user_affiliation($user_hash{$userid}{vcl_user_id}); 
-			#if(defined($affiliation_name)) {
-
-			#	if(!(grep(/$affiliation_name/, split(/,/, $not_standalone_list) ))) {
-			#		$standalone = 1;
-			#	}
-			#}
-			
 			if($request_laststate_name ne "reinstall" ){	
 				$user_hash{$userid}{"passwd"} = 0;
 				# Generate password if linux and standalone affiliation
@@ -2613,23 +2599,17 @@ sub manage_server_access {
 			else {
 				notify($ERRORS{'WARNING'}, 0, "Failed to create user on $computer_node_name ");
 			}
-			
-			$allow_list .= " $user_hash{$userid}{username}";
-
 		}
 		else {
 			notify($ERRORS{'DEBUG'}, 0, "$userid exists in reservationaccounts table, assuming it
exists on OS");
 		}
-			
 	}
 
 	#Remove anyone listed in reservationaccounts list that is not in user_hash
 	foreach my $res_userid (sort keys %res_accounts) {
 		notify($ERRORS{'OK'}, 0, "res_userid= $res_userid username= $res_accounts{$res_userid}{username}");
-		#Skip reservation owner, this account is processed in the new and reserved states
+		#Skip reservation owner, this account is not to be removed from the reservation.
       if ($res_userid eq $user_login_id_owner) {
-			#Add owner's login id if it does not already exist
-         $allow_list .= " $user_login_id_owner" if ($allow_list !~ /$user_login_id_owner/)
;
 			#Skip group checks as the owner may not be a member
 			next;
 		}
@@ -2645,23 +2625,10 @@ sub manage_server_access {
 				  }	
 				next;
 		}
-		$allow_list .= " $res_accounts{$res_userid}{username}";
-	}
-	
-	notify($ERRORS{'OK'}, 0, "allow_list= $allow_list");
-	
-	$self->data->set_server_allow_users($allow_list);
-	
-	if ($self->can("update_server_access") ) {
-		if ( $self->update_server_access($allow_list) ) {
-			notify($ERRORS{'OK'}, 0, "updated remote access list");
-		}
 	}
 	
 	return 1;
-
 }
-
 #/////////////////////////////////////////////////////////////////////////////
 
 =head2 process_connect_methods

Modified: vcl/trunk/managementnode/lib/VCL/Module/OS/Linux.pm
URL: http://svn.apache.org/viewvc/vcl/trunk/managementnode/lib/VCL/Module/OS/Linux.pm?rev=1482439&r1=1482438&r2=1482439&view=diff
==============================================================================
--- vcl/trunk/managementnode/lib/VCL/Module/OS/Linux.pm (original)
+++ vcl/trunk/managementnode/lib/VCL/Module/OS/Linux.pm Tue May 14 16:38:00 2013
@@ -962,8 +962,16 @@ sub delete_user {
 	
 	my $imagemeta_rootaccess = $self->data->get_imagemeta_rootaccess();
 	
-	# Remove AllowUsers lines from external_sshd_config
-	$self->remove_lines_from_file('/etc/ssh/external_sshd_config', 'AllowUsers') || return;
+	# Remove user from  external_sshd_config
+	my $rem_user_sshd_cmd = "sed -i -e \"/AllowUsers/s/$user_login_id//\" /etc/ssh/external_sshd_config";

+	if ($self->execute($rem_user_sshd_cmd)) {
+		if (!$self->restart_service("ext_sshd")) {
+      	notify($ERRORS{'WARNING'}, 0, "failed to restart ext_sshd service on $computer_node_name
after updating /etc/ssh/external_sshd_config");
+   	}	
+	}
+	else {
+		notify($ERRORS{'WARNING'}, 0, "Failed to remove user_login_id from external_sshd_config");
+	}
 	
 	# Remove lines from sudoers
 	$self->remove_lines_from_file('/etc/sudoers', "^$user_login_id .*") || return;
@@ -997,6 +1005,16 @@ sub reserve {
 	my $imagemeta_rootaccess = $self->data->get_imagemeta_rootaccess();
 	my $user_uid             = $self->data->get_user_uid();
 	
+	# Remove AllowUsers lines from external_sshd_config
+	if($self->remove_lines_from_file('/etc/ssh/external_sshd_config', 'AllowUsers')) {
+		notify($ERRORS{'WARNING'}, 0, "Error in cleaning AllowUsers directive from external_sshd_config");
+	} 
+	
+	# Append AllowUsers line to the end of the file
+	if (!$self->append_text_file('/etc/ssh/external_sshd_config', "AllowUsers \n")) {
+		notify($ERRORS{'WARNING'}, 0, "Error in appending AllowUsers directive to external_sshd_config");
+	}
+	
 	if ($self->add_vcl_usergroup()) {
 	
 	}
@@ -1031,37 +1049,6 @@ sub grant_access {
 	my $computer_node_name = $self->data->get_computer_node_name();
 	my $server_request_id  = $self->data->get_server_request_id();
 	
-	my $ext_sshd_config_file_path = '/etc/ssh/external_sshd_config';
-	
-	# Remove all AllowUsers lines from external_sshd_config
-	if (!$self->remove_lines_from_file($ext_sshd_config_file_path, 'AllowUsers')) {
-		notify($ERRORS{'WARNING'}, 0, "unable to grant access to $computer_node_name, existing
AllowUsers lines could not be removed from $ext_sshd_config_file_path");
-		return;
-	}
-	
-	# Assemble the list of usernames to add to the AllowUsers line
-	my $allow_users = $user_login_id;
-	
-	if ($server_request_id) {
-		my $server_allow_user_list = $self->data->get_server_allow_users();
-		if ($server_allow_user_list) {
-			notify($ERRORS{'DEBUG'}, 0, "server allow user list: $server_allow_user_list");
-			$allow_users .= " $server_allow_user_list";
-		}
-	}
-	
-	# Append AllowUsers line to the end of the file
-	if (!$self->append_text_file($ext_sshd_config_file_path, "AllowUsers $allow_users\n"))
{
-		notify($ERRORS{'WARNING'}, 0, "unable to grant access to $computer_node_name, failed to
add AllowUsers line $ext_sshd_config_file_path");
-		return;
-	}
-	
-	# Restart the ext_sshd service
-	if (!$self->restart_service('ext_sshd')) {
-		notify($ERRORS{'WARNING'}, 0, "unable to grant access to $computer_node_name, failed to
restart ext_sshd service after configuring AllowUsers lines");
-		return;
-	}
-	
 	# Process the connection methods, allow firewall access from any address
 	if ($self->process_connect_methods("", 1)) {
 		notify($ERRORS{'DEBUG'}, 0, "processed connection methods on $computer_node_name setting
0.0.0.0 for all allowed ports");
@@ -2451,6 +2438,17 @@ sub create_user {
 		}
 	}
 	
+	# Add user to external_sshd_config
+	my $add_user_sshd_cmd = "sed -i -e \"/AllowUsers/s/\$/ $username/\" /etc/ssh/external_sshd_config";

+	if ($self->execute($add_user_sshd_cmd)) {
+		if (!$self->restart_service("ext_sshd")) {
+			notify($ERRORS{'WARNING'}, 0, "failed to restart ext_sshd service on $computer_node_name
after updating /etc/ssh/external_sshd_config");
+    }
+	}
+	else {
+		notify($ERRORS{'CRITICAL'}, 0, "Failed to add username to external_sshd_config");
+	}
+
 	if ($user_standalone) {
 		notify($ERRORS{'DEBUG'}, 0, "Standalone user setting single-use password");
 		
@@ -2508,55 +2506,6 @@ sub create_user {
 } ## end sub create_user
 
 #/////////////////////////////////////////////////////////////////////////////
-
-=head2 update_server_access
-
- Parameters  : 
- Returns     : 
- Description : 
-
-=cut
-
-sub update_server_access {
-	my ($self) = shift;
-	if (ref($self) !~ /linux/i) {
-		notify($ERRORS{'CRITICAL'}, 0, "subroutine was called as a function, it must be called
as a class method");
-		return;
-	}
-	
-	my $server_allow_user_list = shift || $self->data->get_server_allow_users();
-	
-	my $computer_node_name = $self->data->get_computer_node_name();
-	
-	my $ext_sshd_config_file_path = '/etc/ssh/external_sshd_config';
-	
-	if (!$server_allow_user_list) {
-		notify($ERRORS{'DEBUG'}, 0, "$ext_sshd_config_file_path AllowUsers setting not altered,
server allow users list is empty");
-		return 1;
-	}
-	
-	# Remove all AllowUsers lines from external_sshd_config
-	if (!$self->remove_lines_from_file($ext_sshd_config_file_path, 'AllowUsers')) {
-		notify($ERRORS{'WARNING'}, 0, "unable to update server access on $computer_node_name, failed
to remove existing AllowUsers lines from $ext_sshd_config_file_path");
-		return;
-	}
-	
-	# Add AllowUsers line to the end of the file
-	if (!$self->append_text_file($ext_sshd_config_file_path, "AllowUsers $server_allow_user_list\n"))
{
-		notify($ERRORS{'WARNING'}, 0, "unable to update server access on $computer_node_name, failed
to add line to $ext_sshd_config_file_path: AllowUsers $server_allow_user_list");
-		return;
-	}
-	
-	if (!$self->restart_service("ext_sshd")) {
-		notify($ERRORS{'WARNING'}, 0, "failed to restart ext_sshd service on $computer_node_name
after updating $ext_sshd_config_file_path");
-		return;
-	}
-	
-	return 1;
-}
-
-#/////////////////////////////////////////////////////////////////////////////
-
 =head2 enable_dhcp
 
  Parameters  : $interface_name (optional)



Mime
View raw message