2016-07-27 04:05:47 +00:00
|
|
|
# Copyright 2015 Canonical, Ltd.
|
|
|
|
#
|
|
|
|
# This program is free software: you can redistribute it and/or modify
|
|
|
|
# it under the terms of the GNU Affero General Public License as
|
|
|
|
# published by the Free Software Foundation, either version 3 of the
|
|
|
|
# License, or (at your option) any later version.
|
|
|
|
#
|
|
|
|
# This program is distributed in the hope that it will be useful,
|
|
|
|
# but WITHOUT ANY WARRANTY; without even the implied warranty of
|
|
|
|
# MERCHANTABILITY or FITNESS FOR A PARTICULAR PURPOSE. See the
|
|
|
|
# GNU Affero General Public License for more details.
|
|
|
|
#
|
|
|
|
# You should have received a copy of the GNU Affero General Public License
|
|
|
|
# along with this program. If not, see <http://www.gnu.org/licenses/>.
|
|
|
|
|
2016-09-27 08:42:50 +00:00
|
|
|
import json
|
2016-11-09 01:57:35 +00:00
|
|
|
import logging
|
2016-11-09 22:59:39 +00:00
|
|
|
import os
|
2016-11-09 01:57:35 +00:00
|
|
|
import subprocess
|
2016-11-09 22:59:39 +00:00
|
|
|
import sys
|
2016-07-27 04:05:47 +00:00
|
|
|
|
2017-01-13 02:59:28 +00:00
|
|
|
from subiquitycore.controller import BaseController
|
|
|
|
from subiquitycore.models import IdentityModel
|
2016-11-09 01:33:41 +00:00
|
|
|
from subiquitycore.utils import disable_first_boot_service, run_command
|
2016-07-27 04:05:47 +00:00
|
|
|
|
2016-07-27 23:13:19 +00:00
|
|
|
from console_conf.ui.views import IdentityView, LoginView
|
2016-07-27 04:05:47 +00:00
|
|
|
|
2016-11-09 01:57:35 +00:00
|
|
|
log = logging.getLogger('console_conf.controllers.identity')
|
|
|
|
|
2016-11-09 22:59:39 +00:00
|
|
|
def get_device_owner():
|
|
|
|
""" Check if device is owned """
|
|
|
|
|
|
|
|
# TODO: use proper snap APIs.
|
|
|
|
try:
|
|
|
|
extrausers_fp = open('/var/lib/extrausers/passwd', 'r')
|
|
|
|
except FileNotFoundError:
|
|
|
|
return None
|
|
|
|
with extrausers_fp:
|
|
|
|
passwd_line = extrausers_fp.readline()
|
|
|
|
if passwd_line and len(passwd_line) > 0:
|
|
|
|
passwd = passwd_line.split(':')
|
|
|
|
result = {
|
|
|
|
'realname': passwd[4].split(',')[0],
|
|
|
|
'username': passwd[0],
|
|
|
|
'homedir': passwd[5],
|
|
|
|
}
|
|
|
|
return result
|
|
|
|
return None
|
|
|
|
|
2016-11-22 21:16:12 +00:00
|
|
|
login_details_tmpl = """\
|
|
|
|
Congratulations! This device is now registered to {realname}.
|
|
|
|
|
|
|
|
The next step is to log into the device via ssh:
|
|
|
|
|
|
|
|
{sshcommands}
|
|
|
|
These keys can be used to log in:
|
|
|
|
|
|
|
|
{sshkeys}
|
|
|
|
Once you've logged in, you can optionally set a password by running
|
|
|
|
"sudo passwd $USER". After you've set a password, you can also use it
|
|
|
|
to log in here.
|
|
|
|
|
2016-12-15 07:50:51 +00:00
|
|
|
You can explore snappy core with snap --help.
|
2016-11-22 21:16:12 +00:00
|
|
|
"""
|
2016-11-09 22:59:39 +00:00
|
|
|
|
|
|
|
def write_login_details(fp, realname, username, ips, fingerprints):
|
2016-11-22 21:16:12 +00:00
|
|
|
sshcommands = ""
|
2016-11-09 22:59:39 +00:00
|
|
|
for ip in ips:
|
2016-11-22 21:16:12 +00:00
|
|
|
sshcommands += " ssh %s@%s\n"%(username, ip)
|
|
|
|
sshkeys = ""
|
2016-11-09 22:59:39 +00:00
|
|
|
for fingerprint in fingerprints:
|
2016-11-22 21:16:12 +00:00
|
|
|
sshkeys += " " + fingerprint + "\n"
|
|
|
|
fp.write(login_details_tmpl.format(realname=realname, username=username, sshcommands=sshcommands, sshkeys=sshkeys))
|
2016-11-09 22:59:39 +00:00
|
|
|
|
|
|
|
def write_login_details_standalone():
|
|
|
|
owner = get_device_owner()
|
|
|
|
if owner is None:
|
|
|
|
# Nothing much we can do :/
|
|
|
|
print("No device owner details found")
|
|
|
|
return 0
|
|
|
|
from probert import network
|
|
|
|
from subiquitycore.models.network import NETDEV_IGNORED_IFACE_NAMES, NETDEV_IGNORED_IFACE_TYPES
|
|
|
|
import ipaddress
|
|
|
|
import operator
|
|
|
|
import socket
|
|
|
|
observer = network.UdevObserver()
|
|
|
|
observer.start()
|
|
|
|
ips = []
|
|
|
|
for l in sorted(observer.links.values(), key=operator.attrgetter('name')):
|
|
|
|
if l.type in NETDEV_IGNORED_IFACE_TYPES:
|
|
|
|
continue
|
|
|
|
if l.name in NETDEV_IGNORED_IFACE_NAMES:
|
|
|
|
continue
|
|
|
|
ips.extend([str(ipaddress.IPv4Interface(a).ip) for a in l.ip.get(socket.AF_INET, [])])
|
|
|
|
ips.extend([str(ipaddress.IPv6Interface(a).ip) for a in l.ip.get(socket.AF_INET6, [])])
|
|
|
|
key_file = os.path.join(owner['homedir'], ".ssh/authorized_keys")
|
|
|
|
fingerprints = run_command(['ssh-keygen', '-lf', key_file])['output'].replace('\r', '').splitlines()
|
|
|
|
write_login_details(sys.stdout, owner['realname'], owner['username'], ips, fingerprints)
|
|
|
|
return 0
|
|
|
|
|
|
|
|
|
2017-01-13 02:59:28 +00:00
|
|
|
class IdentityController(BaseController):
|
|
|
|
|
|
|
|
def __init__(self, common):
|
|
|
|
super().__init__(common)
|
|
|
|
self.model = IdentityModel(self.opts)
|
2016-07-27 10:15:22 +00:00
|
|
|
|
2016-09-27 02:33:54 +00:00
|
|
|
def default(self):
|
2016-07-27 10:15:22 +00:00
|
|
|
title = "Profile setup"
|
|
|
|
excerpt = "Enter an email address from your account in the store."
|
|
|
|
footer = ""
|
|
|
|
self.ui.set_header(title, excerpt)
|
|
|
|
self.ui.set_footer(footer, 40)
|
2017-01-13 02:59:28 +00:00
|
|
|
self.ui.set_body(IdentityView(self.model, self, self.opts, self.loop))
|
2016-11-09 22:59:39 +00:00
|
|
|
device_owner = get_device_owner()
|
2016-09-29 20:34:36 +00:00
|
|
|
if device_owner is not None:
|
2016-10-12 00:17:14 +00:00
|
|
|
self.model.add_user(device_owner)
|
2016-11-10 00:38:09 +00:00
|
|
|
key_file = os.path.join(device_owner['homedir'], ".ssh/authorized_keys")
|
|
|
|
self.model.user.fingerprints = run_command(['ssh-keygen', '-lf', key_file])['output'].replace('\r', '').splitlines()
|
2016-11-01 23:56:44 +00:00
|
|
|
self.login()
|
2016-09-29 19:17:15 +00:00
|
|
|
|
2016-09-27 08:42:50 +00:00
|
|
|
def identity_done(self, email):
|
2016-09-29 19:17:15 +00:00
|
|
|
if self.opts.dry_run:
|
|
|
|
result = {
|
|
|
|
'realname': email,
|
|
|
|
'username': email,
|
|
|
|
}
|
|
|
|
self.model.add_user(result)
|
2016-11-09 01:57:35 +00:00
|
|
|
ssh_keys = subprocess.getoutput('ssh-add -L').splitlines()
|
|
|
|
login_details_path = '.subiquity/login-details.txt'
|
2016-09-29 19:17:15 +00:00
|
|
|
else:
|
2016-09-27 08:42:50 +00:00
|
|
|
self.ui.frame.body.progress.set_text("Contacting store...")
|
|
|
|
self.loop.draw_screen()
|
|
|
|
result = run_command(["snap", "create-user", "--sudoer", "--json", email])
|
2016-09-30 02:12:15 +00:00
|
|
|
self.ui.frame.body.progress.set_text("")
|
2016-09-27 08:42:50 +00:00
|
|
|
if result['status'] != 0:
|
|
|
|
self.ui.frame.body.error.set_text("Creating user failed:\n" + result['err'])
|
|
|
|
return
|
|
|
|
else:
|
|
|
|
data = json.loads(result['output'])
|
|
|
|
result = {
|
|
|
|
'realname': email,
|
|
|
|
'username': data['username'],
|
|
|
|
}
|
2016-11-09 01:57:35 +00:00
|
|
|
ssh_keys = data['ssh-keys']
|
2016-11-09 22:59:39 +00:00
|
|
|
os.makedirs('/run/console-conf', exist_ok=True)
|
|
|
|
login_details_path = '/run/console-conf/login-details.txt'
|
2016-09-27 08:42:50 +00:00
|
|
|
self.model.add_user(result)
|
2016-11-09 01:57:35 +00:00
|
|
|
log.debug('ssh_keys %s', ssh_keys)
|
|
|
|
fingerprints = []
|
|
|
|
for key in ssh_keys:
|
|
|
|
keygen_result = subprocess.Popen(['ssh-keygen', '-lf', '-'], stdin=subprocess.PIPE, stdout=subprocess.PIPE)
|
|
|
|
fingerprint, err = keygen_result.communicate(key.encode('utf-8'))
|
2016-11-09 22:59:39 +00:00
|
|
|
fingerprints.append(fingerprint.decode('utf-8', 'replace').replace('\r', '').strip())
|
2016-11-10 00:38:09 +00:00
|
|
|
self.model.user.fingerprints = fingerprints
|
2016-11-09 01:57:35 +00:00
|
|
|
log.debug('fingerprints %s', fingerprints)
|
2016-11-09 22:59:39 +00:00
|
|
|
ips = []
|
2016-11-09 01:57:35 +00:00
|
|
|
net_model = self.controllers['Network'].model
|
2016-11-09 22:59:39 +00:00
|
|
|
for dev in net_model.get_all_netdevs():
|
|
|
|
ips.extend(dev.actual_ip_addresses)
|
2016-11-09 01:57:35 +00:00
|
|
|
with open(login_details_path, 'w') as fp:
|
2016-11-09 22:59:39 +00:00
|
|
|
write_login_details(fp, result['realname'], result['username'], ips, fingerprints)
|
2016-10-10 23:48:28 +00:00
|
|
|
self.login()
|
2016-09-27 08:42:50 +00:00
|
|
|
|
2016-11-01 23:44:04 +00:00
|
|
|
def cancel(self):
|
|
|
|
# You can only go back if we haven't created a user yet.
|
|
|
|
if self.model.user is None:
|
|
|
|
self.signal.emit_signal('prev-screen')
|
|
|
|
|
2016-07-27 22:30:27 +00:00
|
|
|
def login(self):
|
|
|
|
title = "Configuration Complete"
|
|
|
|
footer = "View configured user and device access methods"
|
|
|
|
self.ui.set_header(title)
|
|
|
|
self.ui.set_footer(footer)
|
|
|
|
|
|
|
|
net_model = self.controllers['Network'].model
|
2016-11-07 00:35:42 +00:00
|
|
|
ifaces = net_model.get_all_netdevs()
|
|
|
|
login_view = LoginView(self.opts, self.model, self, ifaces)
|
2016-07-27 22:30:27 +00:00
|
|
|
|
|
|
|
self.ui.set_body(login_view)
|
2016-09-27 02:33:54 +00:00
|
|
|
|
|
|
|
def login_done(self):
|
2016-09-27 08:42:50 +00:00
|
|
|
if not self.opts.dry_run:
|
|
|
|
# stop the console-conf services (this will kill the current process).
|
|
|
|
disable_first_boot_service()
|
|
|
|
|
|
|
|
self.signal.emit_signal('quit')
|