From: rmccabe@sourceware.org <rmccabe@sourceware.org>
To: cluster-devel.redhat.com
Subject: [Cluster-devel] conga/luci/utils luci_admin
Date: 7 Aug 2007 20:22:55 -0000 [thread overview]
Message-ID: <20070807202255.20736.qmail@sourceware.org> (raw)
CVSROOT: /cvs/cluster
Module name: conga
Changes by: rmccabe at sourceware.org 2007-08-07 20:22:54
Modified files:
luci/utils : luci_admin
Log message:
Big cleanup.
Detect and report more error conditions.
Patches:
http://sourceware.org/cgi-bin/cvsweb.cgi/conga/luci/utils/luci_admin.diff?cvsroot=cluster&r1=1.53&r2=1.54
--- conga/luci/utils/luci_admin 2007/02/05 20:08:28 1.53
+++ conga/luci/utils/luci_admin 2007/08/07 20:22:54 1.54
@@ -1,118 +1,116 @@
#!/usr/bin/python
# Copyright (C) 2006-2007 Red Hat, Inc.
+#
+# This program is free software; you can redistribute
+# it and/or modify it under the terms of version 2 of the
+# GNU General Public License as published by the
+# Free Software Foundation.
-import sys, os, stat, select, string, pwd
-from sys import stderr, argv
+import sys, os, select, pwd
+from stat import S_ISREG
import types
import xml
import xml.dom
-from xml.dom import minidom
-
+
sys.path.extend((
'/usr/lib/luci/zope/lib/python',
'/usr/lib/luci/zope/lib/python/Products',
+ '/usr/lib/zope/lib/python',
+ '/usr/lib/zope/lib/python/Products'
'/usr/lib64/luci/zope/lib/python',
'/usr/lib64/luci/zope/lib/python/Products',
'/usr/lib64/luci/zope/lib64/python',
'/usr/lib64/luci/zope/lib64/python/Products',
'/usr/lib64/zope/lib64/python',
'/usr/lib64/zope/lib/python',
- '/usr/lib/zope/lib/python',
'/usr/lib64/zope/lib/python/Products',
'/usr/lib64/zope/lib64/python/Products',
- '/usr/lib/zope/lib/python/Products'
))
from Products import __path__
-for i in ['/usr/lib/luci/zope/lib/python/Products',
- '/usr/lib64/luci/zope/lib/python/Products',
- '/usr/lib64/luci/zope/lib64/python/Products',
- '/usr/lib64/zope/lib/python/Products',
- '/usr/lib64/zope/lib64/python/Products',
- '/usr/lib/zope/lib/python/Products']:
- if os.path.isdir(i):
- __path__.append(i)
-
-LUCI_INIT_DEBUG = 0
-
-LUCI_USER = 'luci'
-LUCI_GROUP = 'luci'
-
-LUCI_HOME_DIR = '/var/lib/luci'
-LUCI_DB_PATH = LUCI_HOME_DIR + '/var/Data.fs'
-LUCI_CERT_DIR = LUCI_HOME_DIR + '/var/certs/'
-LUCI_PEERS_DIR = LUCI_CERT_DIR + 'peers/'
-LUCI_BACKUP_DIR = LUCI_HOME_DIR + '/var'
-LUCI_BACKUP_PATH = LUCI_BACKUP_DIR + '/luci_backup.xml'
-LUCI_ADMIN_SET_PATH = LUCI_HOME_DIR + '/.default_password_has_been_reset'
-
-SSL_PRIVKEY_NAME = 'privkey.pem'
-SSL_PUBKEY_NAME = 'cacert.pem'
-SSL_HTTPS_PRIVKEY_NAME = 'https.key.pem'
-SSL_HTTPS_PUBKEY_NAME = 'https.pem'
-SSL_KEYCONFIG_NAME = 'cacert.config'
-
-SSL_PRIVKEY_PATH = LUCI_CERT_DIR + SSL_PRIVKEY_NAME
-SSL_PUBKEY_PATH = LUCI_CERT_DIR + SSL_PUBKEY_NAME
-SSL_HTTPS_PRIVKEY_PATH = LUCI_CERT_DIR + SSL_HTTPS_PRIVKEY_NAME
-SSL_HTTPS_PUBKEY_PATH = LUCI_CERT_DIR + SSL_HTTPS_PUBKEY_NAME
-SSL_KEYCONFIG_PATH = LUCI_CERT_DIR + SSL_KEYCONFIG_NAME
+
+for tmppath in [
+ '/usr/lib/luci/zope/lib/python/Products',
+ '/usr/lib64/luci/zope/lib/python/Products',
+ '/usr/lib64/luci/zope/lib64/python/Products',
+ '/usr/lib64/zope/lib/python/Products',
+ '/usr/lib64/zope/lib64/python/Products',
+ '/usr/lib/zope/lib/python/Products'
+]:
+ if os.path.isdir(tmppath):
+ __path__.append(tmppath)
+
+LUCI_USER = 'luci'
+LUCI_GROUP = 'luci'
+
+LUCI_HOME_DIR = '/var/lib/luci'
+LUCI_DB_PATH = '%s/var/Data.fs' % LUCI_HOME_DIR
+LUCI_CERT_DIR = '%s/var/certs/' % LUCI_HOME_DIR
+LUCI_PEERS_DIR = '%speers/' % LUCI_CERT_DIR
+LUCI_BACKUP_DIR = '%s/var' % LUCI_HOME_DIR
+LUCI_BACKUP_PATH = '%s/luci_backup.xml' % LUCI_BACKUP_DIR
+LUCI_ADMIN_SET_PATH = '%s/.default_password_has_been_reset' % LUCI_HOME_DIR
+
+SSL_PRIVKEY_NAME = 'privkey.pem'
+SSL_PUBKEY_NAME = 'cacert.pem'
+SSL_HTTPS_PRIVKEY_NAME = 'https.key.pem'
+SSL_HTTPS_PUBKEY_NAME = 'https.pem'
+SSL_KEYCONFIG_NAME = 'cacert.config'
+
+SSL_PRIVKEY_PATH = '%s%s' % (LUCI_CERT_DIR, SSL_PRIVKEY_NAME)
+SSL_PUBKEY_PATH = '%s%s' % (LUCI_CERT_DIR, SSL_PUBKEY_NAME)
+SSL_HTTPS_PRIVKEY_PATH = '%s%s' % (LUCI_CERT_DIR, SSL_HTTPS_PRIVKEY_NAME)
+SSL_HTTPS_PUBKEY_PATH = '%s%s' % (LUCI_CERT_DIR, SSL_HTTPS_PUBKEY_NAME)
+SSL_KEYCONFIG_PATH = '%s%s' % (LUCI_CERT_DIR, SSL_KEYCONFIG_NAME)
ssl_key_data = [
- { 'id' : SSL_PRIVKEY_PATH,
- 'name': SSL_PRIVKEY_NAME,
- 'type': 'private',
- 'mode': 0600 },
- { 'id' : SSL_HTTPS_PRIVKEY_PATH,
- 'name': SSL_HTTPS_PRIVKEY_NAME,
- 'type': 'private',
- 'mode': 0600 },
- { 'id' : SSL_PUBKEY_PATH,
- 'name': SSL_PUBKEY_NAME,
- 'type': 'public',
- 'mode': 0644 },
- { 'id' : SSL_HTTPS_PUBKEY_PATH,
- 'name': SSL_HTTPS_PUBKEY_NAME,
- 'type': 'public',
- 'mode': 0644 },
- { 'id' : SSL_KEYCONFIG_PATH,
- 'name': SSL_KEYCONFIG_NAME,
- 'type': 'config',
- 'mode': 0644 }
+ { 'id': SSL_PRIVKEY_PATH,
+ 'name': SSL_PRIVKEY_NAME,
+ 'type': 'private',
+ 'mode': 0600 },
+ { 'id': SSL_HTTPS_PRIVKEY_PATH,
+ 'name': SSL_HTTPS_PRIVKEY_NAME,
+ 'type': 'private',
+ 'mode': 0600 },
+ { 'id': SSL_PUBKEY_PATH,
+ 'name': SSL_PUBKEY_NAME,
+ 'type': 'public',
+ 'mode': 0644 },
+ { 'id': SSL_HTTPS_PUBKEY_PATH,
+ 'name': SSL_HTTPS_PUBKEY_NAME,
+ 'type': 'public',
+ 'mode': 0644 },
+ { 'id': SSL_KEYCONFIG_PATH,
+ 'name': SSL_KEYCONFIG_NAME,
+ 'type': 'config',
+ 'mode': 0644 }
]
+
for name in os.listdir(LUCI_PEERS_DIR):
- path = LUCI_PEERS_DIR + name
- if stat.S_ISREG(os.stat(path).st_mode):
- ssl_key_data.append({'id' : path,
- 'name' : path.lstrip(LUCI_CERT_DIR),
- 'type' : 'public',
- 'mode' : 0644})
+ ssl_path = '%s%s' % (LUCI_PEERS_DIR, name)
-#null = file(os.devnull, 'rwb+', 0) - available on python 2.4 and above!!!
-null = file('/dev/null', 'rwb+', 0)
-orig_stderr = sys.stderr
+ if S_ISREG(os.stat(ssl_path).st_mode):
+ ssl_key_data.append({
+ 'id': ssl_path,
+ 'name': ssl_path.lstrip(LUCI_CERT_DIR),
+ 'type': 'public',
+ 'mode': 0644
+ })
-if LUCI_INIT_DEBUG:
+orig_stderr = sys.stderr
+if '--debug' in sys.argv or '--verbose' in sys.argv:
verbose = sys.stderr
else:
- verbose = null
-
-
+ verbose = file('/dev/null', 'rwb+', 0)
def get_luci_uid_gid():
- try:
- luci = pwd.getpwnam(LUCI_USER)[2:4]
- if not luci:
- raise
- if len(luci) != 2:
- raise
- return luci
- except:
- msg = 'Cannot find the \"' + LUCI_USER + '\" user.\n'
- sys.stderr.write(msg)
- raise msg
-
+ luci = pwd.getpwnam(LUCI_USER)[2:4]
+ if not luci:
+ raise Exception, 'user lookup failed'
+ if len(luci) != 2:
+ raise Exception, 'user lookup failed'
+ return luci
def set_default_passwd_reset_flag():
# set flag marking admin password has been set
@@ -123,64 +121,68 @@
return True
def get_default_passwd_reset_flag():
- return open(LUCI_ADMIN_SET_PATH, 'r').read(16).strip() == 'True'
-
+ try:
+ return open(LUCI_ADMIN_SET_PATH, 'r').read(16).strip() == 'True'
+ except Exception, e:
+ verbose.write('Failed to write to "%s": %s\n' \
+ % (LUCI_ADMIN_SET_PATH, str(e)))
+ return False
def read_passwd(prompt, confirm_prompt):
from getpass import getpass
+
while True:
s1 = getpass(prompt)
if len(s1) < 6:
- print 'Password has to be at least 6 characters long'
+ sys.stderr.write('Passwords must be at least 6 characters long.\n')
continue
- if ' ' in s1:
- print 'Spaces are not allowed in passwords'
+
+ if ' ' in s1 or '\t' in s1:
+ sys.stderr.write('Spaces are not allowed in passwords.\n')
continue
+
s2 = getpass(confirm_prompt)
if s1 != s2:
- print 'Passwords mismatch, try again'
+ sys.stderr.write('Passwords don\'t match. Try again.\n')
continue
return s1
-
-
def restore_luci_db_fsattr():
uid, gid = -1, -1
try:
uid, gid = get_luci_uid_gid()
except:
+ sys.stderr.write('Unable to determine the user and group of the luci user "%s"\n' \
+ % LUCI_USER)
return -1
-
+
try:
os.chown(LUCI_DB_PATH, uid, gid)
os.chmod(LUCI_DB_PATH, 0600)
- for i in [ '.tmp', '.old', '.index', '.lock' ]:
+ for ext in [ '.tmp', '.old', '.index', '.lock' ]:
+ cur_path = '%s%s' % (LUCI_DB_PATH, ext)
try:
- os.chown(LUCI_DB_PATH + i, uid, gid)
- os.chmod(LUCI_DB_PATH + i, 0600)
- except: pass
- except:
- sys.stderr.write('Unable to change ownership of the Luci database back to user \"' + LUCI_USER + '\"\n')
+ os.chown(cur_path, uid, gid)
+ os.chmod(cur_path, 0600)
+ except Exception, ei:
+ sys.stderr.write('Unable to change ownership of "%s" to user "%s": %s\n' \
+ % (cur_path, LUCI_USER, str(ei)))
+ except Exception, e:
+ sys.stderr.write('Unable to change ownership of the Luci database "%s" back to user "%s": %s\n' \
+ % (LUCI_DB_PATH, LUCI_USER, str(e)))
return -1
def set_zope_passwd(user, passwd):
- sys.stderr = null
- import ZODB
+ sys.stderr = verbose
from ZODB.FileStorage import FileStorage
from ZODB.DB import DB
- import OFS
from OFS.Application import AppInitializer
- import OFS.Folder
import AccessControl
import AccessControl.User
from AccessControl.AuthEncoding import SSHADigestScheme
from AccessControl.SecurityManagement import newSecurityManager
import transaction
- import Products.CMFCore
- import Products.CMFCore.MemberDataTool
import App.ImageFile
- import Products.PluggableAuthService.plugins.ZODBUserManager
- import BTrees.OOBTree
# Zope wants to open a www/ok.gif and images/error.gif
# when you initialize the application object. This keeps
# the AppInitializer(app).initialize() call below from failing.
@@ -193,43 +195,48 @@
conn = db.open()
except IOError, e:
if e[0] == 11:
- sys.stderr.write('It appears that Luci is running. Please stop Luci before attempting to reset passwords.\n')
+ sys.stderr.write('It appears that the luci service is running. You must stop the luci service before using this tool to reset passwords.\n')
return -1
else:
- sys.stderr.write('Unable to open the Luci database \"' + dbfn + '\":' + str(e) + '\n')
+ sys.stderr.write('Unable to open the Luci database "%s": %s\n' \
+ % (LUCI_DB_PATH, str(e)))
return -1
except Exception, e:
- sys.stderr.write('Unable to open the Luci database \"' + dbfn + '\":' + str(e) + '\n')
+ sys.stderr.write('Unable to open the Luci database "%s": %s\n' \
+ % (LUCI_DB_PATH, str(e)))
return -1
try:
- sys.stderr = null
+ sys.stderr = verbose
tempuser = AccessControl.User.UnrestrictedUser('admin', '',
- ('manage','Manager', 'Owner', 'View', 'Authenticated'), [])
+ ('manage', 'Manager', 'Owner', 'View', 'Authenticated'), [])
newSecurityManager(None, tempuser)
app = conn.root()['Application']
AppInitializer(app).initialize()
sys.stderr = orig_stderr
- except:
+ except Exception, e:
sys.stderr = orig_stderr
- sys.stderr.write('An error occurred while setting the password for user \"' + user + '\"\n')
+ sys.stderr.write('An error occurred while setting the password for user "%s": %s\n' \
+ % (user, str(e)))
return -1
ret = -1
try:
pwd_scheme = SSHADigestScheme
- pwd_hash = '{SSHA}' + pwd_scheme.encrypt(SSHADigestScheme(), passwd)
+ pwd_hash = '{SSHA}%s' % pwd_scheme.encrypt(SSHADigestScheme(), passwd)
acl_users = app.acl_users.users
if len(acl_users):
acl_users._user_passwords[user] = pwd_hash
transaction.commit()
ret = 0
else:
- raise
- except:
- sys.stderr.write('Unable to set the password for user \"' + user + '\"\n')
+ raise Exception, 'failed to set password'
+ except Exception, e:
+ sys.stderr = orig_stderr
+ sys.stderr.write('Unable to set the password for user "%s": %s\n' \
+ % (user, str(e)))
conn.close()
db.pack()
@@ -238,34 +245,39 @@
if restore_luci_db_fsattr():
return -1
-
+
if user == 'admin' and ret == 0:
set_default_passwd_reset_flag()
-
- return ret
+ return ret
-def luci_restore_certs(certList):
+def luci_restore_certs(path, certList):
if not certList or len(certList) < 1:
- sys.stderr.write('Your backup file contains no certificate data. Please check that your backup file is not corrupt.\n')
+ sys.stderr.write('Backup file "%s" contains no certificate data\n' \
+ % path)
+ sys.stderr.write('Please check that your backup file is not corrupt.\n')
return -1
certList = certList[0].getElementsByTagName('certificate')
if not certList or len(certList) < 1:
- sys.stderr.write('Your backup file contains no certificate data. Please check that your backup file is not corrupt.\n')
+ sys.stderr.write('Backup file "%s" contains no certificate data\n' \
+ % path)
+ sys.stderr.write('Please check that your backup file is not corrupt.\n')
return -1
- uid, gid = -1, -1
+
try:
uid, gid = get_luci_uid_gid()
- except:
+ except Exception, e:
+ verbose.write('Error getting uid: %s' % str(e))
return -1
for c in certList:
- path = c.getAttribute('name')
- if not path:
- sys.stderr.write('Missing \"name\" field for certificate.\n')
+ cert_path = c.getAttribute('name')
+ if not cert_path :
+ sys.stderr.write('Backup file "%s" is missing the "name" attribute for a certificate.\n' \
+ % path)
return -1
- path = LUCI_CERT_DIR + str(path)
+ cert_path = '%s%s' % (LUCI_CERT_DIR, str(cert_path))
mode = c.getAttribute('mode')
if not mode:
@@ -275,48 +287,50 @@
data = c.firstChild
if not data or not data.wholeText:
- sys.stderr.write('\"' + path + '\" has no certificate data.')
+ sys.stderr.write('Backup file "%s" contains no certificate data.\n' \
+ % path)
return -1
# Because .prettyprint() was called to write the backup..
data = data.wholeText.strip()
if len(data) < 1:
- sys.stderr.write('\"' + path + '\" has no certificate data.')
+ sys.stderr.write('Backup file "%s" contains no certificate data.\n' \
+ % path)
return -1
data = str(data)
try:
- f = file(path, 'wb+')
- except:
- sys.stderr.write('Unable to create \" ' + path + '\" for writing.\n')
+ f = file(cert_path, 'wb+')
+ except Exception, e:
+ sys.stderr.write('Unable to open certificate file "%s" for writing: %s\n' \
+ % (cert_path, str(e)))
return -1
- os.chmod(path, mode)
- f.write(data + '\n')
- os.chown(path, uid, gid)
- f.close()
- return None
+ try:
+ os.chown(path, uid, gid)
+ os.chmod(path, mode)
+ f.write(data)
+ f.write('\n')
+ f.close()
+ except Exception, e:
+ sys.stderr.write('Unable to restore certificate file "%s": %s\n' \
+ % (cert_path, str(e)))
+ return -1
+ return None
def luci_restore(argv):
- sys.stderr = null
- import ZODB
+ sys.stderr = verbose
from ZODB.FileStorage import FileStorage
from ZODB.DB import DB
- import OFS
from OFS.Application import AppInitializer
- import OFS.Folder
import AccessControl
import AccessControl.User
- from AccessControl.AuthEncoding import SSHADigestScheme
from AccessControl.SecurityManagement import newSecurityManager
import transaction
- import Products.CMFCore
- import Products.CMFCore.MemberDataTool
import App.ImageFile
- import Products.PluggableAuthService.plugins.ZODBUserManager
- import BTrees.OOBTree
from DateTime import DateTime
+
App.ImageFile.__init__ = lambda x, y: None
sys.stderr = orig_stderr
@@ -337,34 +351,40 @@
conn = db.open()
except IOError, e:
if e[0] == 11:
- sys.stderr.write('It appears that Luci is running. Please stop Luci before attempting to restore your installation.\n')
+ sys.stderr.write('It appears that the luci service is running.\n')
+ sys.stderr.write('You must stop the luci service before using this tool restore from a backup.\n')
return -1
else:
- sys.stderr.write('Unable to open the Luci database \"' + dbfn + '\":' + str(e) + '\n')
+ sys.stderr.write('Unable to open the Luci database "%s": %s\n' \
+ % (dbfn, str(e)))
return -1
except Exception, e:
- sys.stderr.write('Unable to open the Luci database \"' + dbfn + '\":' + str(e) + '\n')
+ sys.stderr.write('Unable to open the Luci database "%s": %s\n' \
+ % (dbfn, str(e)))
return -1
try:
node = xml.dom.minidom.parse(backupfn)
- except:
- sys.stderr.write('Unable to open the Luci backup file \"'+ backupfn +'\"\n')
+ except Exception, e:
+ sys.stderr.write('Unable to parse backup data contained in file "%s": %s\n' \
+ % (backupfn, str(e)))
return -1
node = node.getElementsByTagName('luci')
if not node or len(node) < 1:
- sys.stderr.write('Backup file is missing the \'luci\' tag\n')
+ sys.stderr.write('Backup file "%s" is missing the "luci" XML tag.\n' \
+ % backupfn)
return -1
node = node[0].getElementsByTagName('backupData')
if not node or len(node) < 1:
- sys.stderr.write('Backup file is missing the \'backupData\' tag\n')
+ sys.stderr.write('Backup file "%s" is missing the "backupData" XML tag\n' \
+ % backupfn)
return -1
- node = node[0]
+ node = node[0]
try:
- sys.stderr = null
+ sys.stderr = verbose
tempuser = AccessControl.User.UnrestrictedUser('admin', '',
('manage','Manager', 'Owner', 'View', 'Authenticated'), [])
@@ -373,9 +393,10 @@
app = conn.root()['Application']
AppInitializer(app).initialize()
sys.stderr = orig_stderr
- except:
+ except Exception, e:
sys.stderr = orig_stderr
- sys.stderr.write('An error occurred while initializing the Luci installation for restoration from backup\n')
+ sys.stderr.write('An error occurred while restoring from backup file "%s": %s\n' \
+ % (backupfn, str(e)))
return -1
try:
@@ -383,52 +404,59 @@
portal_mem = app.luci.portal_membership
portal_reg = app.luci.portal_registration
if not (acl_users and len(acl_users) and portal_mem and portal_reg):
- raise
- except:
- sys.stderr.write('Your Luci installation appears to be corrupt.\n')
+ raise Exception, 'no users are present'
+ except Exception, e:
+ sys.stderr.write('Your Luci installation appears to be corrupt: %s' % str(e))
return -1
userList = node.getElementsByTagName('userList')
if not userList or len(userList) < 1:
- sys.stderr.write('Your backup file contains no users. At the very least, the admin user must exist. Please check that your backup file is not corrupt.\n')
+ sys.stderr.write('Backup file "%s" contains no users.\n' % backupfn)
+ sys.stderr.write('The admin user must exist.\n')
+ sys.stderr.write('Please check that your backup file is not corrupt.\n')
return -1
userList = userList[0].getElementsByTagName('user')
if not userList or len(userList) < 1:
- sys.stderr.write('Your backup file contains no users. At the very least, the admin user must exist. Please check that your backup file is not corrupt.\n')
+ sys.stderr.write('Backup file "%s" contains no users.\n' % backupfn)
+ sys.stderr.write('The admin user must exist.\n')
+ sys.stderr.write('Please check that your backup file is not corrupt.\n')
return -1
for u in userList:
- id = u.getAttribute('id')
- if not id:
+ uid = u.getAttribute('id')
+ if not uid:
transaction.abort()
- sys.stderr.write('Missing ID for user\n')
+ sys.stderr.write('Missing the id attribute for a user in backup file "%s"\n' \
+ % backupfn)
return -1
- id = str(id)
+ uid = str(uid)
passwd = u.getAttribute('passwd')
if not passwd:
transaction.abort()
- sys.stderr.write('Missing password for user \"' + id + '\"\n')
+ sys.stderr.write('Missing password for user "%s" in backup file "%s"\n' \
+ % (uid, backupfn))
return -1
passwd = str(passwd)
- if id == 'admin':
+ if uid == 'admin':
try:
acl_users._user_passwords['admin'] = passwd
- except:
+ except Exception, e:
transaction.abort()
- sys.stderr.write('Unable to restore admin password.')
+ sys.stderr.write('Unable to restore admin password from backup file "%s": %s\n' \
+ % (backupfn, str(e)))
return -1
else:
email = u.getAttribute('email')
if not email:
- email = id + '@luci.example.org'
+ email = '%s@luci.example.org' % uid
else:
email = str(email)
props = {
- 'username': id,
+ 'username': uid,
'roles': [ 'Member' ],
'domains': [],
'email': email,
@@ -449,34 +477,38 @@
if must_change_passwd == 'True' or '1':
props['must_change_password'] = True
- portal_reg.addMember(id, passwd, props)
+ portal_reg.addMember(uid, passwd, props)
- member = portal_mem.getMemberById(id)
+ member = portal_mem.getMemberById(uid)
if not member:
transaction.abort()
- sys.stderr.write('An error occurred while restoring the user \"' + id + '\"\n')
+ sys.stderr.write('An error occurred while restoring the user "%s" from backup file "%s"\n' \
+ % (uid, backupfn))
return -1
try:
aclu = app.luci.acl_users.source_users
if aclu and len(aclu):
- aclu._user_passwords[id] = passwd
+ aclu._user_passwords[uid] = passwd
else:
- raise
- except:
+ raise Exception, 'unable to set password for %s' % uid
+ except Exception, e:
transaction.abort()
- sys.stderr.write('An error occurred while restoring the password for user \"' + id + '\"\n')
+ sys.stderr.write('An error occurred while restoring the password for user "%s" from backup file "%s": %s\n'
+ % (uid, backupfn, str(e)))
return -1
- verbose.write('Added user \"' + id + '\"\n')
+ verbose.write('Added user "%s"' % uid)
transaction.commit()
try:
x = app.luci.systems.storage
if not x:
raise
- except:
+ except Exception, e:
transaction.abort()
- sys.stderr.write('Cannot find the Luci storage systems directory. Your Luci installation may be corrupt.\n')
+ sys.stderr.write('Cannot find the Luci storage systems directory.\n')
+ sys.stderr.write('Your Luci installation may be corrupt.\n')
+ sys.stderr.write('Server error: %s\n' % str(e))
return -1
systemList = node.getElementsByTagName('systemList')
@@ -488,32 +520,33 @@
verbose.write('No storage systems to add\n')
for s in systemList:
- id = s.getAttribute('id')
- if not id:
+ uid = s.getAttribute('id')
+ if not uid:
transaction.abort()
sys.stderr.write('Missing ID for storage system. Your backup may be corrupt.\n')
return -1
- id = str(id)
+ uid = str(uid)
try:
title = str(s.getAttribute('title'))
except:
title = '__luci__:system'
- x.manage_addFolder(id, title)
+ x.manage_addFolder(uid, title)
try:
- new_system = app.luci.systems.storage.get(id)
+ new_system = app.luci.systems.storage.get(uid)
if not new_system:
raise
new_system.manage_acquiredPermissions([])
- new_system.manage_role('View', ['Access contents information','View'])
- except:
+ new_system.manage_role('View', [ 'Access contents information', 'View' ])
+ except Exception, e:
transaction.abort()
- sys.stderr.write('An error occurred while restoring storage system \"' + id + '\"\n')
+ sys.stderr.write('An error occurred while restoring storage system "%s": %s\n' \
+ % (uid, str(e)))
return -1
userPerms = s.getElementsByTagName('permList')
if not userPerms or len(userPerms) < 1:
- verbose.write('Added storage system \"' + id + '\"\n')
+ verbose.write('Added storage system "%s"\n' % uid)
continue
userPerms = userPerms[0].getElementsByTagName('ref')
for i in userPerms:
@@ -522,20 +555,23 @@
continue
try:
new_system.manage_setLocalRoles(newuser, ['View'])
- verbose.write('Added view permission to storage system \"' + id + '\" for \"' + newuser + '\"\n')
- except:
- sys.stderr.write('An error occurred while restoring permission for storage system \"' + id + '\" for user \"' + newuser + '\"\n')
+ verbose.write('Added view permission to storage system "%s" for "%s"\n' \
+ % (uid, newuser))
+ except Exception, e:
+ sys.stderr.write('An error occurred while restoring permission for storage system "%s" for "%s": %s\n' \
+ % (uid, newuser, str(e)))
- verbose.write('Added storage system \"' + id + '\"\n')
+ verbose.write('Added storage system "%s"\n' % uid)
transaction.commit()
try:
x = app.luci.systems.cluster
if not x:
raise
- except:
+ except Exception, e:
transaction.abort()
sys.stderr.write('Cannot find the Luci cluster directory. Your Luci installation may be corrupt.\n')
+ sys.stderr.write('Error reported: %s\n' % str(e))
return -1
clusterList = node.getElementsByTagName('clusterList')
@@ -547,12 +583,12 @@
verbose.write('No clusters to add\n')
for c in clusterList:
- id = c.getAttribute('id')
- if not id:
+ uid = c.getAttribute('id')
+ if not uid:
transaction.abort()
- sys.stderr.write('Cluster element is missing id\n')
+ sys.stderr.write('Cluster element is missing id attribute\n')
return -1
- id = str(id)
+ uid = str(id)
title = c.getAttribute('title')
if not title:
@@ -561,16 +597,17 @@
title = str(title)
try:
- x.manage_addFolder(id, title)
- new_cluster = app.luci.systems.cluster.get(id)
+ x.manage_addFolder(uid, title)
+ new_cluster = app.luci.systems.cluster.get(uid)
if not new_cluster:
raise
new_cluster.manage_acquiredPermissions([])
- new_cluster.manage_role('View', ['Access contents information','View'])
- except:
+ new_cluster.manage_role('View', [ 'Access contents information', 'View' ])
+ except Exception, e:
transaction.abort()
- sys.stderr.write('An error occurred while restoring the cluster \"' + id + '\"\n')
+ sys.stderr.write('An error occurred while restoring the cluster "%s": %s\n' \
+ % (uid, str(e)))
return -1
viewperm = list()
@@ -586,55 +623,62 @@
try:
new_cluster.manage_setLocalRoles(newuser, ['View'])
- verbose.write('Added view permission to cluster \"' + id + '\" for \"' + newuser + '\"\n')
- except:
- sys.stderr.write('An error occurred while restoring permission for cluster \"' + id + '\" for user \"' + newuser + '\"\n')
+ verbose.write('Added view permission to cluster "%s" for "%s"\n' \
+ % (uid, newuser))
+ except Exception, e:
+ sys.stderr.write('An error occurred while restoring permission for cluster "%s" for "%s": %s' \
+ % (uid, newuser, str(e)))
viewperm.append(newuser)
clusterSystems = c.getElementsByTagName('csystemList')
if not clusterSystems or len(clusterSystems) < 1:
- verbose.write('Cluster \"' + id + '\" has no storage systems\n')
+ verbose.write('Cluster "%s" has no storage systems\n' % uid)
else:
clusterSystems = clusterSystems[0].getElementsByTagName('csystem')
for i in clusterSystems:
newsys = i.getAttribute('id')
if not newsys:
transaction.abort()
- sys.stderr.write('Storage system missing name for cluster \"' + id + '\"\n')
+ sys.stderr.write('Storage system missing id attribute for cluster "%s"\n' \
+ % uid)
return -1
newsys = str(newsys)
stitle = i.getAttribute('title')
if not stitle:
- stitle = '__luci__:csystem:' + id
+ stitle = '__luci__:csystem:%s' % uid
else:
stitle = str(stitle)
try:
new_cluster.manage_addFolder(newsys, stitle)
- newcs = app.luci.systems.cluster.get(id).get(newsys)
+ newcs = app.luci.systems.cluster.get(uid).get(newsys)
if not newcs:
raise
newcs.manage_acquiredPermissions([])
- newcs.manage_role('View', ['Access contents information','View'])
- except:
+ newcs.manage_role('View', [ 'Access contents information', 'View' ])
+ except Exception, e:
transaction.abort()
- sys.stderr.write('An error occurred while restoring the storage system \"' + newsys + '\" for cluster \"' + id + '\"\n')
+ sys.stderr.write('An error occurred while restoring the storage system "%s" for cluster "%s": %s' \
+ % (newsys, uid, str(e)))
return -1
transaction.commit()
try:
for i in viewperm:
newcs.manage_setLocalRoles(i, ['View'])
- verbose.write('Added view permission to cluster system \"' + newsys + '\" for \"' + i + '\"\n')
+ verbose.write('Added view permission to cluster system "%s" for "%s"\n' \
+ % (newsys, i))
except:
transaction.abort()
- sys.stderr.write('An error occurred while restoring permissions for cluster system \"' + newsys + '\" in cluster \"' + id + '\" for user \"' + i + '\"\n')
+ sys.stderr.write('An error occurred while restoring permissions for cluster system "%s" in cluster "%s" for user "%s"\n' \
+ % (newsys, uid, i))
return -1
- verbose.write('Added storage system \"' + newsys + '\" for cluster \"' + id + '\"\n')
+ verbose.write('Added storage system "%s" for cluster "%s"\n' \
+ % (newsys, uid))
- verbose.write('Added cluster \"' + id + '\"\n')
+ verbose.write('Added cluster "%s"\n' % uid)
transaction.commit()
transaction.commit()
@@ -645,34 +689,35 @@
certList = node.getElementsByTagName('certificateList')
if not certList or len(certList) < 1:
- sys.stderr.write('No certificate data was found.\n')
+ sys.stderr.write('Backup file "%s" contains no certificate data.\n' \
+ % backupfn)
return -1
- if luci_restore_certs(certList):
+ if luci_restore_certs(backupfn, certList):
sys.stderr.write('An error occurred while restoring certificate data.\n')
return -1
return 0
# This function's ability to work is dependent
-# upon the structure of @dict
-def dataToXML(doc, dict, tltag):
+# upon the structure of @ddict
+def dataToXML(doc, ddict, tltag):
node = doc.createElement(tltag)
- for i in dict:
- if isinstance(dict[i], types.DictType):
+ for i in ddict:
+ if isinstance(ddict[i], types.DictType):
if i[-4:] == 'List':
tagname = i
else:
tagname = tltag[:-4]
- temp = dataToXML(doc, dict[i], tagname)
+ temp = dataToXML(doc, ddict[i], tagname)
node.appendChild(temp)
- elif isinstance(dict[i], types.StringType) or isinstance(dict[i], types.IntType):
- node.setAttribute(i, str(dict[i]))
- elif isinstance(dict[i], types.ListType):
- if len(dict[i]) < 1:
+ elif isinstance(ddict[i], types.StringType) or isinstance(ddict[i], types.IntType):
+ node.setAttribute(i, str(ddict[i]))
+ elif isinstance(ddict[i], types.ListType):
+ if len(ddict[i]) < 1:
continue
temp = doc.createElement(i)
- for x in dict[i]:
+ for x in ddict[i]:
t = doc.createElement('ref')
t.setAttribute('name', x)
temp.appendChild(t.cloneNode(True))
@@ -680,24 +725,16 @@
return node.cloneNode(True)
def luci_backup(argv):
- sys.stderr = null
- import ZODB
+ sys.stderr = verbose
from ZODB.FileStorage import FileStorage
from ZODB.DB import DB
- import OFS
from OFS.Application import AppInitializer
- import OFS.Folder
import AccessControl
import AccessControl.User
- from AccessControl.AuthEncoding import SSHADigestScheme
from AccessControl.SecurityManagement import newSecurityManager
import transaction
- import Products.CMFCore
- import Products.CMFCore.MemberDataTool
- from CMFPlone.utils import getToolByName
+ import CMFPlone
import App.ImageFile
- import Products.PluggableAuthService.plugins.ZODBUserManager
- import BTrees.OOBTree
App.ImageFile.__init__ = lambda x, y: None
sys.stderr = orig_stderr
@@ -706,11 +743,6 @@
else:
dbfn = LUCI_DB_PATH
- if len(argv) > 1:
- backupfn = argv[1]
- else:
- backupfn = LUCI_BACKUP_PATH
-
try:
fs = FileStorage(dbfn)
db = DB(fs)
@@ -721,14 +753,16 @@
sys.stderr.write('It appears that Luci is running. Please stop Luci before attempting to backup your installation.\n')
return -1
else:
- sys.stderr.write('Unable to open the Luci database \"' + dbfn + '\":' + str(e) + '\n')
+ sys.stderr.write('Unable to open the Luci database "%s: %s\n' \
+ % (dbfn, str(e)))
return -1
except Exception, e:
- sys.stderr.write('Unable to open the Luci database \"' + dbfn + '\":' + str(e) + '\n')
+ sys.stderr.write('Unable to open the Luci database "%s: %s\n' \
+ % (dbfn, str(e)))
return -1
try:
- sys.stderr = null
+ sys.stderr = verbose
tempuser = AccessControl.User.UnrestrictedUser('admin', '',
('manage','Manager', 'Owner', 'View', 'Authenticated'), [])
@@ -737,9 +771,10 @@
app = conn.root()['Application']
AppInitializer(app).initialize()
sys.stderr = orig_stderr
- except:
+ except Exception, e:
sys.stderr = orig_stderr
- sys.stderr.write('An error occurred while initializing the Luci installation for restoration from backup\n')
+ sys.stderr.write('An error occurred while initializing luci for restore from backup: %s\n' \
+ % str(e))
return -1
app.luci.portal_memberdata.pruneMemberDataContents()
@@ -748,9 +783,10 @@
try:
acl_users = app.acl_users.users
if not (acl_users and len(acl_users)):
- raise
- except:
- sys.stderr.write('Your Luci installation appears to be corrupt.\n')
+ raise Exception, 'no luci users exist'
+ except Exception, e:
+ sys.stderr.write('Your Luci installation appears to be corrupt: %s\n' \
+ % str(e))
return -1
users = {}
@@ -760,14 +796,15 @@
try:
acl_users = app.acl_users.users
if len(acl_users) < 1:
- raise
+ raise Exception, 'no users exist'
+
users['admin'] = {
'id': 'admin',
'name': 'admin',
'passwd': app.acl_users.users._user_passwords['admin']
}
except:
- sys.stderr.write('Unable to find the admin user.\n')
+ sys.stderr.write('Unable to find the luci admin user.\n')
return -1
acl_users = app.luci.acl_users.source_users
@@ -779,33 +816,39 @@
'name': i[0],
'passwd': i[1]
}
- except:
+ except Exception, e:
try:
- sys.stderr.write('An error occurred while saving details for user \"' + i[0] + '\"\n')
+ sys.stderr.write('An error occurred while saving details for user "%s": %s' \
+ % (i[0], str(e)))
except:
- sys.stderr.write('An error occurred while saving user information.')
+ sys.stderr.write('An error occurred while saving user information: %s' \
+ % str(e))
return -1
try:
- membertool = getToolByName(app.luci, 'portal_membership')
+ membertool = CMFPlone.utils.getToolByName(app.luci, 'portal_membership')
if not membertool:
- raise
+ raise Exception, 'unable to retrieve luci users'
+
for mem in membertool.listMembers():
try:
for i in [ 'login_time', 'last_login_time', 'must_change_password', 'email' ]:
prop = mem.getProperty(i)
if prop != '':
users[mem.id][i] = str(prop)
- except:
+ except Exception, e1:
+ verbose.write('Error retrieving member properties: %s\n' \
+ % str(e1))
continue
- except:
- pass
-
+ except Exception, e:
+ verbose.write('Error retrieving luci user data: %s\n' % str(e))
+
try:
storagedir = app.luci.systems.storage
clusterdir = app.luci.systems.cluster
- except:
- sys.stderr.write('Your Luci installation appears to be corrupt.')
+ except Exception, e:
+ sys.stderr.write('Your Luci installation appears to be corrupt.\n')
+ sys.stderr.write('Server error: %s\n' % str(e))
return -1
if storagedir and len(storagedir):
@@ -822,7 +865,7 @@
systems[i[0]]['permList'] = map(lambda x: x[0], filter(lambda x: len(x) > 1 and 'View' in x[1], roles.items()))
else:
systems[i[0]]['permList'] = {}
-
+
if clusterdir and len(clusterdir):
for i in clusterdir.objectItems():
cluster_name = i[0]
@@ -875,7 +918,7 @@
if len(output) < 1:
raise
except:
- sys.stderr.write('Unable to read \"' + i['id'] + '\"\n')
+ sys.stderr.write('Unable to read "%s"\n' % i['id'])
# An error backing up anything other than the config
# is fatal.
if i['type'] != 'config':
@@ -895,195 +938,182 @@
return doc
-
def _execWithCaptureErrorStatus(command, argv, searchPath = 0, root = '/', stdin = 0, catchfd = 1, catcherrfd = 2, closefd = -1):
- if not os.access (root + command, os.X_OK):
- raise RuntimeError, command + " can not be run"
+ if not os.access (root + command, os.X_OK):
+ raise RuntimeError, '%s%s is not executable' % (root, command)
- (read, write) = os.pipe()
- (read_err,write_err) = os.pipe()
-
- childpid = os.fork()
- if (not childpid):
- # child
- if (root and root != '/'): os.chroot (root)
- if isinstance(catchfd, tuple):
- for fd in catchfd:
- os.dup2(write, fd)
- else:
- os.dup2(write, catchfd)
- os.close(write)
- os.close(read)
-
- if isinstance(catcherrfd, tuple):
- for fd in catcherrfd:
- os.dup2(write_err, fd)
- else:
- os.dup2(write_err, catcherrfd)
- os.close(write_err)
- os.close(read_err)
-
- if closefd != -1:
- os.close(closefd)
-
- if stdin:
- os.dup2(stdin, 0)
- os.close(stdin)
-
- if (searchPath):
- os.execvp(command, argv)
- else:
- os.execv(command, argv)
- # will never come here
-
- os.close(write)
- os.close(write_err)
-
- rc = ""
- rc_err = ""
- in_list = [read, read_err]
- while len(in_list) != 0:
- i,o,e = select.select(in_list, [], [], 0.1)
- for fd in i:
- if fd == read:
- s = os.read(read, 1000)
- if s == '':
- in_list.remove(read)
- rc = rc + s
- if fd == read_err:
- s = os.read(read_err, 1000)
- if s == '':
- in_list.remove(read_err)
- rc_err = rc_err + s
-
- os.close(read)
- os.close(read_err)
-
- status = -1
- try:
- (pid, status) = os.waitpid(childpid, 0)
- except OSError, (errno, msg):
- sys.stderr.write(__name__ + 'waitpid: ' + msg + '\n')
-
- if os.WIFEXITED(status):
- status = os.WEXITSTATUS(status)
- else:
- status = -1
-
- return (rc, rc_err, status)
+ (read, write) = os.pipe()
+ (read_err, write_err) = os.pipe()
+ childpid = os.fork()
+ if (not childpid):
+ # child
+ if (root and root != '/'):
+ os.chroot(root)
+ if isinstance(catchfd, tuple):
+ for fd in catchfd:
+ os.dup2(write, fd)
+ else:
+ os.dup2(write, catchfd)
+ os.close(write)
+ os.close(read)
+
+ if isinstance(catcherrfd, tuple):
+ for fd in catcherrfd:
+ os.dup2(write_err, fd)
+ else:
+ os.dup2(write_err, catcherrfd)
+ os.close(write_err)
+ os.close(read_err)
+
+ if closefd != -1:
+ os.close(closefd)
+
+ if stdin:
+ os.dup2(stdin, 0)
+ os.close(stdin)
+ if (searchPath):
+ os.execvp(command, argv)
+ else:
+ os.execv(command, argv)
+ # will never come here
+ os.close(write)
+ os.close(write_err)
+ rc = ""
+ rc_err = ""
+ in_list = [read, read_err]
+ while len(in_list) != 0:
+ i, o, e = select.select(in_list, [], [], 0.1)
+ for fd in i:
+ if fd == read:
+ s = os.read(read, 1024)
+ if s == '':
+ in_list.remove(read)
+ rc = rc + s
+ if fd == read_err:
+ s = os.read(read_err, 1024)
+ if s == '':
+ in_list.remove(read_err)
+ rc_err = rc_err + s
+
+ os.close(read)
+ os.close(read_err)
+
+ status = -1
+ try:
+ (pid, status) = os.waitpid(childpid, 0)
+ except OSError, (errno, msg):
+ sys.stderr.write('%s waitpid: %s\n' % (__name__ , msg))
+ if os.WIFEXITED(status):
+ status = os.WEXITSTATUS(status)
+ else:
+ status = -1
+ return (rc, rc_err, status)
def luci_initialized():
- # existence of privkey.pem file and
- # admin password (not the one Data.fs comes with)
- # mean that luci has been initialized
- b1 = get_default_passwd_reset_flag()
- b2 = os.access(SSL_PRIVKEY_PATH, os.F_OK)
- return b1 and b2
-
-
+ # existence of privkey.pem file and
+ # admin password (not the one Data.fs comes with)
+ # mean that luci has been initialized
+ b1 = get_default_passwd_reset_flag()
+ b2 = os.access(SSL_PRIVKEY_PATH, os.F_OK)
+ return b1 and b2
def generate_ssl_certs():
- command = '/bin/rm'
- args = [command, '-f', SSL_PRIVKEY_PATH, SSL_PUBKEY_PATH]
- _execWithCaptureErrorStatus(command, args)
-
- # /usr/bin/openssl genrsa -out /var/lib/luci/var/certs/privkey.pem 2048 > /dev/null 2>&1
- command = '/usr/bin/openssl'
- args = [command, 'genrsa', '-out', SSL_PRIVKEY_PATH, '2048']
- _execWithCaptureErrorStatus(command, args)
-
- # /usr/bin/openssl req -new -x509 -key /var/lib/luci/var/certs/privkey.pem -out /var/lib/luci/var/certs/cacert.pem -days 1825 -config /var/lib/luci/var/certs/cacert.config
- command = '/usr/bin/openssl'
- args = [command, 'req', '-new', '-x509', '-key', SSL_PRIVKEY_PATH, '-out', SSL_PUBKEY_PATH, '-days', '1825', '-config', SSL_KEYCONFIG_PATH]
- _execWithCaptureErrorStatus(command, args)
-
- # take ownership and restrict access
- try:
- uid, gid = get_luci_uid_gid()
- os.chown(SSL_PRIVKEY_PATH, uid, gid)
- os.chown(SSL_PUBKEY_PATH, uid, gid)
- os.chmod(SSL_PRIVKEY_PATH, 0600)
- os.chmod(SSL_PUBKEY_PATH, 0644)
- except:
- command = '/bin/rm'
- args = [command, '-f', SSL_PRIVKEY_PATH, SSL_PUBKEY_PATH]
- _execWithCaptureErrorStatus(command, args)
- return False
-
- return True
-
-
-def restart_message():
- print
- print
- print 'Restart the Luci server for changes to take effect'
- print 'eg. service luci restart'
- print
- return
-
+ command = '/bin/rm'
+ args = [command, '-f', SSL_PRIVKEY_PATH, SSL_PUBKEY_PATH]
+ _execWithCaptureErrorStatus(command, args)
+
+ # /usr/bin/openssl genrsa -out /var/lib/luci/var/certs/privkey.pem 2048 > /dev/null 2>&1
+ command = '/usr/bin/openssl'
+ args = [command, 'genrsa', '-out', SSL_PRIVKEY_PATH, '2048']
+ _execWithCaptureErrorStatus(command, args)
+
+ # /usr/bin/openssl req -new -x509 -key /var/lib/luci/var/certs/privkey.pem -out /var/lib/luci/var/certs/cacert.pem -days 1825 -config /var/lib/luci/var/certs/cacert.config
+ command = '/usr/bin/openssl'
+ args = [command, 'req', '-new', '-x509', '-key', SSL_PRIVKEY_PATH, '-out', SSL_PUBKEY_PATH, '-days', '1825', '-config', SSL_KEYCONFIG_PATH]
+ _execWithCaptureErrorStatus(command, args)
+ # take ownership and restrict access
+ try:
+ uid, gid = get_luci_uid_gid()
+ os.chown(SSL_PRIVKEY_PATH, uid, gid)
+ os.chown(SSL_PUBKEY_PATH, uid, gid)
+ os.chmod(SSL_PRIVKEY_PATH, 0600)
+ os.chmod(SSL_PUBKEY_PATH, 0644)
+ except Exception, e:
+ verbose.write('Error setting SSL cert file perms: %s\n' % str(e))
+ command = '/bin/rm'
+ args = [command, '-f', SSL_PRIVKEY_PATH, SSL_PUBKEY_PATH]
+ _execWithCaptureErrorStatus(command, args)
+ return False
+ return True
+def restart_message():
+ print
+ print
+ print 'Restart the Luci server for changes to take effect'
+ print 'eg. service luci restart'
+ print
+ return
def init(argv):
if luci_initialized():
sys.stderr.write('Luci site has been already initialized.\n')
sys.stderr.write('If you want to reset admin password, execute\n')
- sys.stderr.write('\t' + argv[0] + ' password\n')
+ sys.stderr.write('\t%s password\n' % argv[0])
sys.exit(1)
-
+
print 'Initializing the Luci server\n'
-
+
print '\nCreating the \'admin\' user\n'
- password = read_passwd('Enter password: ', 'Confirm password: ')
+ pwd_str = read_passwd('Enter password: ', 'Confirm password: ')
print '\nPlease wait...'
- if not set_zope_passwd('admin', password):
+ if not set_zope_passwd('admin', pwd_str):
restore_luci_db_fsattr()
print 'The admin password has been successfully set.'
else:
sys.stderr.write('Unable to set the admin user\'s password.\n')
sys.exit(1)
-
+
print 'Generating SSL certificates...'
if generate_ssl_certs() == False:
sys.stderr.write('failed. exiting ...\n')
sys.exit(1)
-
+
print 'Luci server has been successfully initialized'
restart_message()
-
- return
+ return
def password(argv):
- password = None
+ pwd_str = None
if '--random' in argv:
- print 'Resetting the admin user\'s password to some random value\n'
+ print 'Setting the admin user\'s password to a random value.\n'
try:
rand = open('/dev/urandom', 'r')
- password = rand.read(16)
+ pwd_str = rand.read(16)
rand.close()
- except:
- sys.stderr.write('Unable to read from /dev/urandom\n')
+ except Exception, e:
+ sys.stderr.write('Unable to read from /dev/urandom: %s\n' % str(e))
sys.exit(1)
else:
if not luci_initialized():
sys.stderr.write('The Luci site has not been initialized.\n')
- sys.stderr.write('To initialize it, execute\n')
- sys.stderr.write('\t' + argv[0] + ' init\n')
+ sys.stderr.write('To initialize it, execute:\n')
+ sys.stderr.write('\t%s init\n' % argv[0])
sys.exit(1)
-
+
print 'Resetting the admin user\'s password\n'
- password = read_passwd('Enter new password: ', 'Confirm password: ')
-
+ pwd_str = read_passwd('Enter new password: ', 'Confirm password: ')
+
print '\nPlease wait...'
- if not set_zope_passwd('admin', password):
+ if not set_zope_passwd('admin', pwd_str):
print 'The admin password has been successfully reset.'
else:
sys.stderr.write('Unable to set the admin user\'s password.\n')
@@ -1093,8 +1123,7 @@
return
-
-def backup(argv):
+def backup_db(argv):
# If the site hasn't been initialized, there's nothing to
# save, and luci_backup() will fail
if not luci_initialized():
@@ -1106,7 +1135,8 @@
try:
os.umask(077)
- except: pass
+ except:
+ pass
doc = luci_backup(argv[2:])
restore_luci_db_fsattr()
@@ -1118,18 +1148,20 @@
# The LUCI_BACKUP_DIR must not be world-writable
# as the code below is obviously not safe against
# races.
- stat = os.stat(LUCI_BACKUP_PATH)
+ os.stat(LUCI_BACKUP_PATH)
trynum = 1
basename = '/luci_backup-'
while True:
- oldbackup = LUCI_BACKUP_DIR + basename + str(trynum) + '.xml'
+ oldbackup = '%s%s%s.xml' % (LUCI_BACKUP_DIR, basename, str(trynum))
if not os.path.exists(oldbackup):
try:
os.rename(LUCI_BACKUP_PATH, oldbackup)
- except:
- sys.stderr.stderr('Unable to rename the existing backup file.\n')
+ except Exception, e1:
+ sys.stderr.write('Unable to rename the existing backup file "%s" to "%s": %s\n' \
+ % (LUCI_BACKUP_PATH, oldbackup, str(e1)))
sys.stderr.write('The Luci backup failed.\n')
+ sys.exit(1)
break
trynum += 1
except OSError, e:
@@ -1139,31 +1171,37 @@
try:
f = file(LUCI_BACKUP_PATH, 'wb+')
except:
- sys.stderr.write('Unable to open \"' + LUCI_BACKUP_PATH + '\" to write backup.\n')
+ sys.stderr.write('Unable to open the file "%s" to write backup data.\n'
+ % LUCI_BACKUP_PATH)
sys.stderr.write('The Luci backup failed.\n')
sys.exit(1)
try:
os.chmod(LUCI_BACKUP_PATH, 0600)
except OSError, e:
- sys.stderr.write('An error occurred while making \"' + LUCI_BACKUP_PATH + '\" read-only: ' + e + '\n')
+ sys.stderr.write('An error occurred while setting file permissions on backup file "%s": %s\n' \
+ % (LUCI_BACKUP_PATH, str(e)))
sys.stderr.write('Please check that this file is not world-readable.\n')
try:
f.write(doc.toprettyxml())
f.close()
- except:
- sys.stderr.write('The Luci backup failed.\n')
+ except Exception, e:
+ sys.stderr.write('An error occurred while writing backup file "%s": %s\n' \
+ % (LUCI_BACKUP_PATH, str(e)))
+ sys.stderr.write('Luci backup failed.\n')
sys.exit(1)
- print 'Luci backup was successful.\nThe backup data is contained in the file \"' + LUCI_BACKUP_PATH + '\"'
-
+ print 'The luci backup procedure was successful.'
+ print 'Backup data is contained in the file "%s"' % LUCI_BACKUP_PATH
-def restore(argv):
+def restore_db(argv):
print 'Restoring the Luci server...'
- try: os.umask(077)
- except: pass
+ try:
+ os.umask(077)
+ except:
+ pass
if luci_restore(argv[2:]):
ret = False
@@ -1179,67 +1217,61 @@
return ret
-
def luci_help(argv):
- print 'Usage:'
- print argv[0] + ' [init|backup|restore|password|help]'
- print
- print '\tinit: initialize Luci site'
- print '\tpassword: reset admin password'
- print '\t\t--random: reset admin password to random value (disable account)'
- print '\tbackup: backup Luci site to a file'
- print '\trestore: restore Luci site from backup'
- print '\thelp: this help message'
- print
-
-
+ print 'Usage:'
+ print argv[0] + ' [init|backup|restore|password|help]'
+ print
+ print '\tinit: initialize Luci site'
+ print '\tpassword: reset admin password'
+ print '\t\t--random: reset admin password to random value (disable account)'
+ print '\tbackup: backup Luci site to a file'
+ print '\trestore: restore Luci site from backup'
+ print '\thelp: this help message'
+ print
def test_luci_installation():
- # perform basic checks
- # TODO: do more tests
-
- # check if luci user and group are present on the system
- try:
- get_luci_uid_gid()
- except:
- sys.stderr.write('There is a problem with luci installation!\n')
- sys.stderr.write('Mising luci\'s system account and group')
- sys.stderr.write('Recommended action: reinstall luci\n\n')
- sys.exit(3)
-
- return True
+ # perform basic checks
+ # TODO: do more tests
+ # check if luci user and group are present on the system
+ try:
+ get_luci_uid_gid()
+ except:
+ sys.stderr.write('There is a problem with luci installation.\n')
+ sys.stderr.write('Mising luci\'s system account and group.\n')
+ sys.stderr.write('Recommended action: reinstall luci.\n\n')
+ sys.exit(3)
+ return True
def main(argv):
- if len(argv) < 2:
- luci_help(argv)
- sys.exit(1)
-
- # only root should run this
- if os.getuid() != 0:
- sys.stderr.write('Only \'root\' can run ' + argv[0] + '\n')
- sys.stderr.write('Try again with root privileges.\n')
- sys.exit(2)
-
- # test if luci installation is OK
- test_luci_installation()
-
- if 'init' in argv:
- init(argv)
- elif 'backup' in argv:
- backup(argv)
- elif 'restore' in argv:
- restore(argv)
- elif 'password' in argv:
- password(argv)
- elif 'help' in argv:
- luci_help(argv)
- else:
- sys.stderr.write('Unknown command\n\n')
- luci_help(argv)
- sys.exit(1)
+ if len(argv) < 2:
+ luci_help(argv)
+ sys.exit(1)
+ # only root should run this
+ if os.getuid() != 0:
+ sys.stderr.write('Only "root" can run %s\n' % argv[0])
+ sys.stderr.write('Try again with root privileges.\n')
+ sys.exit(2)
+
+ # test if luci installation is OK
+ test_luci_installation()
+
+ if 'init' in argv:
+ init(argv)
+ elif 'backup' in argv:
+ backup_db(argv)
+ elif 'restore' in argv:
+ restore_db(argv)
+ elif 'password' in argv:
+ password(argv)
+ elif 'help' in argv:
+ luci_help(argv)
+ else:
+ sys.stderr.write('Unknown command\n\n')
+ luci_help(argv)
+ sys.exit(1)
# If called from the command line
if __name__ == '__main__':
- main(sys.argv)
+ main(sys.argv)
next reply other threads:[~2007-08-07 20:22 UTC|newest]
Thread overview: 45+ messages / expand[flat|nested] mbox.gz Atom feed top
2007-08-07 20:22 rmccabe [this message]
-- strict thread matches above, loose matches on Subject: below --
2011-03-25 20:14 [Cluster-devel] conga/luci/utils luci_admin rmccabe
2007-09-19 5:17 rmccabe
2007-08-10 18:36 rmccabe
2007-08-10 18:33 rmccabe
2007-08-10 18:32 rmccabe
2006-10-13 6:56 kupcevic
2006-08-18 18:03 rmccabe
2006-08-04 19:19 rmccabe
2006-08-04 18:37 rmccabe
2006-08-03 22:58 kupcevic
2006-08-03 21:19 rmccabe
2006-08-03 21:11 rmccabe
2006-08-03 16:32 rmccabe
2006-08-03 15:55 rmccabe
2006-08-03 12:26 rmccabe
2006-08-03 3:58 rmccabe
2006-08-03 3:30 rmccabe
2006-08-02 23:29 rmccabe
2006-08-02 20:52 rmccabe
2006-08-02 20:45 rmccabe
2006-07-26 1:17 rmccabe
2006-07-25 22:36 rmccabe
2006-07-11 18:46 rmccabe
2006-07-11 14:51 rmccabe
2006-06-29 18:04 rmccabe
2006-06-29 17:51 rmccabe
2006-06-27 19:50 rmccabe
2006-06-27 19:40 rmccabe
2006-06-27 18:19 rmccabe
2006-06-26 22:30 rmccabe
2006-06-26 20:01 rmccabe
2006-06-21 23:06 rmccabe
2006-06-21 17:41 rmccabe
2006-06-21 17:06 rmccabe
2006-06-18 15:02 rmccabe
2006-06-18 12:50 rmccabe
2006-06-18 3:26 rmccabe
2006-06-16 23:19 rmccabe
2006-06-16 19:35 rmccabe
2006-06-16 18:17 rmccabe
2006-06-16 17:44 rmccabe
2006-06-16 5:35 rmccabe
2006-06-13 18:42 rmccabe
2006-06-13 17:36 rmccabe
Reply instructions:
You may reply publicly to this message via plain-text email
using any one of the following methods:
* Save the following mbox file, import it into your mail client,
and reply-to-all from there: mbox
Avoid top-posting and favor interleaved quoting:
https://en.wikipedia.org/wiki/Posting_style#Interleaved_style
* Reply using the --to, --cc, and --in-reply-to
switches of git-send-email(1):
git send-email \
--in-reply-to=20070807202255.20736.qmail@sourceware.org \
--to=rmccabe@sourceware.org \
/path/to/YOUR_REPLY
https://kernel.org/pub/software/scm/git/docs/git-send-email.html
* If your mail client supports setting the In-Reply-To header
via mailto: links, try the mailto: link
Be sure your reply has a Subject: header at the top and a blank line
before the message body.
This is an external index of several public inboxes,
see mirroring instructions on how to clone and mirror
all data and code used by this external index.