Author: fapeeler
Date: Thu Jan 29 19:25:36 2015
New Revision: 1655820
URL: http://svn.apache.org/r1655820
Log:
VCL-16
simplified OS:add_user_accounts routine
the create_user OS specific routines ensure if an account
already exists that the correct steps are taken so the user can log in
Modified:
vcl/trunk/managementnode/lib/VCL/Module/OS.pm
vcl/trunk/managementnode/lib/VCL/Module/OS/Linux.pm
vcl/trunk/managementnode/lib/VCL/Module/OS/Windows.pm
Modified: vcl/trunk/managementnode/lib/VCL/Module/OS.pm
URL:
http://svn.apache.org/viewvc/vcl/trunk/managementnode/lib/VCL/Module/OS.pm?rev=1655820&r1=1655819&r2=1655820&view=diff
==============================================================================
--- vcl/trunk/managementnode/lib/VCL/Module/OS.pm (original)
+++ vcl/trunk/managementnode/lib/VCL/Module/OS.pm Thu Jan 29 19:25:36 2015
@@ -268,55 +268,21 @@ sub add_user_accounts {
notify($ERRORS{'CRITICAL'}, 0, "failed to add
entry to reservationaccounts table for $username (ID: $user_id)");
return;
}
-
- # Make sure the user doesn't already exist on the
computer
- if ($self->user_exists($username)) {
- if ($password) {
- notify($ERRORS{'WARNING'}, 0, "user
'$username' already exists on $computer_node_name, password will be reset");
- if (!$self->set_password($username,
$password)) {
- notify($ERRORS{'WARNING'}, 0,
"user '$username' already exists on $computer_node_name, failed to reset
password");
- }
- }
- else {
- notify($ERRORS{'WARNING'}, 0, "user
'$username' already exists on $computer_node_name");
- }
+
+ # Create user on the OS
+ if (!$self->create_user({
+ username => $username,
+ password => $password,
+ root_access => $root_access,
+ uid => $uid,
+ ssh_public_keys => $ssh_public_keys,
+ })) {
+ notify($ERRORS{'WARNING'}, 0, "failed to create
user on $computer_node_name, removing entry added to reservationaccounts
table");
- # Since user already exists, Make sure the
connect methods are setup correctly
- if ($self->can("grant_connect_method_access")) {
- if
(!$self->grant_connect_method_access({
- username => $username,
- uid => $uid,
- ssh_public_keys =>
$ssh_public_keys,
- })) {
- notify($ERRORS{'WARNING'}, 0,
"failed to process grant_connect_method_access for $username");
- }
- }
- # Account already exists, grant root access if
allowed
- if ($self->can("grant_root_access")) {
- if (!$self->grant_root_access({
- username => $username,
- root_access => $root_access,
- })) {
- notify($ERRORS{'WARNING'}, 0,
"failed to process grant_root_access for $username");
- }
+ # Delete entry to the useraccounts table
+ if
(!delete_reservation_account($reservation_id, $user_id)) {
+ notify($ERRORS{'CRITICAL'}, 0, "failed
to delete entry from reservationaccounts table for $username (ID: $user_id)");
}
- next RESERVATION_USER;
- }
- }
-
- # Create user on the OS
- if (!$self->create_user({
- username => $username,
- password => $password,
- root_access => $root_access,
- uid => $uid,
- ssh_public_keys => $ssh_public_keys,
- })) {
- notify($ERRORS{'WARNING'}, 0, "failed to create user on
$computer_node_name, removing entry added to reservationaccounts table");
-
- # Delete entry to the useraccounts table
- if (!delete_reservation_account($reservation_id,
$user_id)) {
- notify($ERRORS{'CRITICAL'}, 0, "failed to
delete entry from reservationaccounts table for $username (ID: $user_id)");
}
}
}
Modified: vcl/trunk/managementnode/lib/VCL/Module/OS/Linux.pm
URL:
http://svn.apache.org/viewvc/vcl/trunk/managementnode/lib/VCL/Module/OS/Linux.pm?rev=1655820&r1=1655819&r2=1655820&view=diff
==============================================================================
--- vcl/trunk/managementnode/lib/VCL/Module/OS/Linux.pm (original)
+++ vcl/trunk/managementnode/lib/VCL/Module/OS/Linux.pm Thu Jan 29 19:25:36 2015
@@ -2593,44 +2593,46 @@ sub create_user {
my $uid = $user_parameters->{uid};
my $ssh_public_keys = $user_parameters->{ssh_public_keys};
- # Check if user already exists
- if ($self->user_exists($username)) {
- notify($ERRORS{'WARNING'}, 0, "unable to create user
'$username' on $computer_node_name, the user already exists");
- return;
- }
-
- notify($ERRORS{'DEBUG'}, 0, "creating user on $computer_node_name:\n" .
- "username: $username\n" .
- "password: " . (defined($password) ? $password : '<not set>') .
"\n" .
- "UID: " . ($uid ? $uid : '<not set>') . "\n" .
- "root access: " . ($root_access ? 'yes' : 'no') . "\n" .
- "SSH public keys: " . (defined($ssh_public_keys) ?
$ssh_public_keys : '<not set>')
- );
-
- my $home_directory_root = "/home";
- my $home_directory_path = "$home_directory_root/$username";
- my $home_directory_on_local_disk =
$self->is_file_on_local_disk($home_directory_root);
- if ($home_directory_on_local_disk ) {
- my $useradd_command = "/usr/sbin/useradd -s /bin/bash -m -d
/home/$username -g vcl";
- $useradd_command .= " -u $uid" if ($uid);
- $useradd_command .= " $username";
+ # If user account does not already exist - create it, then
+ # -- Set password if using local authentication
+ # -- update sudoers file if root access allowed
+ # -- process connect_methods_access
+
+ if (!$self->user_exists($username)) {
+
+ notify($ERRORS{'DEBUG'}, 0, "creating user on
$computer_node_name:\n" .
+ "username: $username\n" .
+ "password: " . (defined($password) ? $password : '<not
set>') . "\n" .
+ "UID: " . ($uid ? $uid : '<not set>') . "\n" .
+ "root access: " . ($root_access ? 'yes' : 'no') . "\n" .
+ "SSH public keys: " . (defined($ssh_public_keys) ?
$ssh_public_keys : '<not set>')
+ );
- my ($useradd_exit_status, $useradd_output) =
$self->execute($useradd_command);
- if (!defined($useradd_output)) {
- notify($ERRORS{'WARNING'}, 0, "failed to execute
command to add user '$username' to $computer_node_name: '$useradd_command'");
- return;
- }
- elsif (grep(/^useradd: /, @$useradd_output)) {
- notify($ERRORS{'WARNING'}, 0, "failed to add user
'$username' to $computer_node_name\ncommand: '$useradd_command'\noutput:\n" .
join("\n", @$useradd_output));
- return;
+ my $home_directory_root = "/home";
+ my $home_directory_path = "$home_directory_root/$username";
+ my $home_directory_on_local_disk =
$self->is_file_on_local_disk($home_directory_root);
+ if ($home_directory_on_local_disk ) {
+ my $useradd_command = "/usr/sbin/useradd -s /bin/bash
-m -d /home/$username -g vcl";
+ $useradd_command .= " -u $uid" if ($uid);
+ $useradd_command .= " $username";
+
+ my ($useradd_exit_status, $useradd_output) =
$self->execute($useradd_command);
+ if (!defined($useradd_output)) {
+ notify($ERRORS{'WARNING'}, 0, "failed to
execute command to add user '$username' to $computer_node_name:
'$useradd_command'");
+ return;
+ }
+ elsif (grep(/^useradd: /, @$useradd_output)) {
+ notify($ERRORS{'WARNING'}, 0, "failed to add
user '$username' to $computer_node_name\ncommand:
'$useradd_command'\noutput:\n" . join("\n", @$useradd_output));
+ return;
+ }
+ else {
+ notify($ERRORS{'OK'}, 0, "added user
'$username' to $computer_node_name");
+ }
}
else {
- notify($ERRORS{'OK'}, 0, "added user '$username' to
$computer_node_name");
+ notify($ERRORS{'OK'}, 0, "$home_directory_path is NOT
on local disk, skipping useradd attempt");
}
}
- else {
- notify($ERRORS{'OK'}, 0, "$home_directory_path is NOT on local
disk, skipping useradd attempt");
- }
# Set the password
if ($password) {
@@ -2685,11 +2687,11 @@ sub grant_root_access {
my $user_parameters = shift;
if (!$user_parameters) {
- notify($ERRORS{'WARNING'}, 0, "unable to create user, user
parameters argument was not provided");
+ notify($ERRORS{'WARNING'}, 0, "unable to grant acess, user
parameters argument was not provided");
return;
}
elsif (!ref($user_parameters) || ref($user_parameters) ne 'HASH') {
- notify($ERRORS{'WARNING'}, 0, "unable to create user, argument
provided is not a hash reference");
+ notify($ERRORS{'WARNING'}, 0, "unable to grant access, argument
provided is not a hash reference");
return;
}
@@ -2704,7 +2706,8 @@ sub grant_root_access {
notify($ERRORS{'WARNING'}, 0, "argument hash does not contain a
'root_access' key:\n" . format_data($user_parameters));
return;
}
-
+
+ if ($root_access) {
my $sudoers_file_path = '/etc/sudoers';
my $sudoers_line = "$username ALL= NOPASSWD: ALL\n";
if ($self->append_text_file($sudoers_file_path, $sudoers_line))
{
@@ -2713,8 +2716,13 @@ sub grant_root_access {
}
else {
notify($ERRORS{'WARNING'}, 0, "failed to append line to
$sudoers_file_path: '$sudoers_line'");
- return;
+ return 1;
}
+ }
+ else {
+ notify($ERRORS{'OK'}, 0, "root access for user $username was
not allowed root_access = $root_access ");
+ return;
+ }
}
Modified: vcl/trunk/managementnode/lib/VCL/Module/OS/Windows.pm
URL:
http://svn.apache.org/viewvc/vcl/trunk/managementnode/lib/VCL/Module/OS/Windows.pm?rev=1655820&r1=1655819&r2=1655820&view=diff
==============================================================================
--- vcl/trunk/managementnode/lib/VCL/Module/OS/Windows.pm (original)
+++ vcl/trunk/managementnode/lib/VCL/Module/OS/Windows.pm Thu Jan 29 19:25:36
2015
@@ -1789,46 +1789,177 @@ sub create_user {
}
# Check if user already exists
- if ($self->user_exists($username)) {
- notify($ERRORS{'WARNING'}, 0, "unable to create user
'$username' on $computer_node_name, the user already exists");
- return;
- }
+ if (!$self->user_exists($username)) {
- notify($ERRORS{'DEBUG'}, 0, "attempting to add user $username to
$computer_node_name ($password)");
+ notify($ERRORS{'DEBUG'}, 0, "attempting to add user $username
to $computer_node_name ($password)");
- # Attempt to add the user account
- my $add_user_command = "$system32_path/net.exe user \"$username\"
\"$password\" /ADD /EXPIRES:NEVER /COMMENT:\"Account created by VCL\"";
- $add_user_command .= " && $system32_path/net.exe localgroup \"Remote
Desktop Users\" \"$username\" /ADD";
-
- # Add the user to the Administrators group if imagemeta.rootaccess
isn't 0
- if ($root_access) {
- notify($ERRORS{'DEBUG'}, 0, "user will be added to the
Administrators group");
- $add_user_command .= " && $system32_path/net.exe localgroup
\"Administrators\" \"$username\" /ADD";
+ # Attempt to add the user account
+ my $add_user_command = "$system32_path/net.exe user
\"$username\" \"$password\" /ADD /EXPIRES:NEVER /COMMENT:\"Account created by
VCL\"";
+ $add_user_command .= " && $system32_path/net.exe localgroup
\"Remote Desktop Users\" \"$username\" /ADD";
+
+ # Add the user to the Administrators group if
imagemeta.rootaccess isn't 0
+ if ($root_access) {
+ notify($ERRORS{'DEBUG'}, 0, "user will be added to the
Administrators group");
+ $add_user_command .= " && $system32_path/net.exe
localgroup \"Administrators\" \"$username\" /ADD";
+ }
+ else {
+ notify($ERRORS{'DEBUG'}, 0, "user will NOT be added to
the Administrators group");
+ }
+
+ my ($add_user_exit_status, $add_user_output) =
$self->execute($add_user_command, '1');
+ if (defined($add_user_exit_status) && $add_user_exit_status ==
0) {
+ notify($ERRORS{'OK'}, 0, "added user $username
($password) to $computer_node_name");
+ }
+ elsif (defined($add_user_exit_status) && $add_user_exit_status
== 2) {
+ notify($ERRORS{'OK'}, 0, "user $username was not added,
user already exists");
+ return 1;
+ }
+ elsif (defined($add_user_exit_status)) {
+ notify($ERRORS{'WARNING'}, 0, "failed to add user
$username to $computer_node_name, exit status: $add_user_exit_status,
output:\n@{$add_user_output}");
+ return 0;
+ }
+ else {
+ notify($ERRORS{'WARNING'}, 0, "failed to run ssh
command add user $username to $computer_node_name");
+ return;
+ }
}
else {
- notify($ERRORS{'DEBUG'}, 0, "user will NOT be added to the
Administrators group");
+ # Account already exists on machine
+ # -- setup password if exists
+ # -- grant root access if allowed
+ # -- process connect access
+
+ if ($password) {
+ # Set password
+ if (!$self->set_password($username, $password)) {
+ notify($ERRORS{'CRITICAL'}, 0, "failed to set
password of user '$username' on $computer_node_name");
+ return;
+ }
+ }
+
+ # Add user to Administrators group if allowed
+ if ($self->can("grant_root_access")) {
+ if (!$self->grant_root_access({
+ username => $username,
+ root_access => $root_access,
+ })) {
+ notify($ERRORS{'WARNING'}, 0, "failed to process
grant_root_access for $username");
+ }
+ }
+
+ # Process connect_methods
+ if($self->can("grant_connect_method_access")) {
+ if(!$self->grant_connect_method_access({
+ username => $username,
+ })) {
+ notify($ERRORS{'WARNING'}, 0, "failed to
process grant_connect_method_access for $username");
+ }
+ }
+ }
+
+ return 1;
+} ## end sub create_user
+
+
+#/////////////////////////////////////////////////////////////////////////////
+
+=head2 grant_connect_method_access
+
+ Parameters : user login id
+ Returns : boolean
+ Description : Adds username to the Remote Desktop Users group
+ TODO - in next release pull this out
into connect method modules.
+
+=cut
+
+sub grant_connect_method_access {
+ my $self = shift;
+ if (ref($self) !~ /windows/i) {
+ notify($ERRORS{'CRITICAL'}, 0, "subroutine was called as a
function, it must be called as a class method");
+ return;
}
- my ($add_user_exit_status, $add_user_output) =
$self->execute($add_user_command, '1');
- if (defined($add_user_exit_status) && $add_user_exit_status == 0) {
- notify($ERRORS{'OK'}, 0, "added user $username ($password) to
$computer_node_name");
+ my $user_parameters = shift;
+
+ if (!$user_parameters) {
+ notify($ERRORS{'WARNING'}, 0, "user parameters argument was not
provided");
+ return;
}
- elsif (defined($add_user_exit_status) && $add_user_exit_status == 2) {
- notify($ERRORS{'OK'}, 0, "user $username was not added, user
already exists");
- return 1;
+ elsif (!ref($user_parameters) || ref($user_parameters) ne 'HASH') {
+ notify($ERRORS{'WARNING'}, 0, "argument provided is not a hash
reference");
+ return;
+ }
+
+ my $username = $user_parameters->{username};
+ if (!defined($username)) {
+ notify($ERRORS{'WARNING'}, 0, "argument hash does not contain a
'username' key:\n" . format_data($user_parameters));
+ return;
}
- elsif (defined($add_user_exit_status)) {
- notify($ERRORS{'WARNING'}, 0, "failed to add user $username to
$computer_node_name, exit status: $add_user_exit_status,
output:\n@{$add_user_output}");
- return 0;
+
+ my $computer_node_name = $self->data->get_computer_node_name();
+
+ if($self->add_user_to_group($username,"Remote Desktop Users")) {
+ notify($ERRORS{'OK'}, 0, "added user $username to
$computer_node_name");
}
else {
- notify($ERRORS{'WARNING'}, 0, "failed to run ssh command add
user $username to $computer_node_name");
+ notify($ERRORS{'WARNING'}, 0, "failed to execute add user
$username to Administrators $computer_node_name");
return;
}
- return 1;
-} ## end sub create_user
+}
+
+#/////////////////////////////////////////////////////////////////////////////
+
+=head2 grant_root_access
+
+ Parameters : user_parameters
+ Returns : 1 or 0
+ Description : grants admin access
+
+=cut
+sub grant_root_access {
+ my $self = shift;
+ if (ref($self) !~ /windows/i) {
+ notify($ERRORS{'CRITICAL'}, 0, "subroutine was called as a
function, it must be called as a class method");
+ return;
+ }
+ my $user_parameters = shift;
+ if (!$user_parameters) {
+ notify($ERRORS{'WARNING'}, 0, "unable to root access, user
parameters argument was not provided");
+ return;
+ }
+ elsif (!ref($user_parameters) || ref($user_parameters) ne 'HASH') {
+ notify($ERRORS{'WARNING'}, 0, "unable to grant access, argument
provided is not a hash reference");
+ return;
+ }
+
+ my $username = $user_parameters->{username};
+ if (!defined($username)) {
+ notify($ERRORS{'WARNING'}, 0, "argument hash does not contain a
'username' key:\n" . format_data($user_parameters));
+ return;
+ }
+
+ my $root_access = $user_parameters->{root_access};
+ if (!defined($root_access)) {
+ notify($ERRORS{'WARNING'}, 0, "argument hash does not contain a
'root_access' key:\n" . format_data($user_parameters));
+ return;
+ }
+
+ my $computer_node_name = $self->data->get_computer_node_name();
+
+ if($root_access) {
+ if($self->add_user_to_group($username,"Administrators")) {
+ notify($ERRORS{'OK'}, 0, "added user $username to
$computer_node_name");
+ return 1;
+ }
+ }
+ else {
+ notify($ERRORS{'OK'}, 0, "admin access for user $username was
not allowed root_access = $root_access ");
+ return 1;
+ }
+ return;
+}
#/////////////////////////////////////////////////////////////////////////////
=head2 add_user_to_group
