def update_user_permissions(verbose=False):
from skolesys.lib.conf import conf
import skolesys.lib.usermanager as userman
um = userman.UserManager()
userinfo = um.list_users(None)
homes_root = "%s/%s/users" % (conf.get('DOMAIN','domain_root'),conf.get('DOMAIN','domain_name'))
for uid,info in userinfo.items():
if verbose:
print 'Fixing user permissions for "%s"...' % uid
gid = int(info['gidNumber'])
home = "%s/%s" % (homes_root,uid)
if not os.path.exists(home):
execute('mkdir %s' % home)
execute('chown %s.%d %s' % (uid,gid,home))
documents = "%s/documents" % home
if not os.path.exists(documents):
execute('mkdir %s' % documents)
execute('chown %s.%d %s' % (uid,gid,documents))
cmd_fix_owner = 'chown %s.%s %s/* -RP' % (uid,gid,documents)
cmd_fix_perm = 'chmod u-x,u+Xrw,g-rwx,o-rwx %s/* -R' % documents
execute(cmd_fix_owner)
execute(cmd_fix_perm)
make_root_block(documents)
def write_configuration(self,access_type,auth_type=None,auth_name=None,servername=None):
# Clean up configurations
self.remove_configuration()
# Write new configuration
auth_str = ''
if access_type == None:
access_type = 'both'
if auth_type != None and auth_type.lower()=='group':
if auth_name == None:
auth_name = 'Password restriction to %s' % self.groupname
auth_str = auth_pam_group
auth_str = auth_str.replace('<auth_name>',auth_name)
auth_str = auth_str.replace('<groupname>',self.groupname)
if servername==None:
d = directory
d = d.replace('<domain_name>',conf.get('DOMAIN','domain_name'))
d = d.replace('<groupname>',self.groupname)
d = d.replace('<auth>',auth_str)
f = open('/etc/skolesys/www/directories/%s/%s' % (access_type,self.groupname) , 'w')
f.write(d)
f.close()
else:
d = directory
d = d.replace('<domain_name>',conf.get('DOMAIN','domain_name'))
d = d.replace('<groupname>',self.groupname)
d = d.replace('<auth>',auth_str)
f = open('/etc/skolesys/www/directories/%s/%s' % (access_type,self.groupname) , 'w')
f.write(d)
f.close()
self.setup_resource_location()
def setup_resource_location(self):
print "bla"
if not os.path.exists('%s/data' % self.resloc):
os.system('mkdir %s/data' % self.resloc)
os.system('chgrp %s %s/data -Rf' % (self.groupname,self.resloc))
os.system('chmod g+rwt %s/data -Rf' % self.resloc)
home_path = "%s/%s/groups/%s" % (conf.get('DOMAIN','domain_root'),conf.get('DOMAIN','domain_name'),self.groupname)
if not os.path.exists('%s/www' % home_path):
os.system('ln -sf %s/data %s/www' % (self.resloc,home_path))
def basedn_by_usertype(usertype=None):
confkey = ou_confkey_by_usertype(usertype)
if not confkey:
return None
from skolesys.lib.conf import conf
try:
basedn = conf.get("LDAPSERVER", "basedn")
user_ou = conf.get("LDAPSERVER", "logins_ou")
usertype_ou = conf.get("LDAPSERVER", confkey)
except:
return None
return "%s,%s,%s" % (usertype_ou, user_ou, basedn)
def basedn_by_grouptype(grouptype=None):
confkey = ou_confkey_by_grouptype(grouptype)
if not confkey:
return None
from skolesys.lib.conf import conf
try:
basedn = conf.get("LDAPSERVER", "basedn")
group_ou = conf.get("LDAPSERVER", "groups_ou")
grouptype_ou = conf.get("LDAPSERVER", confkey)
except:
return None
return "%s,%s,%s" % (grouptype_ou, group_ou, basedn)
def mk_user_ss_remote(username):
publish_dir = '/skolesys/www/ss-remote/userclients/%s/win32' % username
if not os.path.exists(publish_dir):
os.makedirs(publish_dir)
try:
linux_home_path = pwd.getpwnam(username)[5]
except:
print 'User "%s" does not exist or has no homedir' % username
sys.exit(1)
domain_name = conf.get('DOMAIN','domain_name')
host = "%s.skolesys.dk" % domain_name.split('.')[0]
remote_host = conf.get('TERMINAL_SERVICE','freenx')
f=open('%s/hostinfo.conf' % publish_dir,'w')
f.write("""[HOSTINFO]
host = %s
remote_host = %s
remote_port = 22
local_port = 10000
""" % (host,remote_host))
f.close()
if os.path.exists('/skolesys/www/ss-remote/win32/ss-remote.exe'):
if not os.path.exists('%s/.ssh/id_dsa'%linux_home_path):
print 'User "%s" has no keyfile "%s/.ssh/id_dsa"' % (username,linux_home_path)
sys.exit(1)
os.system('cp /skolesys/www/ss-remote/win32/ss-remote.exe %s/' % publish_dir)
zf = zipfile.ZipFile('%s/ss-remote.exe' % publish_dir ,'a')
zf.write('%s/hostinfo.conf' % publish_dir,'dist/hostinfo.conf')
zf.write('%s/.ssh/id_dsa'%linux_home_path,'dist/id_dsa')
zf.close()
w,r = os.popen2('zip -z %s/ss-remote.exe' % publish_dir)
w.write(""";The comment below contains SFX script commands
Setup=start.vbs
TempMode
Overwrite=1
""")
w.close()
r.close()
os.system('chown www-data.www-data %s -R' % publish_dir)
def tr(domain,msg,lang=None):
"""
tr is the base translation function that can fetch the translation
from any domain on any language. It is a simple lazy implementaion
that stores the translation objects per domain/lang as they are used.
This makes the tr function ideal in persistent applications, so the
language files do not need to be parsed again and again.
"""
global translators
if lang==None:
# If language isn't passed to the function
lang = 'en' # safe fallback
if os.getuid()==0:
# if root then use lang defined in skolesys.conf
from skolesys.lib.conf import conf
lang = conf.get('OPTIONS','default_lang')
elif os.environ.has_key('LANG'):
# Else use the environment
lang = os.environ['LANG']
print lang
if not translators.has_key((domain,lang)):
try:
translators[(domain,lang)] = gettext.translation(domain, languages=[lang])
except IOError,e:
return msg+"*"
def update_group_permissions(verbose=False):
from skolesys.lib.conf import conf
import skolesys.lib.groupmanager as groupman
gm = groupman.GroupManager()
groupinfo = gm.list_groups('service')
groups_root = "%s/%s/groups" % (conf.get('DOMAIN','domain_root'),conf.get('DOMAIN','domain_name'))
for gid,info in groupinfo.items():
if verbose:
print 'Fixing group permissions for "%s"...' % gid
home = "%s/%s" % (groups_root,gid)
if not os.path.exists(home):
execute('mkdir %s' % home)
execute('chgrp %s %s -R -f' % (gid,home))
execute('chmod g+wrs,o-rwx %s -R -f' % home)
execute('chgrp %s %s -R -f' % (gid,home))
execute('chmod o-rwx,g-x,g+X,u-x,u+X %s -R -f' % home)
# MERCHANTABILITY or FITNESS FOR A PARTICULAR PURPOSE. See the GNU
# Library General Public License for more details.
#
# You should have received a copy of the GNU Library General Public License
# along with this library; see the file COPYING.LIB. If not, write to
# the Free Software Foundation, Inc., 51 Franklin Street, Fifth Floor,
# Boston, MA 02110-1301, USA.
__author__ = "Jakob Simon-Gaarde <*****@*****.**>"
import syslog
from skolesys.lib.conf import conf
cur_loglevel = 0 # by default logging is off
if conf.has_option('DOMAIN','loglevel'):
loglevel = conf.get('DOMAIN','loglevel')
if loglevel.isdigit():
cur_loglevel = int(loglevel)
def write(msg,loglevel=3,context=None,force=False):
global cur_loglevel
if cur_loglevel<loglevel and force==False:
# Log level filters out this message
return
ident = "skolesys"
if context:
ident = "skolesys-%s" % str(context)
syslog.openlog(ident)
def fetch_conf_ou(ou,conf):
try:
return c.match(conf.get('LDAPSERVER','%s_ou' % ou)).groups()
except:
print "skolesys.conf needs the required variable '%s_ou' to be set." % ou
sys.exit(1)
def init_mainserver():
import skolesys.tools.mkpasswd as pw
import getpass,os,time,re,sys
import inspect,shutil
import skolesys
import skolesys.cfmachine.apthelpers as apthelper
import skolesys.tools.sysinfo as sysinfo
# Check root privilegdes
if not os.getuid()==0:
print "This command requires root priviledges"
sys.exit(1)
os.system('clear')
location = os.path.split(inspect.getfile(skolesys))[0]
print "SkoleSYS administrator login"
print "----------------------------"
in_adminpw = getpass.getpass('Enter the ldap skolesys.org admin passwd: ')
if in_adminpw != getpass.getpass('Verify the ldap skolesys.org admin passwd: '):
print "The passwords entered did not match"
sys.exit(1)
print
print "The school administrator login"
print "------------------------------"
in_schooladminpw = getpass.getpass('Enter the ldap school admin passwd: ')
if in_schooladminpw != getpass.getpass('Verify the ldap school admin passwd: '):
print "The passwords entered did not match"
sys.exit(1)
print
print "School domain setup"
print "-------------------"
organization_name = raw_input("What is the name of the school: ")
print
domain_name = raw_input("What is the school's domain name (ex. riggshigh.co.uk): ")
domain_name_prefix = domain_name.split('.')[0]
print
country_code = raw_input("What is the country code of servers location (ex. dk=Denmark, uk=United Kingdom): ")
print
province = raw_input("Province or state (free text no constraints): ")
print
lang = raw_input("What should be the default language (ex. da=danish, en=english): ")
print
package_group = None
while not package_group:
package_group = raw_input("Choose which package group to use for this server (testing,stable) [stable]: ")
if package_group == '':
package_group = 'stable'
if not ['testing','stable'].count(package_group):
package_group = None
# Create certificate and master ssh keypair
f = open('%s/seeder/cert.cnf_template' % location )
cert_cnf_lines = f.readlines()
f.close()
f = open('cert.cnf','w')
for l in cert_cnf_lines:
l = l.replace('<domain_name>',domain_name)
l = l.replace('<lang>',lang)
l = l.replace('<country_code>',country_code)
l = l.replace('<province>',province)
l = l.replace('<organization_name>','skolesys')
l = l.replace('<organization_unit_name>',organization_name)
l = l.replace('<common_name>',organization_name)
l = l.replace('<country_code>',country_code)
f.write(l)
f.close()
res = os.system('openssl req -new -passin pass:%s -passout pass:%s -config cert.cnf > new.cert.csr' % (in_schooladminpw,in_schooladminpw))
if not res==0:
print
print "SkoleSYS Seeder - failed while creating the SOAP certificate files"
sys.exit(1)
res = os.system('openssl rsa -in privkey.pem -passin pass:%s -out %s.key' % (in_schooladminpw,domain_name))
if not res==0:
print
print "SkoleSYS Seeder - failed while creating the SOAP certificate files"
sys.exit(1)
res = os.system('openssl x509 -in new.cert.csr -out %s.cert -req -signkey %s.key -days 20000' % (domain_name,domain_name))
if not res==0:
print
print "SkoleSYS Seeder - failed while creating the SOAP certificate files"
sys.exit(1)
# Copy certificate into place
if not os.path.exists('/etc/skolesys/cert/'):
os.makedirs('/etc/skolesys/cert/')
res = os.system('cp %s.key %s.cert /etc/skolesys/cert/' % (domain_name,domain_name))
if not res==0:
print
print "SkoleSYS Seeder - failed while copying certificate into place"
sys.exit(1)
# Create the master ssh keypair
if not os.path.exists('/etc/skolesys/ssh/'):
os.makedirs('/etc/skolesys/ssh/')
res = os.system('ssh-keygen -b 1024 -t dsa -N "" -f /etc/skolesys/ssh/id_dsa')
if not res==0:
print
print "SkoleSYS Seeder - failed while creating the master ssh keypair"
sys.exit(1)
# Read template files before they are removed
f = open('%s/seeder/slapd.conf_template' % location)
slapd_conf_lines = f.readlines()
f.close()
f = open('%s/seeder/skolesys.ldif_template' % location)
skolesys_ldif_lines = f.readlines()
f.close()
# INSTALL
# Wipe sources.list on mainserver install
os.system('echo "" > /etc/apt/sources.list')
# fetch the release codename
codename = sysinfo.get_dist_codename()
# ensure some entries in sources.list
apt_source_entries = [
{'type':'deb','uri':'http://archive.skolesys.dk/%s' % package_group,'distribution':codename,'components':['main']},
{'type':'deb','uri':'http://archive.ubuntu.com/ubuntu/','distribution':codename,'components':['main','restricted','universe']},
{'type':'deb-src','uri':'http://archive.ubuntu.com/ubuntu/','distribution':codename,'components':['main','restricted','universe']},
{'type':'deb','uri':'http://archive.ubuntu.com/ubuntu/','distribution':'%s-backports' % codename ,'components':['main','restricted','universe','multiverse']},
{'type':'deb-src','uri':'http://archive.ubuntu.com/ubuntu/','distribution':'%s-backports' % codename,'components':['main','restricted','universe','multiverse']},
{'type':'deb','uri':'http://archive.ubuntu.com/ubuntu/','distribution':'%s-updates' % codename ,'components':['main','restricted','universe','multiverse']},
{'type':'deb-src','uri':'http://archive.ubuntu.com/ubuntu/','distribution':'%s-updates' % codename,'components':['main','restricted','universe','multiverse']},
{'type':'deb','uri':'http://security.ubuntu.com/ubuntu','distribution':'%s-security' % codename,'components':['main','restricted','universe']},
{'type':'deb-src','uri':'http://security.ubuntu.com/ubuntu','distribution':'%s-security' % codename,'components':['main','restricted','universe']}]
slist = apthelper.SourcesList()
for src in apt_source_entries:
slist.add_source(src['type'],src['uri'],src['distribution'],src['components'])
slist.print_sources_list()
if slist.dirty:
slist.write_sources_list()
res = os.system('apt-get update')
if not res==0:
print
print "SkoleSYS Seeder - failed while updating packages"
sys.exit(1)
# Better read the skolesys.conf template file since the mainserver package will remove it next
f = open('%s/seeder/skolesys.conf_template' % location)
lines = f.readlines()
f.close()
f = open('/etc/skolesys/skolesys.conf','w')
for l in lines:
l = l.replace('<domain_name>',domain_name)
l = l.replace('<domain_name_prefix>',domain_name_prefix)
l = l.replace('<uc_domain_name_prefix>', domain_name_prefix.upper())
l = l.replace('<package_group>',package_group)
l = l.replace('<lang>',lang)
f.write(l)
f.close()
os.system('chmod 644 /etc/skolesys/skolesys.conf')
# Replace python-skolesys-seeder with python-skolesys-mainserver
os.environ['DEBIAN_FRONTEND'] = 'noninteractive'
os.environ['DEBCONF_ADMIN_EMAIL'] = ''
res = os.system('apt-get install -y slapd')
if not res==0:
print
print "SkoleSYS Seeder - failed while installing LDAP server"
sys.exit(1)
res = os.system('apt-get install -y ldap-utils')
if not res==0:
print
print "SkoleSYS Seeder - failed while installing LDAP utils"
sys.exit(1)
shutil.copy('%s/seeder/skolesys.schema' % location,'/etc/ldap/schema/')
shutil.copy('%s/seeder/samba.schema' % location,'/etc/ldap/schema/')
if not os.path.exists('/skolesys/misc_backup'):
os.makedirs('/skolesys/misc_backup')
if not os.path.exists('/skolesys/%s/groups' % domain_name):
os.makedirs('/skolesys/%s/groups' % domain_name)
if not os.path.exists('/skolesys/%s/users' % domain_name):
os.makedirs('/skolesys/%s/users' % domain_name)
if not os.path.exists('/skolesys/%s/profiles' % domain_name):
os.makedirs('/skolesys/%s/profiles' % domain_name)
if not os.path.exists('/skolesys/%s/services' % domain_name):
os.makedirs('/skolesys/%s/services' % domain_name)
if not os.path.exists('/skolesys/%s/smbshares' % domain_name):
os.makedirs('/skolesys/%s/smbshares' % domain_name)
f = open('/etc/pam_ldap.secret','w')
f.write('%s\n' % in_adminpw)
f.close()
from skolesys.lib.conf import conf
res = os.system('/etc/init.d/slapd stop')
if not res==0:
print
print "SkoleSYS Seeder - failed while stopping the LDAP Server"
sys.exit(1)
os.system('rm /var/lib/ldap/* -R -f')
f = open('/etc/ldap/slapd.conf','w')
for l in slapd_conf_lines:
l = l.replace('<basedn>',conf.get('LDAPSERVER','basedn'))
l = l.replace('<passwd>',pw.mkpasswd(in_adminpw,3,'ssha').strip())
l = l.replace('<admin>',conf.get('LDAPSERVER','admin'))
f.write(l)
f.close()
os.system('chmod 600 /etc/ldap/slapd.conf')
# ldif fore initializing ldap
f = open('skolesys.ldif','w')
c = re.compile('(ou=(\S+))')
def fetch_conf_ou(ou,conf):
try:
return c.match(conf.get('LDAPSERVER','%s_ou' % ou)).groups()
except:
print "skolesys.conf needs the required variable '%s_ou' to be set." % ou
sys.exit(1)
groups_ou,groups = fetch_conf_ou('groups',conf)
logins_ou,logins = fetch_conf_ou('logins',conf)
teachers_ou,teachers = fetch_conf_ou('teachers',conf)
students_ou,students = fetch_conf_ou('students',conf)
parents_ou,parents = fetch_conf_ou('parents',conf)
others_ou,others = fetch_conf_ou('others',conf)
primary_ou,primary = fetch_conf_ou('primary',conf)
system_ou,system = fetch_conf_ou('system',conf)
service_ou,service = fetch_conf_ou('service',conf)
samba_ou,samba = fetch_conf_ou('samba',conf)
smb_users_ou,smb_users = fetch_conf_ou('smb_users',conf)
smb_machines_ou,smb_machines = fetch_conf_ou('smb_machines',conf)
smb_groups_ou,smb_groups = fetch_conf_ou('smb_groups',conf)
hosts_ou,hosts = fetch_conf_ou('hosts',conf)
domain_name_prefix = conf.get('DOMAIN','domain_name').split('.')[0]
for l in skolesys_ldif_lines:
l = l.replace('<basedn>',conf.get('LDAPSERVER','basedn'))
l = l.replace('<groups_ou>',groups_ou)
l = l.replace('<logins_ou>',logins_ou)
l = l.replace('<teachers_ou>',teachers_ou)
l = l.replace('<students_ou>',students_ou)
l = l.replace('<parents_ou>',parents_ou)
l = l.replace('<others_ou>',others_ou)
l = l.replace('<primary_ou>',primary_ou)
l = l.replace('<system_ou>',system_ou)
l = l.replace('<service_ou>',service_ou)
l = l.replace('<samba_ou>',samba_ou)
l = l.replace('<smb_users_ou>',smb_users_ou)
l = l.replace('<smb_machines_ou>',smb_machines_ou)
l = l.replace('<smb_groups_ou>',smb_groups_ou)
l = l.replace('<hosts_ou>',hosts_ou)
l = l.replace('<groups>',groups)
l = l.replace('<logins>',logins)
l = l.replace('<teachers>',teachers)
l = l.replace('<students>',students)
l = l.replace('<parents>',parents)
l = l.replace('<others>',others)
l = l.replace('<primary>',primary)
l = l.replace('<system>',system)
l = l.replace('<service>',service)
l = l.replace('<samba>',samba)
l = l.replace('<smb_users>',smb_users)
l = l.replace('<smb_machines>',smb_machines)
l = l.replace('<smb_groups>',smb_groups)
l = l.replace('<hosts>',hosts)
l = l.replace('<domain_name>',conf.get('DOMAIN','domain_name'))
l = l.replace('<domain_name_prefix>',domain_name_prefix)
l = l.replace('<passwd>',pw.mkpasswd(in_adminpw,3,'crypt').strip())
l = l.replace('<schooladmin_passwd>',pw.mkpasswd(in_schooladminpw,3,'crypt').strip())
f.write(l)
f.close()
res = os.system('/etc/init.d/slapd restart')
if not res==0:
print
print "SkoleSYS Seeder - failed while restarting the LDAP Server"
sys.exit(1)
print "Sleeping 5 seconds to ensure slapd restart..."
time.sleep(5)
res = os.system('ldapadd -x -D "cn=admin,dc=skolesys,dc=org" -w %s -f skolesys.ldif' % in_adminpw)
if not res==0:
print
print "SkoleSYS Seeder - failed while adding creating LDAP server structure"
sys.exit(1)
res = os.system('rm skolesys.ldif -f')
f = open('/etc/hosts','a')
f.write('127.0.0.1\tmainserver.localnet\n')
f.close()
res = os.system('apt-get install -y python-skolesys-mainserver')
if not res==0:
print
print "SkoleSYS Seeder - failed while installing SkoleSYS mainserver package"
sys.exit(1)
import skolesys.lib.hostmanager as h
import skolesys.definitions.hostdef as hostdef
import skolesys.soap.netinfo as netinfo
hm = h.HostManager()
print hm.register_host(netinfo.if2hwaddr('eth0'),'mainserver',hostdef.hosttype_as_id('mainserver'),update_hosts=False)
import skolesys.cfmachine.configbuilder as confbuilder
cb = confbuilder.ConfigBuilder(hostdef.hosttype_as_id('mainserver'),codename,netinfo.if2hwaddr('eth0'),'seed-mainserver')
curdir = os.getcwd()
os.chdir(cb.tempdir)
res = os.system('./install.sh')
if not res==0:
print
print "SkoleSYS Seeder - failed while fetching the configuration"
sys.exit(1)
os.chdir(curdir)
del cb
res = os.system('smbpasswd -w %s' % in_schooladminpw)
if not res==0:
print
print "SkoleSYS Seeder - failed while storing LDAP password for samba"
sys.exit(1)
res = os.system('/etc/init.d/samba restart')
if not res==0:
print
print "SkoleSYS Seeder - faield to restart samba"
sys.exit(1)
res = os.system('useradd smbadmin')
if not res==0:
print
print "SkoleSYS Seeder - failed while adding user smbadmin"
sys.exit(1)
w,r = os.popen2('smbpasswd -a smbadmin -s')
w.write('%s\n' % in_schooladminpw)
w.write('%s\n' % in_schooladminpw)
w.close()
r.close()
print "Done configuring the mainserver."
print "Add system groups..."
os.system('ss_groupmanager creategroup ssadmin -n "SkoleSYS Administrator" -t primary')
os.system('ss_usermanager createuser ssadmin -g SkoleSYS -f Admin -t other -G ssadmin -p %s' % in_adminpw)
os.system('ss_accessmanager grant_access ssadmin access.soap.bind')
