This makes a couple of changes: - fixes bogus access test on libuser.conf in createLuserConf() - adds appropriate logging to createLuserConf() - createLuserConf returns the path it created. - Users.* no longer chroot+del LIBUSER_CONF if the new root is / --- users.py | 71 ++++++++++++++++++++++++++++++++++++++++++++++++++++--------- 1 files changed, 60 insertions(+), 11 deletions(-) diff --git a/users.py b/users.py index 57e68fa..015b588 100644 --- a/users.py +++ b/users.py @@ -32,12 +32,22 @@ log = logging.getLogger("anaconda") def createLuserConf(instPath, algoname='sha512'): """Writes a libuser.conf for instPath.""" - if os.getenv("LIBUSER_CONF") and \ - os.access(os.environ["LIBUSER_CONF"], os.R_OK): + createTmp = False + try: fn = os.environ["LIBUSER_CONF"] + if os.access(fn, os.F_OK): + log.info("removing libuser.conf at %s" % (os.getenv("LIBUSER_CONF"))) + os.unlink(fn) + log.info("created new libuser.conf at %s with instPath=\"%s\"" % \ + (fn,instPath)) fd = open(fn, 'w') - else: + except: + createTmp = True + + if createTmp: (fp, fn) = tempfile.mkstemp(prefix="libuser.") + log.info("created new libuser.conf at %s with instPath=\"%s\"" % \ + (fn,instPath)) fd = os.fdopen(fp, 'w') buf = """ @@ -57,6 +67,8 @@ directory = %(instPath)s/etc fd.close() os.environ["LIBUSER_CONF"] = fn + return fn + # These are explained in crypt/crypt-entry.c in glibc's code. The prefixes # we use for the different crypt salts: # $1$ MD5 @@ -88,9 +100,10 @@ class Users: childpid = os.fork() if not childpid: - os.chroot(root) + if not root in ["","/"]: + os.chroot(root) + del(os.environ["LIBUSER_CONF"]) - del(os.environ["LIBUSER_CONF"]) self.admin = libuser.admin() try: @@ -125,9 +138,10 @@ class Users: childpid = os.fork() if not childpid: - os.chroot(root) + if not root in ["","/"]: + os.chroot(root) + del(os.environ["LIBUSER_CONF"]) - del(os.environ["LIBUSER_CONF"]) self.admin = libuser.admin() try: @@ -195,12 +209,47 @@ class Users: def setRootPassword(self, password, isCrypted, lock, algo=None): rootUser = self.admin.lookupUserByName("root") + def checkUserExists(self, username, root="/mnt/sysimage"): + childpid = os.fork() + + if not childpid: + if not root in ["","/"]: + os.chroot(root) + del(os.environ["LIBUSER_CONF"]) + + self.admin = libuser.admin() + + try: + if self.admin.lookupUserByName(username): + os._exit(0) + except Exception, e: + log.critical("Error when searching for user: %s" % str(e)) + os._exit(1) + + try: + (pid, status) = os.waitpid(childpid, 0) + except OSError as e: + log.critical("exception from waitpid while creating a user: %s %s" % (e.errno, e.strerror)) + return False + + if os.WIFEXITED(status) and (os.WEXITSTATUS(status) == 0): + return True + else: + return False + + def setUserPassword(self, username, password, isCrypted, lock, algo=None): + user = self.admin.lookupUserByName(username) + if isCrypted: - self.admin.setpassUser(rootUser, password, True) + self.admin.setpassUser(user, password, True) else: - self.admin.setpassUser(rootUser, cryptPassword(password, algo=algo), True) + self.admin.setpassUser(user, cryptPassword(password, algo=algo), True) if lock: - self.admin.lockUser(rootUser) + self.admin.lockUser(user) + + self.admin.modifyUser(user) + + def setRootPassword(self, password, isCrypted, lock, algo=None): + return self.setUserPassword("root", password, isCrypted, lock, algo) - self.admin.modifyUser(rootUser) -- 1.6.5.rc2 _______________________________________________ Anaconda-devel-list mailing list Anaconda-devel-list@xxxxxxxxxx https://www.redhat.com/mailman/listinfo/anaconda-devel-list