From: rmccabe@sourceware.org <rmccabe@sourceware.org>
To: cluster-devel.redhat.com
Subject: [Cluster-devel] conga/luci/utils luci_manage
Date: 8 Jan 2007 19:26:15 -0000 [thread overview]
Message-ID: <20070108192615.12296.qmail@sourceware.org> (raw)
CVSROOT: /cvs/cluster
Module name: conga
Changes by: rmccabe at sourceware.org 2007-01-08 19:26:15
Added files:
luci/utils : luci_manage
Log message:
script to disable and enable access to view the management screens
related to bz212445
Patches:
http://sourceware.org/cgi-bin/cvsweb.cgi/conga/luci/utils/luci_manage.diff?cvsroot=cluster&r1=NONE&r2=1.1
/cvs/cluster/conga/luci/utils/luci_manage,v --> standard output
revision 1.1
--- conga/luci/utils/luci_manage
+++ - 2007-01-08 19:26:15.467651000 +0000
@@ -0,0 +1,150 @@
+#!/usr/bin/python
+
+import sys, os, pwd
+import types
+
+sys.path.extend((
+ '/usr/lib/luci/zope/lib/python',
+ '/usr/lib/luci/zope/lib/python/Products',
+ '/usr/lib64/luci/zope/lib/python',
+ '/usr/lib64/luci/zope/lib/python/Products',
+ '/usr/lib64/luci/zope/lib64/python',
+ '/usr/lib64/luci/zope/lib64/python/Products',
+ '/usr/lib64/zope/lib64/python',
+ '/usr/lib64/zope/lib/python',
+ '/usr/lib/zope/lib/python',
+ '/usr/lib64/zope/lib/python/Products',
+ '/usr/lib64/zope/lib64/python/Products',
+ '/usr/lib/zope/lib/python/Products'
+))
+
+from Products import __path__
+for i in [ '/usr/lib/luci/zope/lib/python/Products',
+ '/usr/lib64/luci/zope/lib/python/Products',
+ '/usr/lib64/luci/zope/lib64/python/Products',
+ '/usr/lib64/zope/lib/python/Products',
+ '/usr/lib64/zope/lib64/python/Products',
+ '/usr/lib/zope/lib/python/Products' ]:
+ if os.path.isdir(i):
+ __path__.append(i)
+
+LUCI_USER = 'luci'
+LUCI_GROUP = 'luci'
+
+LUCI_BACKUP_DIR = '/var/lib/luci/var'
+LUCI_DB_PATH = '/var/lib/luci/var/Data.fs'
+
+null = file(os.devnull, 'rwb+', 0)
+orig_stderr = sys.stderr
+
+def restore_luci_db_fsattr():
+ try:
+ luci = pwd.getpwnam(LUCI_USER)[2:4]
+ if not luci or len(luci) != 2:
+ raise
+ except:
+ sys.stderr.write('Cannot find the \"' + LUCI_USER + '\" user.\n')
+ return -1
+
+ try:
+ os.chown(LUCI_DB_PATH, luci[0], luci[1])
+ os.chmod(LUCI_DB_PATH, 0600)
+ for i in [ '.tmp', '.old', '.index', '.lock' ]:
+ try:
+ os.chown(LUCI_DB_PATH + i, luci[0], luci[1])
+ os.chmod(LUCI_DB_PATH + i, 0600)
+ except: pass
+ except:
+ sys.stderr.write('Unable to change ownership of the Luci database back to user \"' + LUCI_USER + '\"\n')
+ return -1
+
+def luci_set_mgmt(set_state):
+ sys.stderr = null
+ import ZODB
+ from ZODB.FileStorage import FileStorage
+ from ZODB.DB import DB
+ import OFS
+ from OFS.Application import AppInitializer
+ import OFS.Folder
+ from Acquisition import Implicit, aq_base, aq_parent, aq_acquire
+ import AccessControl
+ import AccessControl.User
+ from AccessControl.SecurityManagement import newSecurityManager
+ import transaction
+ import Products.CMFCore
+ import Products.CMFCore.MemberDataTool
+ from CMFPlone.utils import getToolByName
+ import ImageFile
+ import Products.PluggableAuthService.plugins.ZODBUserManager
+ import Products.PlonePAS.Extensions
+ from Products.PlonePAS import config
+ from Products.PlonePAS.interfaces.plugins import IUserManagement
+ import BTrees.OOBTree
+ ImageFile.ImageFile.__init__ = lambda x,y,z:None
+ sys.stderr = orig_stderr
+
+ try:
+ fs = FileStorage(LUCI_DB_PATH)
+ db = DB(fs)
+ db.pack()
+ conn = db.open()
+ except IOError, e:
+ if e[0] == 11:
+ sys.stderr.write('It appears that Luci is running. Please stop Luci before running this program.\n')
+ return -1
+ else:
+ sys.stderr.write('Unable to open the Luci database \"' + LUCI_DB_PATH + '\":' + str(e) + '\n')
+ return -1
+ except Exception, e:
+ sys.stderr.write('Unable to open the Luci database \"' + LUCI_DB_PATH + '\":' + str(e) + '\n')
+ return -1
+
+ try:
+ sys.stderr = null
+ tempuser = AccessControl.User.UnrestrictedUser('admin', '',
+ ('manage','Manager', 'Owner', 'View', 'Authenticated'), [])
+
+ newSecurityManager(None, tempuser)
+
+ app = conn.root()['Application']
+ AppInitializer(app).initialize()
+ sys.stderr = orig_stderr
+ except:
+ sys.stderr = orig_stderr
+ sys.stderr.write('An error occurred while initializing the Luci environment.\n')
+ return -1
+
+ try:
+ acl_users = app.acl_users.users
+ portal_mem = app.luci.portal_membership
+ portal_reg = app.luci.portal_registration
+ if not (acl_users and len(acl_users) and portal_mem and portal_reg):
+ raise
+ except:
+ sys.stderr.write('Your Luci installation appears to be corrupt.\n')
+ return -1
+
+ if set_state is True:
+ role_set = ( 'Manager', )
+ else:
+ role_set = ('',)
+
+ app._View_management_screens_Permission = role_set
+
+ transaction.commit()
+ conn.close()
+ db.pack()
+ db.close()
+ fs.close()
+
+ if restore_luci_db_fsattr():
+ return -1
+
+def main(argv):
+ if len(argv) > 1 and argv[1].lower() == 'enable':
+ luci_set_mgmt(True)
+ else:
+ luci_set_mgmt(False)
+
+if __name__ == '__main__':
+ main(sys.argv)
next reply other threads:[~2007-01-08 19:26 UTC|newest]
Thread overview: 2+ messages / expand[flat|nested] mbox.gz Atom feed top
2007-01-08 19:26 rmccabe [this message]
-- strict thread matches above, loose matches on Subject: below --
2007-01-08 19:27 [Cluster-devel] conga/luci/utils luci_manage rmccabe
Reply instructions:
You may reply publicly to this message via plain-text email
using any one of the following methods:
* Save the following mbox file, import it into your mail client,
and reply-to-all from there: mbox
Avoid top-posting and favor interleaved quoting:
https://en.wikipedia.org/wiki/Posting_style#Interleaved_style
* Reply using the --to, --cc, and --in-reply-to
switches of git-send-email(1):
git send-email \
--in-reply-to=20070108192615.12296.qmail@sourceware.org \
--to=rmccabe@sourceware.org \
/path/to/YOUR_REPLY
https://kernel.org/pub/software/scm/git/docs/git-send-email.html
* If your mail client supports setting the In-Reply-To header
via mailto: links, try the mailto: link
Be sure your reply has a Subject: header at the top and a blank line
before the message body.
This is a public inbox, see mirroring instructions
for how to clone and mirror all data and code used for this inbox;
as well as URLs for NNTP newsgroup(s).