2016-07-27 04:05:47 +00:00
|
|
|
# Copyright 2015 Canonical, Ltd.
|
|
|
|
#
|
|
|
|
# This program is free software: you can redistribute it and/or modify
|
|
|
|
# it under the terms of the GNU Affero General Public License as
|
|
|
|
# published by the Free Software Foundation, either version 3 of the
|
|
|
|
# License, or (at your option) any later version.
|
|
|
|
#
|
|
|
|
# This program is distributed in the hope that it will be useful,
|
|
|
|
# but WITHOUT ANY WARRANTY; without even the implied warranty of
|
|
|
|
# MERCHANTABILITY or FITNESS FOR A PARTICULAR PURPOSE. See the
|
|
|
|
# GNU Affero General Public License for more details.
|
|
|
|
#
|
|
|
|
# You should have received a copy of the GNU Affero General Public License
|
|
|
|
# along with this program. If not, see <http://www.gnu.org/licenses/>.
|
|
|
|
|
2016-09-27 08:42:50 +00:00
|
|
|
import json
|
2016-11-09 01:57:35 +00:00
|
|
|
import logging
|
|
|
|
import subprocess
|
2016-07-27 04:05:47 +00:00
|
|
|
|
|
|
|
from subiquitycore.controllers.identity import BaseIdentityController
|
2016-11-09 01:33:41 +00:00
|
|
|
from subiquitycore.utils import disable_first_boot_service, run_command
|
2016-07-27 04:05:47 +00:00
|
|
|
|
2016-07-27 23:13:19 +00:00
|
|
|
from console_conf.ui.views import IdentityView, LoginView
|
2016-07-27 04:05:47 +00:00
|
|
|
|
2016-11-09 01:57:35 +00:00
|
|
|
log = logging.getLogger('console_conf.controllers.identity')
|
|
|
|
|
|
|
|
login_details_tmpl = """This device is registered to {realname}.
|
|
|
|
|
|
|
|
Remote access was enabled via authentication with SSO user <{username}>.
|
|
|
|
Public SSH keys were added to the device for remote access.
|
|
|
|
|
|
|
|
{realname} can connect remotely to this device via SSH:
|
|
|
|
|
|
|
|
"""
|
|
|
|
|
2016-07-27 04:05:47 +00:00
|
|
|
|
|
|
|
class IdentityController(BaseIdentityController):
|
|
|
|
identity_view = IdentityView
|
2016-07-27 10:15:22 +00:00
|
|
|
|
2016-09-27 02:33:54 +00:00
|
|
|
def default(self):
|
2016-07-27 10:15:22 +00:00
|
|
|
title = "Profile setup"
|
|
|
|
excerpt = "Enter an email address from your account in the store."
|
|
|
|
footer = ""
|
|
|
|
self.ui.set_header(title, excerpt)
|
|
|
|
self.ui.set_footer(footer, 40)
|
2016-10-10 23:48:28 +00:00
|
|
|
self.ui.set_body(self.identity_view(self.model, self, self.opts, self.loop))
|
2016-09-29 20:34:36 +00:00
|
|
|
device_owner = self.get_device_owner()
|
|
|
|
if device_owner is not None:
|
2016-10-12 00:17:14 +00:00
|
|
|
self.model.add_user(device_owner)
|
2016-11-01 23:56:44 +00:00
|
|
|
self.login()
|
2016-09-29 19:17:15 +00:00
|
|
|
|
2016-09-29 20:34:36 +00:00
|
|
|
def get_device_owner(self):
|
2016-09-29 19:17:15 +00:00
|
|
|
""" Check if device is owned """
|
|
|
|
|
|
|
|
# TODO: use proper snap APIs.
|
2016-10-12 00:17:14 +00:00
|
|
|
try:
|
|
|
|
extrausers_fp = open('/var/lib/extrausers/passwd', 'r')
|
|
|
|
except FileNotFoundError:
|
|
|
|
return None
|
|
|
|
with extrausers_fp:
|
2016-09-29 19:17:15 +00:00
|
|
|
passwd_line = extrausers_fp.readline()
|
|
|
|
if passwd_line and len(passwd_line) > 0:
|
|
|
|
passwd = passwd_line.split(':')
|
|
|
|
result = {
|
|
|
|
'realname': passwd[4].split(',')[0],
|
|
|
|
'username': passwd[0],
|
|
|
|
}
|
2016-09-29 20:34:36 +00:00
|
|
|
return result
|
|
|
|
return None
|
2016-07-27 10:15:22 +00:00
|
|
|
|
2016-09-27 08:42:50 +00:00
|
|
|
def identity_done(self, email):
|
2016-09-29 19:17:15 +00:00
|
|
|
if self.opts.dry_run:
|
|
|
|
result = {
|
|
|
|
'realname': email,
|
|
|
|
'username': email,
|
|
|
|
}
|
|
|
|
self.model.add_user(result)
|
2016-11-09 01:57:35 +00:00
|
|
|
ssh_keys = subprocess.getoutput('ssh-add -L').splitlines()
|
|
|
|
login_details_path = '.subiquity/login-details.txt'
|
2016-09-29 19:17:15 +00:00
|
|
|
else:
|
2016-09-27 08:42:50 +00:00
|
|
|
self.ui.frame.body.progress.set_text("Contacting store...")
|
|
|
|
self.loop.draw_screen()
|
|
|
|
result = run_command(["snap", "create-user", "--sudoer", "--json", email])
|
2016-09-30 02:12:15 +00:00
|
|
|
self.ui.frame.body.progress.set_text("")
|
2016-09-27 08:42:50 +00:00
|
|
|
if result['status'] != 0:
|
|
|
|
self.ui.frame.body.error.set_text("Creating user failed:\n" + result['err'])
|
|
|
|
return
|
|
|
|
else:
|
|
|
|
data = json.loads(result['output'])
|
|
|
|
result = {
|
|
|
|
'realname': email,
|
|
|
|
'username': data['username'],
|
|
|
|
}
|
2016-11-09 01:57:35 +00:00
|
|
|
ssh_keys = data['ssh-keys']
|
|
|
|
login_details_path = '/var/lib/console-conf/login-details.txt'
|
2016-09-27 08:42:50 +00:00
|
|
|
self.model.add_user(result)
|
2016-11-09 01:57:35 +00:00
|
|
|
log.debug('ssh_keys %s', ssh_keys)
|
|
|
|
fingerprints = []
|
|
|
|
for key in ssh_keys:
|
|
|
|
keygen_result = subprocess.Popen(['ssh-keygen', '-lf', '-'], stdin=subprocess.PIPE, stdout=subprocess.PIPE)
|
|
|
|
fingerprint, err = keygen_result.communicate(key.encode('utf-8'))
|
2016-11-09 21:39:03 +00:00
|
|
|
fingerprints.append(fingerprint.decode('utf-8', 'replace').replace('\r', ''))
|
2016-11-09 01:57:35 +00:00
|
|
|
log.debug('fingerprints %s', fingerprints)
|
|
|
|
net_model = self.controllers['Network'].model
|
|
|
|
with open(login_details_path, 'w') as fp:
|
|
|
|
fp.write(login_details_tmpl.format(**result))
|
|
|
|
for dev in net_model.get_all_netdevs():
|
|
|
|
for ip in dev.actual_ip_addresses:
|
|
|
|
fp.write(" ssh %s@%s\n"%(result['username'], ip))
|
|
|
|
fp.write("\nSSH keys with the following fingerprints can be used to log in:\n\n")
|
|
|
|
for fingerprint in fingerprints:
|
|
|
|
fp.write(" " + fingerprint)
|
2016-11-09 21:39:03 +00:00
|
|
|
fp.write("\nPressing enter after setting a password will allow you to log in here.\n")
|
2016-10-10 23:48:28 +00:00
|
|
|
self.login()
|
2016-09-27 08:42:50 +00:00
|
|
|
|
2016-11-01 23:44:04 +00:00
|
|
|
def cancel(self):
|
|
|
|
# You can only go back if we haven't created a user yet.
|
|
|
|
if self.model.user is None:
|
|
|
|
self.signal.emit_signal('prev-screen')
|
|
|
|
|
2016-07-27 22:30:27 +00:00
|
|
|
def login(self):
|
|
|
|
title = "Configuration Complete"
|
|
|
|
footer = "View configured user and device access methods"
|
|
|
|
self.ui.set_header(title)
|
|
|
|
self.ui.set_footer(footer)
|
|
|
|
|
|
|
|
net_model = self.controllers['Network'].model
|
2016-11-07 00:35:42 +00:00
|
|
|
ifaces = net_model.get_all_netdevs()
|
|
|
|
login_view = LoginView(self.opts, self.model, self, ifaces)
|
2016-07-27 22:30:27 +00:00
|
|
|
|
|
|
|
self.ui.set_body(login_view)
|
2016-09-27 02:33:54 +00:00
|
|
|
|
|
|
|
def login_done(self):
|
2016-09-27 08:42:50 +00:00
|
|
|
if not self.opts.dry_run:
|
|
|
|
# stop the console-conf services (this will kill the current process).
|
|
|
|
disable_first_boot_service()
|
|
|
|
|
|
|
|
self.signal.emit_signal('quit')
|