From 64309dd05411ee5b8ca294da58ddac9ffc882168 Mon Sep 17 00:00:00 2001
From: Michael DeHaan <mdehaan@redhat.com>
Date: Fri, 7 Mar 2008 11:26:04 -0500
Subject: Getting ready for 0.8.2 release

---
 CHANGELOG                  |  1 +
 cobbler.spec               |  2 +-
 cobbler/remote.py          | 42 ++++++++++++++++++++++
 cobbler/settings.py        |  2 ++
 config/settings            |  2 ++
 scripts/change_profile.cgi | 86 +++++++---------------------------------------
 scripts/findks.cgi         |  1 +
 scripts/register_mac.cgi   | 22 +-----------
 8 files changed, 63 insertions(+), 95 deletions(-)

diff --git a/CHANGELOG b/CHANGELOG
index d8fd5e6..8dca67a 100644
--- a/CHANGELOG
+++ b/CHANGELOG
@@ -5,6 +5,7 @@ Cobbler CHANGELOG
 - fix to webui to allow repos to be edited there on profile page
 - disable local socket XMLRPC as nothing is using it.
 - fixed findks.cgi so it supports multiple NICs
+- import now supports both --path and --mirror as aliases, as before
 - added change_profile.cgi for changing profiles from CGI
 - added register_mac.cgi
 
diff --git a/cobbler.spec b/cobbler.spec
index 4b52cf6..e56d298 100644
--- a/cobbler.spec
+++ b/cobbler.spec
@@ -190,7 +190,7 @@ test "x$RPM_BUILD_ROOT" != "x" && rm -rf $RPM_BUILD_ROOT
 
 %changelog
 
-* Fri Feb 22 2008 Michael DeHaan <mdehaan@redhat.com> - 0.8.2-1
+* Fri Mar 07 2008 Michael DeHaan <mdehaan@redhat.com> - 0.8.2-1
 - Upstream changes (see CHANGELOG)
 
 * Wed Feb 20 2008 Michael DeHaan <mdehaan@redhat.com> - 0.8.1-1
diff --git a/cobbler/remote.py b/cobbler/remote.py
index 57570aa..5131323 100644
--- a/cobbler/remote.py
+++ b/cobbler/remote.py
@@ -164,6 +164,48 @@ class CobblerXMLRPCInterface:
         """
         self.log("get_settings",token=token)
         return self.__get_all("settings")
+
+    def profile_change(self,mac,newprofile,token=None):
+        """
+        If allow_cgi_profile_change is enabled in settings, this allows
+        kickstarts to set the profile of a machine to another profile
+        via a wget in %post.  This has security implications.
+        READ: https://fedorahosted.org/cobbler/wiki/AutoProfileChange
+        """
+
+        if not self.api.settings().allow_cgi_profile_change:
+            return 1
+
+        system = self.api.find_system(mac_address=mac)
+        if system is None:
+            return 2
+   
+        system.set_profile(newprofile)
+        self.api.add_system(system)
+
+
+    def register_mac(self,mac,token=None):
+        """
+        If allow_cgi_register_mac is enabled in settings, this allows
+        kickstarts to add new system records for per-profile-provisioned
+        systems automatically via a wget in %post.  This has security
+        implications.
+        READ: https://fedorahosted.org/cobbler/wiki/AutoRegistration
+        """
+
+        if not self.api.settings().allow_cgi_mac_registration:
+            return 1
+
+        system = self.api.find_system(mac_address=mac)
+        if system is not None:
+            return 2
+
+        obj = server.new_system(token)
+        obj.set_profile(profile)
+        obj.set_name(mac.replace(":","_"))
+        obj.set_mac_address(mac, "intf0")
+        systems.add(obj,save=True)
+        return 0
  
     def disable_netboot(self,name,token=None):
         """
diff --git a/cobbler/settings.py b/cobbler/settings.py
index 8cd7032..581403c 100644
--- a/cobbler/settings.py
+++ b/cobbler/settings.py
@@ -22,6 +22,8 @@ TESTMODE = False
 # we need.
 
 DEFAULTS = {
+    "allow_cgi_mac_registration"  : 0,
+    "allow_cgi_profile_change"    : 0,
     "bootloaders"                 : {
         "standard"                : "/usr/lib/syslinux/pxelinux.0",
         "ia64"                    : "/var/lib/cobbler/elilo-3.6-ia64.efi"
diff --git a/config/settings b/config/settings
index c006cb3..9355e71 100644
--- a/config/settings
+++ b/config/settings
@@ -1,4 +1,6 @@
 ---
+allow_cgi_mac_registration: 0
+allow_cgi_profile_change: 0
 bootloaders:
     ia64: /var/lib/cobbler/elilo-3.6-ia64.efi
     standard: /usr/lib/syslinux/pxelinux.0
diff --git a/scripts/change_profile.cgi b/scripts/change_profile.cgi
index f2e5acd..f7330f1 100755
--- a/scripts/change_profile.cgi
+++ b/scripts/change_profile.cgi
@@ -24,12 +24,8 @@ import sys
 import socket
 import xmlrpclib
 
-# FIXME: edit these two variables to match your webui configuration
-USERNAME = "cobbler"
-PASSWORD = "cobbler"
-
 COBBLER_BASE = "/var/www/cobbler"
-XMLRPC_SERVER = "http://127.0.0.1/cobbler_api_rw"
+XMLRPC_SERVER = "http://127.0.0.1/cobbler_api"
 DEFAULT_PROFILE = "default"
 
 #----------------------------------------------------------------------
@@ -44,6 +40,12 @@ class ServerProxy(xmlrpclib.ServerProxy):
 def parse_query():
 
     form = cgi.parse()
+    
+    mac = "-1"
+    if os.environ.has_key("HTTP_X_RHN_PROVISIONING_MAC_0"):
+        # FIXME: will not key off other NICs
+        devicepair = os.environ["HTTP_X_RHN_PROVISIONING_MAC_0"]
+        return devicepair.split()[1].strip()
 
     if form.has_key("profile"):
         profile = form["profile"][0]
@@ -57,68 +59,10 @@ def parse_query():
 #----------------------------------------------------------------------
 
 def autodetect():
+    # get mac address, requires kssendmac on the kernel options line.
+    else:
+        return "-1"
 
-    # connect to cobblerd and get the list of systems
-    
-    try:
-        xmlrpc_server = ServerProxy(XMLRPC_SERVER)
-        systems = xmlrpc_server.get_systems()
-    except:
-        print "# could not contact cobblerd at %s" % XMLRPC_SERVER
-        sys.exit(1)
-
-    # if kssendmac was in the kernel options line, see
-    # if a system can be found matching the MAC address.  This
-    # is more specific than an IP match.
-
-    if os.environ.has_key("HTTP_X_RHN_PROVISIONING_MAC_0"):
-        # FIXME: will not key off other NICs
-        devicepair = os.environ["HTTP_X_RHN_PROVISIONING_MAC_0"]
-        mac = devicepair.split()[1].strip()
-        # mac is the macaddress of the first nic reported by anaconda
-        candidates = [system['name'] for system in systems if system['mac_address'].lower() == mac.lower()]
-        if len(candidates) == 0:
-	    print "# no system entries with MAC %s found" % mac
-	    print "# trying IP lookup"
-        elif len(candidates) > 1:
-	    print "# multiple system entries with MAC %s found" % mac
-	    sys.exit(1)
-        elif len(candidates) == 1:
-            print "# kickstart matched by MAC: %s" % mac
-	    return candidates[0]
-
-    # attempt to match by the IP.
-    
-    try:
-        ip = os.environ["REMOTE_ADDR"]
-    except:
-        ip = "127.0.0.1" 
-
-    candidates = []
-    for x in systems:
-        for y in x["interfaces"]:
-            if x["interfaces"][y]["ip_address"] == ip:
-                candidates.append(x)
-
-    if len(candidates) == 0:
-        print "# no system entries with ip %s found" % ip
-        sys.exit(1)
-    elif len(candidates) > 1:
-        print "# multiple system entries with ip %s found" % ip
-        sys.exit(1)
-    elif len(candidates) == 1:
-        return candidates[0]
-
-#----------------------------------------------------------------------
-    
-
-def make_change(server,system,profile,token):
-    print "# getting handle for: %s" % system
-    handle = server.get_system_handle(system,token)
-    print "# modifying system %s to %s" % (system,profile)
-    server.modify_system(handle,"profile",profile,token)
-    print "# saving system"
-    server.save_system(handle,token)
 
 #----------------------------------------------------------------------
 
@@ -132,15 +76,11 @@ if __name__ == "__main__":
     cgitb.enable(format='text')
     header()
     server = ServerProxy(XMLRPC_SERVER)
-    token = server.login(USERNAME,PASSWORD)
-    (system, profile) = parse_query()
-    print "# running for %s %s" % (system,profile)
+    (mac, profile) = parse_query()
     try:
        ip = os.environ["REMOTE_ADDR"]
     except:
        ip = "???"
-    print "# requestor ip = %s" % ip
-    print "# ============================="
-    print "# system name = %s" % system
-    make_change(server,system,profile,token)
+    print "# attempting to change system(mac=%s) to profile(%s)" % (mac,profile)
+    server.change_profile(mac,profile)
 
diff --git a/scripts/findks.cgi b/scripts/findks.cgi
index 6fad6dc..39adbcf 100755
--- a/scripts/findks.cgi
+++ b/scripts/findks.cgi
@@ -73,6 +73,7 @@ def autodetect():
 
         candidates = []
         for x in systems:
+
             for y in x["interfaces"]:
                 if x["interfaces"][y]["ip_address"] == ip:
                     candidates.append(x)
diff --git a/scripts/register_mac.cgi b/scripts/register_mac.cgi
index b0eb587..5507525 100755
--- a/scripts/register_mac.cgi
+++ b/scripts/register_mac.cgi
@@ -84,27 +84,7 @@ def autodetect():
     
 
 def make_change(server,mac,profile,token):
-    print "# getting handle for: %s" % mac
-
-    systems = server.get_systems()
-    for s in systems:
-       for i in s["interfaces"]:
-           if s["interfaces"][i]["mac_address"].lower() == mac.lower():
-              print "# found an existing record, will not continue"
-              return
-
-    # good, no system found, so we can add a new one.
-    print "# creating new system record"
-    handle = server.new_system(token)
-    server.modify_system(handle,"profile",profile,token)
-    server.modify_system(handle,"name",mac.replace(":","_"),token)
-    intf_hash = {
-        # FIXME: also include IP info if we have it?
-        "macaddress-intf0" : mac
-    }
-    server.modify_system(handle,"modify-interface",intf_hash,token)
-    print "# saving system"
-    server.save_system(handle,token)
+    server.register_mac(mac,profile)
 
 #----------------------------------------------------------------------
 
-- 
cgit