Author: fapeeler
Date: Thu Jun 5 16:34:13 2014
New Revision: 1600696
URL: http://svn.apache.org/r1600696
Log:
VCL-584
updated create_user routines to not grant admin access when
imagemeta_rootaccess is set to no
Case in manage_server_access routine where root access is passed as a variable
Modified:
vcl/trunk/managementnode/lib/VCL/Module/OS/Linux.pm
vcl/trunk/managementnode/lib/VCL/Module/OS/Windows.pm
Modified: vcl/trunk/managementnode/lib/VCL/Module/OS/Linux.pm
URL:
http://svn.apache.org/viewvc/vcl/trunk/managementnode/lib/VCL/Module/OS/Linux.pm?rev=1600696&r1=1600695&r2=1600696&view=diff
==============================================================================
--- vcl/trunk/managementnode/lib/VCL/Module/OS/Linux.pm (original)
+++ vcl/trunk/managementnode/lib/VCL/Module/OS/Linux.pm Thu Jun 5 16:34:13 2014
@@ -2417,6 +2417,7 @@ sub create_user {
}
my $computer_node_name = $self->data->get_computer_node_name();
+ my $imagemeta_root_access = $self->data->get_imagemeta_rootaccess();
# Check if username argument was supplied
my $user_login_id = shift;
@@ -2523,19 +2524,25 @@ sub create_user {
$self->restart_service('ext_sshd') || return;
# Check image profile for allowed root access
- if ($root_access == 1) {
- my $sudoers_file_path = '/etc/sudoers';
- my $sudoers_line = "$user_login_id ALL= NOPASSWD: ALL";
- if ($self->append_text_file($sudoers_file_path, $sudoers_line))
{
- notify($ERRORS{'DEBUG'}, 0, "added line to
$sudoers_file_path: '$sudoers_line'");
+ # If the imagemeta root access is disable don't allow
manage_server_access to override
+ if(defined($imagemeta_root_access) && $imagemeta_root_access) {
+ if ($root_access == 1) {
+ my $sudoers_file_path = '/etc/sudoers';
+ my $sudoers_line = "$user_login_id ALL= NOPASSWD: ALL";
+ if ($self->append_text_file($sudoers_file_path,
$sudoers_line)) {
+ notify($ERRORS{'DEBUG'}, 0, "added line to
$sudoers_file_path: '$sudoers_line'");
+ }
+ else {
+ notify($ERRORS{'WARNING'}, 0, "failed to add
line to $sudoers_file_path: '$sudoers_line'");
+ return;
+ }
}
else {
- notify($ERRORS{'WARNING'}, 0, "failed to add line to
$sudoers_file_path: '$sudoers_line'");
- return;
+ notify($ERRORS{'DEBUG'}, 0, "root access NOT granted to
$user_login_id");
}
}
else {
- notify($ERRORS{'DEBUG'}, 0, "root access NOT granted to
$user_login_id");
+ notify($ERRORS{'DEBUG'}, 0, "root access NOT granted to
$user_login_id, imagemeta_root_access set to $imagemeta_root_access");
}
# Add user's public ssh identity keys if exists
Modified: vcl/trunk/managementnode/lib/VCL/Module/OS/Windows.pm
URL:
http://svn.apache.org/viewvc/vcl/trunk/managementnode/lib/VCL/Module/OS/Windows.pm?rev=1600696&r1=1600695&r2=1600696&view=diff
==============================================================================
--- vcl/trunk/managementnode/lib/VCL/Module/OS/Windows.pm (original)
+++ vcl/trunk/managementnode/lib/VCL/Module/OS/Windows.pm Thu Jun 5 16:34:13
2014
@@ -1773,15 +1773,17 @@ sub create_user {
$password = $self->data->get_reservation_password();
}
- # adminoverride, if 0 use value from database for $imagemeta_rootaccess
- # If 1 or 2 override database value:
+ # If imagemeta allows rootaccess, check the adminoverride variable
+ # Does not allow for override called from manage_server_access
# 1 - allow admin access, set $imagemeta_rootaccess=1
# 2 - disallow admin access, set $imagemeta_rootaccess=0
- if ($adminoverride eq '1') {
- $imagemeta_rootaccess = 1;
- }
- elsif ($adminoverride eq '2') {
- $imagemeta_rootaccess = 0;
+ if($imagemeta_rootaccess) {
+ if ($adminoverride eq '1') {
+ $imagemeta_rootaccess = 1;
+ }
+ elsif ($adminoverride eq '2') {
+ $imagemeta_rootaccess = 0;
+ }
}
# Check if user already exists
