Moved feisty packages in feisty branch

508ae5d4 · Enrico Zini · 508ae5d4 · 508ae5d4 · 508ae5d4 · 508ae5d4
Commit 508ae5d4 authored Mar 23, 2009 by Enrico Zini
--- a/ChangeLog
+++ b/ChangeLog
+2007-08-31  Christopher R. Gabriel  <cgabriel@truelite.it>
+
+	* common-session-nonfs: added umask 077 to home directory creation
+	for pam_mkhomedir (requested Sabine Tarine, 30/08/2007)
+
+	* fuss-client: changed -n to -t
+
+2007-07-02  Christopher R. Gabriel  <cgabriel@truelite.it>
+
+	* fuss-client (save_server_conf): commit changes on write
+
+2007-06-07  Christopher R. Gabriel  <cgabriel@truelite.it>
+
+	* fuss-client (create_local_user): create a local user with home
+	in /var/home/ for test and support
+
+2007-06-04  Christopher R. Gabriel  <cgabriel@truelite.it>
+
+	* fuss-client (xwin): Change the check using the environ
+
--- a/common-account
+++ b/common-account
+#
+# /etc/pam.d/common-account - authorization settings common to all services
+#
+# This file is included from other service-specific PAM config files,
+# and should contain a list of the authorization modules that define
+# the central access policy for use on the system.  The default is to
+# only deny service to users whose accounts are expired in /etc/shadow.
+#
+account	required	pam_unix.so
+account sufficient      pam_ldap.so
--- a/common-auth
+++ b/common-auth
+#
+# /etc/pam.d/common-auth - authentication settings common to all services
+#
+# This file is included from other service-specific PAM config files,
+# and should contain a list of the authentication modules that define
+# the central authentication scheme for use on the system
+# (e.g., /etc/shadow, LDAP, Kerberos, etc.).  The default is to use the
+# traditional Unix authentication mechanisms.
+#
+auth    required        pam_env.so
+auth	sufficient	pam_unix.so nullok_secure likeauth
+auth    required        pam_ldap.so use_first_pass
--- a/common-password
+++ b/common-password
+#
+# /etc/pam.d/common-password - password-related modules common to all services
+#
+# This file is included from other service-specific PAM config files,
+# and should contain a list of modules that define  the services to be
+#used to change user passwords.  The default is pam_unix
+
+password	sufficient	pam_ldap.so
+password	required	pam_unix.so md5	try_first_pass
--- a/common-session
+++ b/common-session
+#
+# /etc/pam.d/common-session - session-related modules common to all services
+#
+# This file is included from other service-specific PAM config files,
+# and should contain a list of modules that define tasks to be performed
+# at the start and end of sessions of *any* kind (both interactive and
+# non-interactive).  The default is pam_unix.
+#
+session	required	pam_unix.so
+session optional        pam_ldap.so
+session optional	pam_foreground.so
--- a/common-session-nonfs
+++ b/common-session-nonfs
+#
+# /etc/pam.d/common-session - session-related modules common to all services
+#
+# This file is included from other service-specific PAM config files,
+# and should contain a list of modules that define tasks to be performed
+# at the start and end of sessions of *any* kind (both interactive and
+# non-interactive).  The default is pam_unix.
+#
+session optional 	pam_mkhomedir.so umask=077
+session	required	pam_unix.so
+session optional        pam_ldap.so
+session optional	pam_foreground.so
\ No newline at end of file
--- a/debian/changelog
+++ b/debian/changelog
+fuss-client (2.0.14-1) feisty; urgency=low
+
+  * Merged fixes made in Bozen
+
+ -- Christopher R. Gabriel <cgabriel@truelite.it>  Mon,  3 Sep 2007 00:22:31 +0200
+
+fuss-client (2.0.13-1) feisty; urgency=low
+
+  * Fixes for non-nfs machine
+  * Changed set timeout command line option
+  * Added pam_foreground to common-session
+
+ -- Christopher R. Gabriel <cgabriel@truelite.it>  Mon,  3 Sep 2007 00:01:54 +0200
+
+fuss-client (2.0.12-1) feisty; urgency=low
+
+  * Updated GRUB password management.
+
+ -- Christopher R. Gabriel <cgabriel@truelite.it>  Wed, 22 Aug 2007 12:45:38 +0200
+
+fuss-client (2.0.11-1) feisty; urgency=low
+
+  * Missing configuration line
+
+ -- Christopher R. Gabriel <cgabriel@truelite.it>  Tue,  3 Jul 2007 18:03:13 +0200
+
+fuss-client (2.0.10-1) feisty; urgency=low
+
+  * Fixed file descriptor for configuration file
+
+ -- Christopher R. Gabriel <cgabriel@truelite.it>  Tue,  3 Jul 2007 15:41:07 +0200
+
+fuss-client (2.0.9-1) feisty; urgency=low
+
+  * Commit configuration changes
+  * Octofuss-client with privileges distribution
+
+ -- Christopher R. Gabriel <cgabriel@truelite.it>  Mon,  2 Jul 2007 14:53:25 +0200
+
+fuss-client (2.0.8-1) feisty; urgency=low
+
+  * New upstream release
+  * Fixed GUI operations stop.
+
+ -- Christopher R. Gabriel <cgabriel@truelite.it>  Mon, 18 Jun 2007 20:59:58 +0200
+
+fuss-client (2.0.7-2) feisty; urgency=low
+
+  * Bug for init script. 
+
+ -- Christopher R. Gabriel <cgabriel@truelite.it>  Tue, 12 Jun 2007 15:57:39 +0200
+
+fuss-client (2.0.7-1) feisty; urgency=low
+
+  * Aggiornamento octofuss-client
+
+ -- Christopher R. Gabriel <cgabriel@truelite.it>  Tue, 12 Jun 2007 11:33:53 +0200
+
+fuss-client (2.0.6-1) feisty; urgency=low
+
+  * New upstream release
+
+ -- Christopher R. Gabriel <cgabriel@truelite.it>  Mon, 11 Jun 2007 20:05:33 +0200
+
+fuss-client (2.0.5-1feisty1) feisty; urgency=low
+
+  * New upstream release
+  * Fixes bug: add remove call the remove functions
+
+ -- Christopher R. Gabriel <cgabriel@truelite.it>  Mon,  4 Jun 2007 17:33:10 +0200
+
+fuss-client (2.0.4-1feisty1) feisty; urgency=low
+
+  * New upstream release
+  * Configuration through UI
+
+ -- Christopher R. Gabriel <cgabriel@truelite.it>  Mon,  4 Jun 2007 16:32:08 +0200
+
+fuss-client (2.0.3-1feisty1) feisty; urgency=low
+
+  * New upstream release
+  * Closes #277
+
+ -- Christopher R. Gabriel <cgabriel@truelite.it>  Mon,  4 Jun 2007 12:56:08 +0200
+
+fuss-client (2.0.2-1feisty1) feisty; urgency=low
+
+  * New upstream release 
+
+ -- Christopher R. Gabriel <cgabriel@truelite.it>  Fri, 25 May 2007 22:15:24 +0200
+
+fuss-client (2.0.1-2feisty1) feisty; urgency=low
+
+  * New upstream release
+
+ -- Christopher R. Gabriel <cgabriel@truelite.it>  Thu, 24 May 2007 18:25:07 +0200
+
+fuss-client (2.0-1feisty1) feisty; urgency=low
+
+  * Initial release.
+
+ -- Christopher R. Gabriel <cgabriel@truelite.it>  Wed, 27 Dec 2006 21:32:18 +0100
--- a/debian/compat
+++ b/debian/compat
+4
--- a/debian/conffiles
+++ b/debian/conffiles
+/etc/fuss-client/server.conf
--- a/debian/control
+++ b/debian/control
+Source: fuss-client
+Section: net
+Priority: optional
+Maintainer: Christopher R. Gabriel <cgabriel@truelite.it>
+Build-Depends: debhelper (>= 4.0.0)
+Standards-Version: 3.6.1.1
+
+Package: fuss-client
+Architecture: all
+Depends: python, python-gtk2, nscd, wget, ldap-utils, libnss-ldap, libpam-ldap, ssh, nfs-common, openssl, ntpdate, hdparm, samba-client, anacron
+Description: Connect a workstation to a FUSS Server
+ This packages contains everything to connect a workstation running
+ FUSS GNU/Linux (or similar) to a FUSS Server.
+ Developed for the FUSS Project. See http://www.fuss.bz.it/
--- a/debian/copyright
+++ b/debian/copyright
+This is fuss-client, written and maintained by Christopher R. Gabriel
+<cgabriel@truelite.it> on Web, 27 Dec 2006 21:14:14 +0200.
+
+Copyright (C) 2005 FUSS Project http://www.fuss.bz.it/ 
+
+License:
+
+  This program is free software; you can redistribute it and/or modify
+  it under the terms of the GNU General Public License as published by
+  the Free Software Foundation; either version 2 of the License, or
+  (at your option) any later version.
+
+  This program is distributed in the hope that it will be useful,
+  but WITHOUT ANY WARRANTY; without even the implied warranty of
+  MERCHANTABILITY or FITNESS FOR A PARTICULAR PURPOSE.  See the
+  GNU General Public License for more details.
+
+  You should have received a copy of the GNU General Public License
+  along with this package; if not, write to the Free Software
+  Foundation, Inc., 59 Temple Place - Suite 330, Boston, MA
+  02111-1307, USA.
+
+On Debian systems, the complete text of the GNU General
+Public License can be found in `/usr/share/common-licenses/GPL'.
--- a/debian/fuss-client.init
+++ b/debian/fuss-client.init
+#! /bin/sh
+set -e
+
+# /etc/init.d/fuss-client: start and stop the OpenBSD "secure shell(tm)" daemon
+
+test -x /usr/sbin/octofuss-client || exit 0
+
+if test -f /etc/default/fuss-client; then
+    . /etc/default/fuss-client
+fi
+
+. /lib/lsb/init-functions
+
+check_for_no_start() 
+check_privsep_dir() 
+
+export PATH="${PATH:+$PATH:}/usr/sbin:/sbin"
+
+case "$1" in
+  start)
+	log_begin_msg "Starting Octofuss Client ..."
+	check_for_no_start
+	check_privsep_dir
+	/usr/sbin/octofuss-client
+	log_end_msg 0
+	;;
+  stop)
+	;;
+
+  reload|force-reload)
+
+	;;
+
+  restart)
+
+	;;
+
+  *)
+	log_success_msg "Usage: /etc/init.d/fuss-client {start|stop}"
+	exit 1
+esac
+
+exit 0
--- a/debian/install
+++ b/debian/install
+common-auth		usr/share/fuss-client/templates
+common-account		usr/share/fuss-client/templates
+common-password		usr/share/fuss-client/templates
+common-session		usr/share/fuss-client/templates
+common-session-nonfs	usr/share/fuss-client/templates
+nsswitch.conf		usr/share/fuss-client/templates
+fuss-client		usr/sbin
+octofuss-client		usr/sbin
+server.conf		etc/fuss-client
+fuss-client.png		usr/share/pixmaps
+fuss-client.desktop	usr/share/applications
--- a/debian/manpages
+++ b/debian/manpages
+fuss-client.8
+octofuss-client.8
\ No newline at end of file
--- a/debian/rules
+++ b/debian/rules
+#!/usr/bin/make -f
+# -*- makefile -*-
+# Sample debian/rules that uses debhelper.
+# This file was originally written by Joey Hess and Craig Small.
+# As a special exception, when this file is copied by dh-make into a
+# dh-make output file, you may use that output file without restriction.
+# This special exception was added by Craig Small in version 0.37 of dh-make.
+
+# Uncomment this to turn on verbose mode.
+export DH_VERBOSE=1
+
+
+
+
+CFLAGS = -Wall -g
+
+ifneq (,$(findstring noopt,$(DEB_BUILD_OPTIONS)))
+	CFLAGS += -O0
+else
+	CFLAGS += -O2
+endif
+
+configure: configure-stamp
+configure-stamp:
+	dh_testdir
+	# Add here commands to configure the package.
+
+	touch configure-stamp
+
+
+build: 
+# Nothing to do
+
+
+clean:
+	dh_testdir
+	dh_testroot
+	rm -f build-stamp configure-stamp
+
+	dh_clean 
+
+install: build
+	dh_testdir
+	dh_testroot
+	dh_clean -k 
+
+
+
+binary-indep: build install
+	dh_testdir
+	dh_testroot
+	dh_installchangelogs 
+	dh_installinit
+	dh_installman
+	dh_compress
+	dh_fixperms
+	dh_installdeb
+	dh_install
+	dh_gencontrol
+	dh_md5sums
+	dh_builddeb
+
+binary-arch:
+# Nothing to do here
+
+binary: binary-indep binary-arch
+.PHONY: build clean binary-indep binary-arch binary install configure
--- a/fuss-client
+++ b/fuss-client
+#!/usr/bin/env python
+# -*- python -*-
+#
+#  File: fuss-client
+# 
+#  Copyright (C) 2007 Christopher R. Gabriel <cgabriel@truelite.it> 
+# 
+#  This program is free software; you can redistribute it and/or modify
+#  it under the terms of the GNU General Public License as published by
+#  the Free Software Foundation; either version 2 of the License, or
+#  (at your option) any later version.
+#
+import os, os.path, sys
+from gettext import gettext as _
+
+## Check if we have an X server to connect to
+xwin = False
+	
+try:
+	d = os.environ['DISPLAY']
+	xwin = True
+	import gtk
+except:
+	xwin = False
+
+#check if we're root..
+if os.getuid() > 0:
+	if xwin:
+		d =gtk.MessageDialog(parent=None,
+				     flags=gtk.DIALOG_MODAL,
+				     type=gtk.MESSAGE_ERROR,
+				     buttons=gtk.BUTTONS_OK)
+		d.set_markup(_("FUSS Client Connector\n\nCan't execute configuration\n\nAre you root?"))
+		d.show_all()
+		d.run()
+		d.destroy()
+		sys.exit(5)
+	else:
+		print "Can't execute fuss-client - Are you root?"
+		sys.exit(5)
+
+
+
+## SERVER DISCOVERY
+
+## SERVER DISCOVERY
+def find_broadcast():
+	import os
+	addresses = []
+	data = os.popen("ifconfig | grep Bcast").readlines()
+	for line in data:
+		broadcast = line.split(":")[2]
+		broadcast = broadcast.split()[0]
+		addresses.append(broadcast)
+	return addresses
+
+import sys, time
+import socket
+
+def discover_server(timeout=5):
+  PORT = 13400	
+  s = socket.socket(socket.AF_INET, socket.SOCK_DGRAM)
+  s.bind(('', PORT+1))
+  s.setsockopt(socket.SOL_SOCKET, socket.SO_BROADCAST, 1)
+  baddrs = find_broadcast()
+  servers = []
+  print "Searching for server...."
+  for baddr in baddrs:
+      print "Searching on", baddr
+      data = "fuss-client-request"
+      s.sendto(data, (baddr, PORT))
+	  # wait 5 seconds for the answer
+      s.settimeout(timeout)
+      try:
+         data, fromaddr = s.recvfrom(1024)
+         if fromaddr:
+		     server = fromaddr[0]
+		     if server not in servers:
+			     servers.append(server)
+      except socket.timeout, e:
+		  print "No servers found on %s: %s" % (baddr, e)
+  return servers
+
+
+### FUSS CLIENT!
+
+import getopt
+
+__version__ = "2.0"
+
+def usage():
+	print "%s %s" % (sys.argv[0], __version__)
+	print _("Usage"),":"
+	print " -a \t\t",_("To add the machine to a Fuss Network")
+	print " -n \t\t",_("Don't use NFS home, but local homes instead")
+	print " -t \t\t",_("Network search timeout (seconds)")
+	print " -r \t\t",_("To removed the machine from a Fuss Network")
+	print " -s host \t",_("The Fuss Network server")
+	print " -h \t\t",_("Show this help")
+	print ""
+	print _("Mail to fuss-devel@fuss.bz.it for bug reports")
+	print ""
+
+# try to understand if we have an X connection
+
+
+# try to understand what the user wants
+try:
+	opts, args = getopt.getopt(sys.argv[1:], "hs:tnar", ["help"])
+except getopt.GetoptError:
+	# print help information and exit:
+	usage()
+	sys.exit(2)
+
+## GLOBAL STUFF
+
+add = False
+remove = False
+server = None
+nfs = True
+search_timeout = 5
+
+
+def save_server_conf(server):
+	import ConfigParser
+	conf = ConfigParser.ConfigParser()
+	conf.read("/etc/fuss-client/server.conf")
+
+	if not conf.has_section("Server"):
+		conf.add_section("Server")
+
+	conf.set("Server","address", server)
+	f = open("/etc/fuss-client/server.conf", "w")
+	r = conf.write(f)
+	f.close()
+	
+
+
+
+if not xwin:
+	if not len(opts) > 0:
+		usage()
+		sys.exit(10)
+
+	for o, a in opts:
+		if o in ("-h", "--help"):
+			usage()
+			sys.exit(1)
+		if o == "-n":
+			nfs = False
+		if o == "-t":
+			search_timeout = a
+		if o == "-s":
+			server = a
+		if o == "-a":
+			add = True
+		if o == "-r":
+			remove = True
+		if add == remove:
+			usage()
+			sys.exit(2)
+
+	# decide the server with autodiscovery!
+
+	if not server and add == True:
+		s = discover_server(search_timeout)
+		if len(s) == 1:
+			server = s[0]
+		elif len(s) > 1 :
+			print "We found several Fuss Server on this Network"
+			print ""
+			print "Please choose the one you want to use:"
+			for h in s:
+				print s.index(h)," - ",h
+			print ""
+			choice = None
+			while choice not in range(len(s)):
+				choice = int(raw_input("Your choice? (enter the server number) "))
+			server = s[choice]
+		else:
+			print "Can't find a suitable server to connect to."
+			print "Exiting.."
+			sys.exit(10)
+		print "The server is:", socket.gethostbyaddr(server)[0]
+
+	save_server_conf(server)
+
+import os.path, glob, urllib, shutil
+# support functions
+
+def backup_file(file):
+	try:
+		shutil.copyfile(file, file+".orig")
+	except:
+		print "\tCan't backup file %s" % file
+
+def recover_file(file):
+	if os.path.isfile(file+".orig"):
+		shutil.copyfile(file+".orig", file)
+	else:
+		print "\tCan't recover %s: no backup available" % file
+
+def recover_files(files):
+	for file in files:
+		recover_file(file)
+
+# Configuration callbacks
+def get_configuration():
+	if not os.path.isdir("/var/cache/fuss-client"):
+		os.mkdir("/var/cache/fuss-client")
+	files = glob.glob("/var/cache/fuss-client/*")
+	for file in files:
+		os.remove(file)
+	to_get = ["ldap.conf","pam_ldap.conf","libnss-ldap.conf", "id_dsa.pub", "cacert.pem"]
+	try:
+		urllib.urlopen("http://%s/fuss-data-conf/cacert.pem" % server)
+	except:
+		print "Can't get configuration files from server", server
+		sys.exit(20)
+	base_url = "http://%s/fuss-data-conf/" % server
+
+	for tg in to_get:
+		print "\tGetting file:", tg
+		r = urllib.urlopen("%s/%s" % (base_url, tg))
+		f = open("/var/cache/fuss-client/%s" % tg, "w")
+		f.write(r.read())
+		f.close()
+
+def find_usable_local_user():
+
+	choices = ['local-utente', 'local-user', 'local-test']
+	data = os.popen("getent passwd").readlines()
+	users = []
+
+	for line in data:
+		users.append(line.split(":")[0])
+
+	found_user = "local-fuss-user"
+	
+	for choice in choices:
+		if choice in users:
+			continue
+		else:
+			found_user = choice
+			break
+
+	return found_user
+	
+def create_local_user():
+	user = find_usable_local_user()
+	import crypt
+	password = crypt.crypt(user, "WF")
+	if not os.path.isdir("/var/home"):
+		os.mkdir("/var/home", 0775)
+	os.system("useradd -K UID_MAX=3000 -K UID_MIN=2000 -m -d /var/home/%s -p %s %s" % (user, password, user))
+
+def set_ldap_configuration():
+	backup_file("/etc/ldap/ldap.conf")
+	f = open("/etc/ldap/ldap.conf","w")
+	nf = open("/var/cache/fuss-client/ldap.conf")
+	f.write(nf.read())
+	f.close()
+	nf.close()
+	
+	if os.path.isfile("/etc/ssl/certs/cacert.pem"):
+		backup_file("/etc/ssl/certs/cacert.pem")
+	f = open("/etc/ssl/certs/cacert.pem","w")
+	nf = open("/var/cache/fuss-client/cacert.pem")
+	f.write(nf.read())
+	f.close()
+	nf.close()
+
+def set_nss_pam_configuration():
+	backup_file("/etc/nsswitch.conf")
+	shutil.copyfile("/usr/share/fuss-client/templates/nsswitch.conf", "/etc/nsswitch.conf")	
+	backup_file("/etc/libnss-ldap.conf")
+	shutil.copyfile("/var/cache/fuss-client/libnss-ldap.conf" , "/etc/libnss-ldap.conf")
+	backup_file("/etc/pam_ldap.conf")
+	shutil.copyfile("/var/cache/fuss-client/pam_ldap.conf" , "/etc/pam_ldap.conf")
+ 	backup_file("/etc/pam.d/common-account")
+	backup_file("/etc/pam.d/common-password")