rewrite local accounts

abcdesktopio · Oct 18, 2024 · 25a1812 · 25a1812
1 parent 0ec6b03
commit 25a1812
Show file tree

Hide file tree

Showing 4 changed files with 84 additions and 36 deletions.
diff --git a/oc/auth/authservice.py b/oc/auth/authservice.py
@@ -135,28 +135,43 @@ def isPosixAccount( self ):
 
     @staticmethod
     def getConfigdefaultPosixAccount():
+        uid=oc.od.settings.getballoon_loginname()
+        gid=oc.od.settings.getballoon_groupname()
+        uidNumber=oc.od.settings.getballoon_uidNumber()
+        gidNumber=oc.od.settings.getballoon_gidNumber()
+        homeDirectory=oc.od.settings.getballoon_homedirectory( uid )
+        loginShell=oc.od.settings.getballoon_loginShell()
+        description='abcdesktop default account'
         return AuthUser.getdefaultPosixAccount( 
-            uid=oc.od.settings.getballoon_loginname(),
-            gid=oc.od.settings.getballoon_groupname(),
-            uidNumber=oc.od.settings.getballoon_uidNumber(),
-            gidNumber=oc.od.settings.getballoon_gidNumber(),
-            homeDirectory=oc.od.settings.getballoon_homedirectory(),
-            loginShell=oc.od.settings.getballoon_loginShell(),
-            description='abcdesktop default account'
+            uid=uid,
+            gid=gid,
+            uidNumber=uidNumber,
+            gidNumber=gidNumber,
+            homeDirectory=homeDirectory,
+            loginShell=loginShell,
+            description=description
         )
 
     @staticmethod
     def getPosixAccountfromlocalAccount( localaccount:dict )->dict:
         if not isinstance(localaccount, dict):
-            localaccount = AuthUser.getConfigdefaultPosixAccount()
+            return AuthUser.getConfigdefaultPosixAccount()
+
+        uid=localaccount.get('uid',oc.od.settings.getballoon_loginname())
+        gid=localaccount.get('gid',oc.od.settings.getballoon_groupname())
+        uidNumber=localaccount.get('uidNumber', oc.od.settings.getballoon_uidNumber())
+        gidNumber=localaccount.get('gidNumber',oc.od.settings.getballoon_gidNumber())
+        homeDirectory=localaccount.get('homeDirectory',oc.od.settings.getballoon_homedirectory(uid))
+        loginShell=localaccount.get('loginShell',oc.od.settings.getballoon_loginShell())
+        description=localaccount.get('description', "abcdesktop generated account")
         return AuthUser.getdefaultPosixAccount( 
-            uid=localaccount.get('uid',oc.od.settings.getballoon_loginname()),
-            gid=localaccount.get('gid',oc.od.settings.getballoon_groupname()),
-            uidNumber=localaccount.get('uidNumber', oc.od.settings.getballoon_uidNumber()),
-            gidNumber=localaccount.get('gidNumber',oc.od.settings.getballoon_gidNumber()),
-            homeDirectory=localaccount.get('homeDirectory',oc.od.settings.getballoon_homedirectory()),
-            loginShell=localaccount.get('loginShell',oc.od.settings.getballoon_loginShell()),
-            description=localaccount.get('description','abcdesktop default account')
+            uid=uid,
+            gid=gid,
+            uidNumber=uidNumber,
+            gidNumber=gidNumber,
+            homeDirectory=homeDirectory,
+            loginShell=loginShell,
+            description=description
         )
 
     @staticmethod
@@ -846,7 +861,6 @@ def isBoolean( value ):
             if not isinstance(value, bool):
                 logger.warning(f"invalid value type boolean {type(value)}, bool is expected in rule")
                 return False
-
             return value
 
         def isMemberOf(roles, groups ) :
@@ -996,17 +1010,17 @@ def isAttribut(user, attribut, start_with=None, equal=None ):
         network = condition.get('network')
         if isinstance(network, str ) or isinstance(network, list ) :
             ipsource = getclientipaddr()
-            self.logger.debug( f"network rules ipsource={ipsource}" )
+            # self.logger.debug( f"network rules ipsource={ipsource}" )
             result = isinNetwork( ipsource, network )
             if result == condition.get( 'expected' ):
                 compiled_result = True
 
         network = condition.get('network-x-forwarded-for')
         if isinstance(network, str ) or isinstance(network, list ) :
             # getclientxforwardedfor_listip return a list of all ip addr
-            self.logger.debug(f"condition network-x-forwarded-for start" )
+            # self.logger.debug(f"condition network-x-forwarded-for start" )
             ipsources = getclientxforwardedfor_listip()
-            self.logger.debug(f"condition network-x-forwarded-for test isinNetwork ipsources={ipsources} network={network}" )
+            # self.logger.debug(f"condition network-x-forwarded-for test isinNetwork ipsources={ipsources} network={network}" )
             result = isinNetwork( ipsources, network )
             if result == condition.get( 'expected'):
                 compiled_result = True
@@ -1055,7 +1069,7 @@ def isAttribut(user, attribut, start_with=None, equal=None ):
             if result == condition.get('expected'):
                 compiled_result = True
 
-        self.logger.debug( f"compiledcondition -> {compiled_result}")
+        # self.logger.debug( f"compiledcondition -> {compiled_result}")
         return compiled_result
 
     def compiledrule( self, name, rule, thread_compiled_result, user, roles, provider=None, auth=None ):
@@ -1080,10 +1094,9 @@ def compiledrule( self, name, rule, thread_compiled_result, user, roles, provide
             return False
 
         compiled_result = all( results )
-        logger.debug( f"rules (compiled_result={compiled_result})==(expected=={expected})" )
         result = compiled_result == expected
         thread_compiled_result[name] = result
-        logger.debug( f"rules return result={result} thread_compiled_result[{name}] {thread_compiled_result[name]} name={name}" )
+        logger.debug( f"{name} rules {conditions} (compiled_result={compiled_result})==(expected=={expected}) return result={result}" )
         return result
 
 
@@ -2096,7 +2109,7 @@ def generateLocalAccount(self, userinfo, user, password ):
         if not isinstance( password, str ): 
             password = self.default_passwd_if_not_exist
         if not isinstance( homeDirectory, str ): 
-            homeDirectory = oc.od.settings.getballoon_homedirectory()
+            homeDirectory = oc.od.settings.getballoon_homedirectory(uid)
 
         hashes = {  
             'uid'  : uid,
@@ -2293,7 +2306,7 @@ def getuserinfo(self, authinfo, **params):
             cn=name, 
             uidNumber=oc.od.settings.getballoon_uidNumber(),
             gidNumber=oc.od.settings.getballoon_gidNumber(),
-            homeDirectory=oc.od.settings.getballoon_homedirectory(),
+            homeDirectory=oc.od.settings.getballoon_homedirectory(uid),
             loginShell=oc.od.settings.getballoon_loginShell(),
             description='abcdesktop anonymous account' )
         userinfo['posix'] = anonymousPosix
@@ -2615,7 +2628,7 @@ def validate(self, userid, password, **params):
         conn   = None   # set default value
 
         if self.auth_type not in ODLdapAuthProvider.LDAP_AUTH_SUPPORTED_METHOD:
-             raise AuthenticationError(f"auth_type must be in {ODLdapAuthProvider.LDAP_AUTH_SUPPORTED_METHOD}")
+             raise AuthenticationError(f"auth_type must be in {ODLdapAuthProvider.LDAP_AUTH_SUPPORTED_METHOD} entry is {self.auth_type}")
 
         self.logger.debug( f"validate uses auth_type={self.auth_type}")
         if self.auth_type == 'KERBEROS':

diff --git a/oc/od/configmap.py b/oc/od/configmap.py
@@ -198,9 +198,10 @@ def _create_dict(self, authinfo, userinfo,  arguments):
         # Default configmap dict
         uid = arguments.get('uid' )
         sha512 = arguments.get('sha512')
-        uidNumber =  arguments.get('uidNumber' )
-        gidNumber =  arguments.get('gidNumber' )
-        passwd_line = f"{uid}:x:{uidNumber}:{gidNumber}::{oc.od.settings.balloon_homedirectory}:{oc.od.settings.balloon_shell}"
+        uidNumber =  arguments.get('uidNumber')
+        gidNumber =  arguments.get('gidNumber')
+        homedir = oc.od.settings.getballoon_homedirectory(uid)
+        passwd_line = f"{uid}:x:{uidNumber}:{gidNumber}::{homedir}:{oc.od.settings.balloon_shell}"
         group_line  = f"{uid}:x:{gidNumber}" + "\n" + "sudo:x:27:{uid}"
         shadow_line = f"{uid}:{sha512}:19080:0:99999:7:::"
 

diff --git a/oc/od/secret.py b/oc/od/secret.py
@@ -350,6 +350,19 @@ def _create_dict(self, authinfo, userinfo, arguments):
         if isinstance(domain,str) :
             mydict_secret.update( { 'domain':  ODSecret.strtob64(domain) } )
         return mydict_secret
+
+    def read_alldata(self, authinfo:AuthInfo, userinfo:AuthUser)->dict:
+        alldata = super().read_alldata(authinfo, userinfo)
+        if isinstance(alldata,dict):
+            data = alldata.get('data')
+            # try to decode json data to dict 
+            if isinstance( data, str ):
+                try:
+                    _data = json.loads( data )
+                    alldata['data'] = _data
+                except Exception as e:
+                    self.logger.error( e )
+        return alldata
 
 
 class ODSecretRemoteFileSystemDriverUsingKerberosAuth( ODSecret ):

diff --git a/oc/od/settings.py b/oc/od/settings.py
@@ -37,6 +37,7 @@
 
 # User balloon define
 # Balloon is the default user used inside container
+homerootdirectory = '/root'
 balloon_homedirectory = '/home/balloon'
 balloon_uidNumber = 4096            # default user id
 balloon_gidNumber = 4096            # default group id
@@ -96,31 +97,46 @@
 jwt_config_user = None
 jwt_config_desktop = None
 
-# webrtc config
+#
+# default webrtc config
 webrtc = { 
     'enable': False, 
     'rtc_configuration': {},
     'rtc_constraints': {},
-    'coturn': {}     }
+    'coturn': {}    
+}
 
 def getballoon_loginname()->str:     
     return balloon_loginname
 def getballoon_groupname()->str:     
     return balloon_groupname
 def getballoon_loginShell()->str:    
     return balloon_shell
-def getballoon_homedirectory()->str: 
-    return balloon_homedirectory
+def getballoon_homedirectory( uid:str=None )->str:
+    """getballoon_homedirectory
+
+    Args:
+        uid (str, optional): user id  Defaults to None.
+
+    Returns:
+        str: user HOMEDIR str like /home/myuser
+    """
+    homedirectory = None
+    if uid is None:
+        homedirectory = balloon_homedirectory
+    else:
+        homedirectory = os.path.join( homerootdirectory, str(uid) )
+    return homedirectory
 def getballoon_uidNumber()->int:
-    """[summary]
+    """getballoon_uidNumber
 
     Returns:
         int: balloon user id
     """
     return balloon_uidNumber
 
 def getballoon_gidNumber()->int:
-    """[summary]
+    """getballoon_gidNumber
 
     Returns:
         int: balloon group id
@@ -432,14 +448,19 @@ def init_balloon():
     global balloon_groupname
     global balloon_password
     global balloon_homedirectory
+    global homerootdirectory 
 
+    homerootdirectory = gconfig.get('desktop.homerootdirectory', '/home')
     balloon_loginname = gconfig.get('desktop.username',  'balloon')
     balloon_groupname = gconfig.get('desktop.groupname', 'balloon')
     balloon_uidNumber = gconfig.get('desktop.userid', 4096)
     balloon_gidNumber = gconfig.get('desktop.groupid', 4096)
     balloon_shell     = gconfig.get('destkop.shell', '/bin/bash')
-    balloon_password    = gconfig.get('desktop.userpasswd', 'lmdpocpetit')
-    balloon_homedirectory = gconfig.get('desktop.userhomedirectory', '/home/balloon')
+    balloon_password  = gconfig.get('desktop.userpasswd', 'lmdpocpetit')
+    balloon_homedirectory = gconfig.get(
+        'desktop.userhomedirectory', 
+        os.path.join( homerootdirectory, balloon_loginname ) 
+    )
 
 
 def _resolv( fqdh:str )->str: