alterator-root-1.1/000075500000000000000000000000001130076135700143325ustar00rootroot00000000000000alterator-root-1.1/Makefile000064400000000000000000000003351130076135700157730ustar00rootroot00000000000000NAME=root TEST_REQUIRES=passwdqc-utils all: clean: install: install-module install-data check: check-module include /usr/share/alterator/build/module.mak install-data: install -d $(libexecdir)/alterator/hooks/root.d alterator-root-1.1/applications/000075500000000000000000000000001130076135700170205ustar00rootroot00000000000000alterator-root-1.1/applications/root.desktop000064400000000000000000000004351130076135700214000ustar00rootroot00000000000000[Desktop Entry] Type=Application Categories=X-Alterator-Users Icon=root Terminal=false Name=System administrator X-Alterator-URI=/root X-Alterator-Weight=90 X-Alterator-Help=root Name[ru]=Администратор системы Name[uk]=Системний адміністратор alterator-root-1.1/backend3/000075500000000000000000000000001130076135700160045ustar00rootroot00000000000000alterator-root-1.1/backend3/root000075500000000000000000000074561130076135700167310ustar00rootroot00000000000000#!/bin/sh alterator_api_version=1 authorizedkeys_file=/etc/openssh/authorized_keys/root hooks_dir=/usr/lib/alterator/hooks/root.d/ . alterator-sh-functions ## installer support, $ALTERATOR_DESTDIR - exported by installer. DESTDIR="" CHROOT_EXEC="" if [ -d "${ALTERATOR_DESTDIR:-}" ]; then DESTDIR="$ALTERATOR_DESTDIR" CHROOT_EXEC="chroot $DESTDIR" fi ## SSH keys management fingerprint() { local line="$1";shift local tempfile="$(mktemp -t alterator-root.XXXXXX)" echo "$line">"$tempfile" local v= v="$(ssh-keygen -l -f "$tempfile")" && echo "$v"|cut -f2 -d' ' rm -f -- "$tempfile" } parse_authorized_keys() { local line="$1" && shift local opts= keytype= key= comment= local tempfile="$(mktemp -t alterator-root.XXXXXX)" printf '%s\n' "$line" >"$tempfile" case "$line" in ssh-*) IFS=' ' read keytype key comment <"$tempfile" ;; *) IFS=' ' read opts keytype key comment <"$tempfile" ;; esac case "$1" in options) printf '%s' "$opts" ;; type) printf '%s' "$keytype" ;; key) printf '%s' "$key" ;; comment) printf '%s' "$comment" ;; *) printf '%s\t%s\t%s\t%s' "$opts" "$keytype" "$key" "$comment" ;; esac rm -rf -- "$tempfile" } ssh_key_list() { local line comment comment_field [ ! -s "$authorizedkeys_file" ] || while IFS=' ' read -r line; do comment="$(parse_authorized_keys "$line" comment)" case "$comment" in alterator-trust@*) ;; *) fingerprint "$line" ;; esac done<"$authorizedkeys_file"| write_enum } ssh_key_add() { [ -s "$in_key_file" ] || return 0 local new_line="$(cat "$in_key_file")" local new_fp="$(fingerprint "$new_line")" local comment comment="$(parse_authorized_keys "$new_line" comment)" if [ -z "$new_fp" -o '(' -n "$comment" -a -z "${comment##alterator-trust@*}" ')' ];then write_error "`_ "Invalid ssh key"`" return fi [ ! -s "$authorizedkeys_file" ] || while IFS=' ' read -r line; do local fp="$(fingerprint "$line")" if [ "$fp" = "$new_fp" ];then write_error "`_ "Same ssh key already exists"`" return fi done<"$authorizedkeys_file" echo "$new_line" >>"$authorizedkeys_file" } ssh_key_del() { [ -s "$authorizedkeys_file" -a -n "$in_key" ] || return local old_fp="$in_key";shift local tempfile="$(mktemp -t alterator-root.XXXXXX)" while IFS=' ' read -r line; do local fp="$(fingerprint "$line")" local comment="$(parse_authorized_keys "$line" comment)" [ "$fp" = "$old_fp" -o '(' -n "$comment" -a -z "${comment##alterator-trust@*}" ')' ] || echo "$line" done<"$authorizedkeys_file" >"$tempfile" mv -f "$tempfile" "$authorizedkeys_file" } ## root's password management root_chpasswd() { echo "root:$1" | $CHROOT_EXEC "/usr/sbin/chpasswd" #little run-parts for f in "$DESTDIR/$hooks_dir"/*; do [ -f "$f" -a -x "$f" ] || continue [ "${f%.rpm*}" = "$f" -a "${f%\~}" = "$f" ] || continue echo "$1"| $CHROOT_EXEC "${f#$DESTDIR}" >&2 done } change_password() { if test_bool "$in_auto" && [ -z "$in_passwd_auto" ]; then write_error "`_ "You should define a password for system administrator"`" elif test_bool "$in_auto" && [ -n "$in_passwd_auto" ]; then root_chpasswd "$in_passwd_auto" elif [ -z "$in_passwd_1" -a -z "$in_passwd_2" ]; then write_error "`_ "You should define a password for system administrator"`" elif [ "$in_passwd_1" != "$in_passwd_2" ]; then write_error "`_ "Passwords mismatch"`" else root_chpasswd "$in_passwd_1" fi } generate_password() { write_string_param passwd_auto "$(pwqgen)" } alterator_export_proc ssh_key_add alterator_export_proc ssh_key_del alterator_export_proc ssh_key_list alterator_export_proc change_password alterator_export_proc generate_password message_loop alterator-root-1.1/runtests000075500000000000000000000002131130076135700161430ustar00rootroot00000000000000#!/bin/sh -u . shell-unittest . alterator-unittest-functions unitdir=test ### runtests for i in "$unitdir"/*; do . $i;done runUnitTests alterator-root-1.1/test/000075500000000000000000000000001130076135700153115ustar00rootroot00000000000000alterator-root-1.1/test/root000064400000000000000000000010541130076135700162170ustar00rootroot00000000000000#!/bin/sh appendTests \ test_root_password test_root_password() { local passwd="$(pwqgen)" alterator-cmdline -l /root action write commit true passwd_1 "$passwd" passwd_2 "$passwd" printf "root\0%s" "$passwd" | alterator-chkpwd assertEquals "$?" "0" alterator-cmdline -l /root action write commit true passwd_auto "$passwd" printf "root\0%s" "$passwd" | alterator-chkpwd assertEquals "$?" "0" alterator-cmdline -l /root action write commit true passwd_1 "$passwd" passwd_2 "fake$passwd" assertEquals "$?" "1" } alterator-root-1.1/ui/000075500000000000000000000000001130076135700147475ustar00rootroot00000000000000alterator-root-1.1/ui/root/000075500000000000000000000000001130076135700157325ustar00rootroot00000000000000alterator-root-1.1/ui/root/ajax.scm000064400000000000000000000043241130076135700173640ustar00rootroot00000000000000(define-module (ui root ajax) :use-module (alterator ajax) :use-module (alterator algo) :use-module (alterator woo) :use-module (alterator effect) :export (init init-passwordbox commit-passwordbox )) ;; private passwordbox API (define (generate-passwordbox) (form-update-value-list '("passwd_auto") (woo-call "/root/generate_password"))) (define (update-passwordbox) (form-update-value "passwd_1" "") (form-update-value "passwd_2" "") (form-update-value "passwd_auto" "") (form-update-value "auto" #f) (generate-passwordbox) (update-effect)) ;; public passwordbox API (define (init-passwordbox) ;; effects (effect-show "passwd_1" "auto" #f) (effect-show "passwd_2" "auto" #f) (effect-show "passwd_auto" "auto" #t) (effect-show "generate_button" "auto" #t) ;; generate button (form-bind "generate_button" "click" generate-passwordbox) (update-passwordbox)) (define (commit-passwordbox) (apply woo-call "/root/change_password" 'language (form-value "language") (form-value-list '("auto" "passwd_1" "passwd_2" "passwd_auto"))) (update-passwordbox)) ;;; current form specific API (define (ui-write) (form-update-visibility "passwd_message" #f) (catch/message (lambda() (commit-passwordbox) (form-update-visibility "passwd_message" #t)))) (define (ui-key-read) (catch/message (lambda() (form-update-enum "key" (woo-call "/root/ssh_key_list"))))) (define (ui-key-add) (call-with-form-file "key_file" (lambda(path) (catch/message (lambda() (woo-call "/root/ssh_key_add" 'language (form-value "language") 'key_file path) (ui-key-read)))))) (define (ui-key-del) (catch/message (lambda() (woo-call "/root/ssh_key_del" 'language (form-value "language") 'key (form-value "key")) (ui-key-read)))) (define (init) ;; password (init-passwordbox) (init-effect) (form-bind "apply_button" "click" ui-write) ;; ssh keys (ui-key-read) (form-bind-upload "add_key_button" "click" "key_file" ui-key-add) (form-bind "del_key_button" "click" ui-key-del)) alterator-root-1.1/ui/root/index.html000064400000000000000000000045311130076135700177320ustar00rootroot00000000000000
Password for system administrator:
 
Generate automatically  
(enter passphrase)
(repeat passphrase)
 
 
 
 
Authorized ssh keys:
New key:   
alterator-root-1.1/ui/root/index.scm000064400000000000000000000035511130076135700175510ustar00rootroot00000000000000(document:surround "/std/frame") ;;; Functions (define (ui-generate) (form-update-value-list '("passwd_auto") (woo-call "/root/generate_password"))) (define (ui-read) (form-update-value "passwd_1" "") (form-update-value "passwd_2" "") (form-update-value "passwd_auto" "") (form-update-value "auto" #f) (ui-generate) (update-effect)) (define (ui-write) (catch/message (lambda() (apply woo-call "/root/change_password" 'language (form-value "language") (form-value-list '("auto" "passwd_1" "passwd_2" "passwd_auto"))) (ui-read)))) (define (ui-init) (effect-show "passwd_1" "auto" #f) (effect-show "passwd_2" "auto" #f) (effect-show "passwd_auto" "auto" #t) (effect-show "generate_button" "auto" #t) (init-effect) (ui-read) (form-bind "generate_button" "click" ui-generate) (or (global 'frame:next) (form-bind "apply_button" "click" ui-write))) ;;; UI (gridbox columns "20;60;20" (spacer) (label text (_ "Setup password for system administrator:")) (spacer) (spacer) (gridbox columns "100;0" (checkbox text (_ "Generate automatically") name "auto") (spacer) (edit name "passwd_1" echo "stars" visibility #f focus #t) (label name "passwd_1" text (small (_ "(enter passphrase)")) visibility #f) (edit name "passwd_2" echo "stars" visibility #f) (label name "passwd_1" text (small (_ "(repeat passphrase)")) visibility #f) (edit name "passwd_auto" visibility #f) (button text (_ "Generate") name "generate_button" visibility #f) (label colspan 2 name "passwd_auto" visibility #f)) (spacer) (label colspan 3) (spacer) (if (global 'frame:next) (label) (button text (_ "Apply") name "apply_button" align "left")) (spacer)) ;;; Logic (frame:on-next (thunk (or (ui-write) 'cancel))) (document:root (when loaded (ui-init) (and (global 'frame:next) (frame:back-activity #f))))