From mboxrd@z Thu Jan 1 00:00:00 1970 From: rmccabe@sourceware.org Date: 8 Jan 2007 19:27:35 -0000 Subject: [Cluster-devel] conga/luci/utils luci_manage Message-ID: <20070108192735.12656.qmail@sourceware.org> List-Id: To: cluster-devel.redhat.com MIME-Version: 1.0 Content-Type: text/plain; charset="us-ascii" Content-Transfer-Encoding: 7bit CVSROOT: /cvs/cluster Module name: conga Branch: RHEL5 Changes by: rmccabe at sourceware.org 2007-01-08 19:27:35 Added files: luci/utils : luci_manage Log message: script to disable and enable access to view the management screens related to bz212445 Patches: http://sourceware.org/cgi-bin/cvsweb.cgi/conga/luci/utils/luci_manage.diff?cvsroot=cluster&only_with_tag=RHEL5&r1=NONE&r2=1.1.2.1 /cvs/cluster/conga/luci/utils/luci_manage,v --> standard output revision 1.1.2.1 --- conga/luci/utils/luci_manage +++ - 2007-01-08 19:27:35.703817000 +0000 @@ -0,0 +1,150 @@ +#!/usr/bin/python + +import sys, os, pwd +import types + +sys.path.extend(( + '/usr/lib/luci/zope/lib/python', + '/usr/lib/luci/zope/lib/python/Products', + '/usr/lib64/luci/zope/lib/python', + '/usr/lib64/luci/zope/lib/python/Products', + '/usr/lib64/luci/zope/lib64/python', + '/usr/lib64/luci/zope/lib64/python/Products', + '/usr/lib64/zope/lib64/python', + '/usr/lib64/zope/lib/python', + '/usr/lib/zope/lib/python', + '/usr/lib64/zope/lib/python/Products', + '/usr/lib64/zope/lib64/python/Products', + '/usr/lib/zope/lib/python/Products' +)) + +from Products import __path__ +for i in [ '/usr/lib/luci/zope/lib/python/Products', + '/usr/lib64/luci/zope/lib/python/Products', + '/usr/lib64/luci/zope/lib64/python/Products', + '/usr/lib64/zope/lib/python/Products', + '/usr/lib64/zope/lib64/python/Products', + '/usr/lib/zope/lib/python/Products' ]: + if os.path.isdir(i): + __path__.append(i) + +LUCI_USER = 'luci' +LUCI_GROUP = 'luci' + +LUCI_BACKUP_DIR = '/var/lib/luci/var' +LUCI_DB_PATH = '/var/lib/luci/var/Data.fs' + +null = file(os.devnull, 'rwb+', 0) +orig_stderr = sys.stderr + +def restore_luci_db_fsattr(): + try: + luci = pwd.getpwnam(LUCI_USER)[2:4] + if not luci or len(luci) != 2: + raise + except: + sys.stderr.write('Cannot find the \"' + LUCI_USER + '\" user.\n') + return -1 + + try: + os.chown(LUCI_DB_PATH, luci[0], luci[1]) + os.chmod(LUCI_DB_PATH, 0600) + for i in [ '.tmp', '.old', '.index', '.lock' ]: + try: + os.chown(LUCI_DB_PATH + i, luci[0], luci[1]) + os.chmod(LUCI_DB_PATH + i, 0600) + except: pass + except: + sys.stderr.write('Unable to change ownership of the Luci database back to user \"' + LUCI_USER + '\"\n') + return -1 + +def luci_set_mgmt(set_state): + sys.stderr = null + import ZODB + from ZODB.FileStorage import FileStorage + from ZODB.DB import DB + import OFS + from OFS.Application import AppInitializer + import OFS.Folder + from Acquisition import Implicit, aq_base, aq_parent, aq_acquire + import AccessControl + import AccessControl.User + from AccessControl.SecurityManagement import newSecurityManager + import transaction + import Products.CMFCore + import Products.CMFCore.MemberDataTool + from CMFPlone.utils import getToolByName + import ImageFile + import Products.PluggableAuthService.plugins.ZODBUserManager + import Products.PlonePAS.Extensions + from Products.PlonePAS import config + from Products.PlonePAS.interfaces.plugins import IUserManagement + import BTrees.OOBTree + ImageFile.ImageFile.__init__ = lambda x,y,z:None + sys.stderr = orig_stderr + + try: + fs = FileStorage(LUCI_DB_PATH) + db = DB(fs) + db.pack() + conn = db.open() + except IOError, e: + if e[0] == 11: + sys.stderr.write('It appears that Luci is running. Please stop Luci before running this program.\n') + return -1 + else: + sys.stderr.write('Unable to open the Luci database \"' + LUCI_DB_PATH + '\":' + str(e) + '\n') + return -1 + except Exception, e: + sys.stderr.write('Unable to open the Luci database \"' + LUCI_DB_PATH + '\":' + str(e) + '\n') + return -1 + + try: + sys.stderr = null + tempuser = AccessControl.User.UnrestrictedUser('admin', '', + ('manage','Manager', 'Owner', 'View', 'Authenticated'), []) + + newSecurityManager(None, tempuser) + + app = conn.root()['Application'] + AppInitializer(app).initialize() + sys.stderr = orig_stderr + except: + sys.stderr = orig_stderr + sys.stderr.write('An error occurred while initializing the Luci environment.\n') + return -1 + + try: + acl_users = app.acl_users.users + portal_mem = app.luci.portal_membership + portal_reg = app.luci.portal_registration + if not (acl_users and len(acl_users) and portal_mem and portal_reg): + raise + except: + sys.stderr.write('Your Luci installation appears to be corrupt.\n') + return -1 + + if set_state is True: + role_set = ( 'Manager', ) + else: + role_set = ('',) + + app._View_management_screens_Permission = role_set + + transaction.commit() + conn.close() + db.pack() + db.close() + fs.close() + + if restore_luci_db_fsattr(): + return -1 + +def main(argv): + if len(argv) > 1 and argv[1].lower() == 'enable': + luci_set_mgmt(True) + else: + luci_set_mgmt(False) + +if __name__ == '__main__': + main(sys.argv)