def specificGroup(id): if not es.isAuthorized("usermgmt"): return "ERR_ACCESS_DENIED", 403 dbconn = db.database() lg = ldap.groups() if request.method == "GET": dbconn.execute("SELECT name, info FROM groups WHERE id = %s LIMIT 1", (id, )) group = dbconn.fetchone() group["permissions"] = [] group["users"] = [] dbconn.execute( "SELECT P.id FROM permission P INNER JOIN groups_has_permission GHP ON P.id = GHP.permission_id INNER JOIN groups G ON G.id = GHP.group_id WHERE G.id = %s", (id, )) for permission in dbconn.fetchall(): group["permissions"].append(permission["id"]) dbconn.execute( "SELECT P.id FROM people P INNER JOIN people_has_groups PHG ON P.id = PHG.people_id INNER JOIN groups G ON G.id = PHG.group_id WHERE G.id = %s", (id, )) for user in dbconn.fetchall(): group["users"].append(user["id"]) return jsonify(group), 200 elif request.method == "DELETE": if not lg.delete(id) == 0: return "ERR_LDAP_ERROR", 500 dbconn.execute("DELETE FROM groups WHERE id = %s", (id, )) if not dbconn.commit(): return "ERR_DATABASE_ERROR", 500 return "SUCCESS", 200
def fixFolder(id): if not es.isAuthorized("usermgmt"): return "ERR_ACCESS_DENIED", 403 dbconn = db.database() dir = directory.directory() dbconn.execute("SELECT username, unix_userid FROM people WHERE id = %s", (id, )) user = dbconn.fetchone() check = checkers.checkHomeFolder(user) if check == 1: if dir.create(user["username"], "users") < 0: return "ERR_CREATE_HOMEFOLDER", 500 if not dir.setMode(user["username"], "users", "511"): return "ERR_FOLDER_ERROR", 500 if check >= 1: if not dir.setOwner(user["username"], "users", user["unix_userid"]): return "ERR_FOLDER_ERROR", 500 try: removeError = requests.delete( url="http://localhost:25252/removeError/" + id + "/ERR_HOMEFOLDER_MISSING/1") except: return "ERR_CONNECTION_ERROR", 500 try: removeError = requests.delete( url="http://localhost:25252/removeError/" + id + "/ERR_HOMEFOLDER_PERMISSIONS/1") except: return "ERR_CONNECTION_ERROR", 500 return "SUCCESS", 200
def listShares(id, gid): if not es.isAuthorized(["usermgmt", "devimgmt"]): return "ERR_ACCESS_DENIED", 403 dbconn = db.database() if request.method == "POST": permissions = 1 if request.form.get("permissions"): permissions = int(request.form.get("permissions")) dbconn.execute( "INSERT INTO groups_has_shares (shares_id, group_id, permission) VALUES (%s, %s, %s)", (id, gid, permissions)) if not dbconn.commit(): return "ERR_DATABASE_ERROR", 500 if not samba.update(): return "ERR_UPDATE_SAMBA", 500 return "SUCCESS", 201 elif request.method == "PUT": dbconn.execute( "UPDATE groups_has_shares SET permission = %s WHERE shares_id = %s AND group_id = %s", (request.form.get("permission"), id, gid)) if not dbconn.commit(): return "ERR_DATABASE_ERROR", 500 if not samba.update(): return "ERR_UPDATE_SAMBA", 500 return "SUCCESS", 200 elif request.method == "DELETE": dbconn.execute( "DELETE FROM groups_has_shares WHERE shares_id = %s AND group_id = %s", (id, gid)) if not dbconn.commit(): return "ERR_DATABASE_ERROR", 500 if not samba.update(): return "ERR_UPDATE_SAMBA", 500 return "SUCCESS", 200
def device(id): if not es.isAuthorized("devimgmt"): return "ERR_ACCESS_DENIED", 403 dbconn = db.database() if request.method == "GET": dbconn.execute( "SELECT D.id, D.name, D.comment, D.devprofile_id AS devprofile, D.registered, D.networklock, D.lastknownIPv4 as ipv4, D.lastknownIPv6 as ipv6, D.requiresLogin, HW.address, HW.type as hardwareAddressType, D.people_id, D.room, D.teacher FROM device D INNER JOIN hardwareidentifier HW on HW.device_id = D.id WHERE D.id = %s", (id, )) device = dbconn.fetchone() device["logins"] = [] dbconn.execute( "SELECT info, timestamp, people_id, type, affected FROM localLoginLog WHERE device_id = %s", (id, )) for logEntry in dbconn.fetchall(): device["logins"].append(logEntry) return jsonify(device), 200 elif request.method == "PUT": dbconn.execute( "UPDATE device SET name = %s, comment = %s, devprofile_id = %s, networklock = %s, requiresLogin = %s, teacher = %s, room = %s WHERE id = %s", (request.form.get("name"), request.form.get("comment"), request.form.get("devprofile"), request.form.get("networklock"), request.form.get("requiresLogin"), request.form.get("teacher"), request.form.get("room"), request.form.get("id"))) if not dbconn.commit(): return "ERR_DATABASE_ERROR", 500 return "SUCCESS", 200 elif request.method == "DELETE": dbconn.execute("DELETE FROM device WHERE id = %s", (id, )) if not dbconn.commit(): return "ERR_DATABASE_ERROR", 500 return "SUCCESS", 200
def fixUser(id): if not es.isAuthorized("usermgmt"): return "ERR_ACCESS_DENIED", 403 dbconn = db.database() ldapUsers = ldap.users() dbconn.execute( "SELECT P.id, P.firstname, P.lastname, P.preferredname, P.username, P.smb_homedir, P.email, H.smb_hash, H.unix_hash, P.unix_userid FROM people P INNER JOIN userpassword H ON H.people_id = P.id WHERE P.id = %s", (id, )) user = dbconn.fetchone() check = checkers.checkLdapUserEntry(user) if check == False or isinstance(check, list): ldapResult = ldapUsers.update(id) if ldapResult == -1: return "ERR_LDAP_ERROR", 500 if ldapResult == -2: return "ERR_DATABASE_ERROR", 500 else: return "ERR_ALL_DONE", 200 try: removeError = requests.delete( url="http://localhost:25252/removeError/" + id + "/ERR_LDAP_ENTRY_MISSING/1") except: return "ERR_CONNECTION_ERROR", 500 try: removeError = requests.delete( url="http://localhost:25252/removeError/" + id + "/ERR_LDAP_ENTRY_INCOMPLETE/1") except: return "ERR_CONNECTION_ERROR", 500 return "SUCCESS", 200
def getHost(): if not es.isAuthorized("usermgmt"): return "ERR_ACCESS_DENIED", 403 host = os.environ.get("HOST_NETWORK_ADDRESS") if host == None: host = "" return host, 200
def profile(id): if not es.isAuthorized("devimgmt"): return "ERR_ACCESS_DENIED", 403 dbconn = db.database() if request.method == "GET": dbconn.execute("SELECT name, comment, networklockDefault FROM devprofile WHERE id = %s", (id,)) profile = dbconn.fetchone() profile["groups"] = [] profile["shares"] = [] dbconn.execute("SELECT group_id FROM devprofile_has_groups WHERE devprofile_id = %s", (id,)) for group in dbconn.fetchall(): profile["groups"].append(group["group_id"]) dbconn.execute("SELECT shares_id FROM devprofile_has_shares WHERE devprofile_id = %s", (id,)) for share in dbconn.fetchall(): profile["shares"].append(share["shares_id"]) return jsonify(profile), 200 elif request.method == "PUT": dbconn.execute("UPDATE devprofile SET name = %s, comment = %s, networklockDefault = %s WHERE id = %s", (request.form.get("name"), request.form.get("comment"), request.form.get("networklockDefault"), id)) if not dbconn.commit(): return "ERR_DATABASE_ERROR", 500 return "SUCCESS", 200 elif request.method == "DELETE": dbconn.execute("SELECT COUNT(*) AS count FROM device D INNER JOIN devprofile DP ON DP.id = D.devprofile_id WHERE DP.id = %s", (id,)) count = dbconn.fetchone()["count"] if not count == 0: return "ERR_PROFILE_IN_USE", 409 dbconn.execute("DELETE FROM devprofile WHERE id = %s", (id,)) if not dbconn.commit(): return "ERR_DATABASE_ERROR", 500 return "SUCCESS", 200
def userListExport(): if not es.isAuthorized("usermgmt"): return "ERR_ACCESS_DENIED", 403 data = StringIO() w = csv.writer(data, delimiter=';', quotechar='"', quoting=csv.QUOTE_MINIMAL) w.writerow(('lastname', 'firstname', 'short', 'username', 'groups')) dbconn = db.database() dbconn.execute( "SELECT id, lastname, firstname, short, username FROM people") for user in dbconn.fetchall(): groups = '' dbconn2 = db.database() dbconn2.execute( "select name from groups where id in(select group_id from people_has_groups where people_id='" + user['id'] + "');") first = True for g in dbconn2.fetchall(): if first: first = False else: groups = groups + ';' groups = groups + g["name"] w.writerow((user["lastname"], user["firstname"], user["short"], user["username"], groups)) response = make_response(data.getvalue()) response.headers[ "Content-Disposition"] = "attachment; filename=userList.csv" response.headers["Content-Type"] = "text/csv" return response
def runIntegrityCheck(): if not es.isAuthorized("usermgmt"): return "ERR_ACCESS_DENIED", 403 try: run = requests.put(url="http://localhost:25252/run") except: return "ERR_CONNECTION_ERROR", 500 return "SUCCESS", 200
def listDevices(): if not es.isAuthorized("devimgmt"): return "ERR_ACCESS_DENIED", 403 dbconn = db.database() dbconn.execute("SELECT name, comment, devprofile_id AS devprofile, people_id, networklock, screenlock, requiresLogin, id, room, teacher FROM device") devices = [] for device in dbconn.fetchall(): devices.append(device) return jsonify(devices), 200
def listPermissions(): if not es.isAuthorized("usermgmt"): return "ERR_ACCESS_DENIED", 403 dbconn = db.database() permissions = [] dbconn.execute("SELECT id, name, info FROM permission") for permission in dbconn.fetchall(): permissions.append(permission) return jsonify(permissions), 200
def listProfiles(): if not es.isAuthorized("devimgmt"): return "ERR_ACCESS_DENIED", 403 dbconn = db.database() dbconn.execute( "SELECT name, comment, networklockDefault, allowVNC, id FROM devprofile" ) profiles = [] for profile in dbconn.fetchall(): profiles.append(profile) return jsonify(profiles), 200
def listEmptyGroups(): if not es.isAuthorized("usermgmt"): return "ERR_ACCESS_DENIED", 403 dbconn = db.database() groups = [] dbconn.execute( "SELECT id FROM groups WHERE type = 3 AND id NOT IN (SELECT group_id AS id FROM people_has_groups)" ) for group in dbconn.fetchall(): groups.append(group["id"]) return jsonify(groups), 200
def getIntegrityResults(): if not es.isAuthorized("usermgmt"): return "ERR_ACCESS_DENIED", 403 try: response = requests.get(url="http://localhost:25252/results") except: return "ERR_CONNECTION_ERROR", 500 results = json.loads(response.text)["response"] if results == None: return "NO_RESULT_AVAILABLE", 200 return jsonify(results), 200
def manageGroupPermissions(id, gid): if not es.isAuthorized("usermgmt"): return "ERR_ACCESS_DENIED", 403 dbconn = db.database() if request.method == "POST": dbconn.execute("INSERT INTO groups_has_permission (group_id, permission_id) VALUES (%s, %s)", (gid, id)) if not dbconn.commit(): return "ERR_DATABASE_ERROR", 500 return "SUCCESS", 200 elif request.method == "DELETE": dbconn.execute("DELETE FROM groups_has_permission WHERE group_id = %s AND permission_id = %s", (gid, id)) if not dbconn.commit(): return "ERR_DATABASE_ERROR", 500 return "SUCCESS", 200
def profileShares(id, sid): if not es.isAuthorized("devimgmt"): return "ERR_ACCESS_DENIED", 403 dbconn = db.database() if request.method == "POST": dbconn.execute("INSERT INTO devprofile_has_shares (devprofile_id, shares_id) VALUES (%s, %s)", (id, sid)) if not dbconn.commit(): return "ERR_DATABASE_ERROR", 500 return "SUCCESS", 200 elif request.method == "DELETE": dbconn.execute("DELETE FROM devprofile_has_shares WHERE devprofile_id = %s AND shares_id = %s", (id, sid)) if not dbconn.commit(): return "ERR_DATABASE_ERROR", 500 return "SUCCESS", 200
def createGroup(): if not es.isAuthorized("usermgmt"): return "ERR_ACCESS_DENIED", 403 dbconn = db.database() lg = ldap.groups() failed = False if request.form.get("name") == "": return "ERR_INPUT_ERROR", 500 dbconn.execute("INSERT INTO groups (name, info, type) VALUES (%s, %s, %s)", (request.form.get("name"), request.form.get("info"), request.form.get("type"))) if not dbconn.commit(): return "ERR_DATABASE_ERROR", 500 id = dbconn.getId() if not lg.create(id) == 0: return "ERR_LDAP_ERROR", 500 if request.form.get("permissions"): permissions = [] for permission in json.loads(request.form.get("permissions")): permissions.append((id, permission)) dbconn.execute( "INSERT INTO groups_has_permission (group_id, permission_id) VALUES (%s, %s)", permissions) if not dbconn.commit(): return "ERR_DATABASE_ERROR", 500 usersToAdd = [] if request.form.get("fromgroup"): for group in request.form.get("source"): dbconn.execute( "SELECT P.id FROM people P INNER JOIN people_has_groups PHG ON P.id = PHG.people_id INNER JOIN groups G ON G.id = PHG.group_id WHERE G.id = %s", (group, )) for user in dbconn.fetchall(): if not user in usersToAdd: usersToAdd.append((id, user["id"])) if request.form.get("users"): for user in json.loads(request.form.get("users")): usersToAdd.append((id, user)) for element in usersToAdd: element = (id, element) dbconn.execute( "INSERT INTO people_has_groups (group_id, people_id) VALUES (%s, %s)", usersToAdd) if not dbconn.commit(): return "ERR_DATABASE_ERROR", 500 for (id, element) in usersToAdd: if not lg.addUser(element, id) == 0: failed = True if failed: return "ERR_LDAP_ERROR", 500 return str(id), 201
def listUsers(): if not es.isAuthorized("usermgmt"): return "ERR_ACCESS_DENIED", 403 dbconn = db.database() users = [] dbconn.execute("SELECT id, firstname, lastname, username, email, DATE_FORMAT(birthdate, '%Y-%m-%d') AS birthdate, persistant FROM people") for user in dbconn.fetchall(): ids = [] dbconn.execute("SELECT G.id AS id FROM groups G INNER JOIN people_has_groups PHG ON PHG.group_id = G.id INNER JOIN people P ON P.id = PHG.people_id WHERE P.id = %s", (user["id"],)) for group in dbconn.fetchall(): ids.append(group["id"]) user["groups"] = ids users.append(user) return jsonify(users), 200
def listShares(): if not es.isAuthorized(["usermgmt", "devimgmt"]): return "ERR_ACCESS_DENIED", 403 dbconn = db.database() dbconn.execute("SELECT name, path, id FROM shares") shares = [] for share in dbconn.fetchall(): groups = [] dbconn.execute( "SELECT G.id, G.name, GHS.permission FROM groups G INNER JOIN groups_has_shares GHS ON GHS.group_id = G.id WHERE GHS.shares_id = %s", (share["id"], )) for group in dbconn.fetchall(): groups.append(group) share["groups"] = groups shares.append(share) return jsonify(shares), 200
def listGroups(): if not es.isAuthorized("usermgmt"): return "ERR_ACCESS_DENIED", 403 dbconn = db.database() groups = [] dbconn.execute("SELECT id, name, info, type FROM groups") for group in dbconn.fetchall(): permissions = [] dbconn.execute( "SELECT P.name, P.id, P.info FROM permission P INNER JOIN groups_has_permission GHP ON P.id = GHP.permission_id INNER JOIN groups G ON G.id = GHP.group_id WHERE G.id = %s", (group["id"], )) for permission in dbconn.fetchall(): permissions.append(permission) group["permissions"] = permissions groups.append(group) return jsonify(groups), 200
def servermanager(): if not es.isAuthorized("servmgmt"): return "ERR_ACCESS_DENIED", 403 data = {} if request.form.get("data"): data = json.loads(request.form.get("data")) with open(config.CONFIG_APIKEY_PATH) as f: data["apikey"] = f.read()[:-1] try: r = requests.post(url="http://192.168.255.255:49100" + request.form.get("url"), data=data) except: return "ERR_CONNECTION_ERROR", 500 else: return r.text, 200
def ipfire(): if not es.isAuthorized("servmgmt"): return "ERR_ACCESS_DENIED", 403 config = cf.configfile() if request.method == "GET": data = { "url": config.get("ipfire", "url"), "port": config.get("ipfire", "port"), "password": config.get("ipfire", "password"), } return jsonify(data), 200 elif request.method == "PUT": config.set("ipfire", "url", request.form.get("url")) config.set("ipfire", "port", request.form.get("port")) config.set("ipfire", "password", request.form.get("password")) return "SUCCESS", 200
def deviceUser(id, uid): if not es.isAuthorized("devimgmt"): return "ERR_ACCESS_DENIED", 403 dbconn = db.database() if request.method == "POST": dbconn.execute("UPDATE device SET people_id = %s WHERE id = %s", (uid, id)) if not dbconn.commit(): return "ERR_DATABASE_ERROR", 500 return "SUCCESS", 200 elif request.method == "DELETE": dbconn.execute("UPDATE device SET people_id = NULL WHERE id = %s", (id)) if not dbconn.commit(): return "ERR_DATABASE_ERROR", 500 return "SUCCESS", 200
def getIntegrityStatus(): if not es.isAuthorized("usermgmt"): return "ERR_ACCESS_DENIED", 403 try: status = requests.get(url="http://localhost:25252/status") except: return "ERR_CONNECTION_ERROR", 500 try: lastRun = requests.get(url="http://localhost:25252/lastRun") except: return "ERR_CONNECTION_ERROR", 500 response = { "status": json.loads(status.text)["response"], "lastRun": json.loads(lastRun.text)["response"], } return jsonify(response), 200
def fixGroup(id): if not es.isAuthorized("usermgmt"): return "ERR_ACCESS_DENIED", 403 dbconn = db.database() ldapGroups = ldap.groups() dbconn.execute("SELECT name FROM groups WHERE id = %s", (id, )) name = dbconn.fetchone()["name"] check = checkers.checkLdapGroupEntry({"name": name}) if not check and request.form.get("missing"): ldapResult = ldapGroups.create(int(id)) if ldapResult == -1: return "ERR_LDAP_ERROR", 500 if ldapResult == -2: return "ERR_DATABASE_ERROR", 500 dbconn.execute( "SELECT P.id FROM people P INNER JOIN people_has_groups PHG ON PHG.people_id = P.ID INNER JOIN groups G ON G.id = PHG.group_id WHERE G.id = %s", (id, )) addFailed = False for user in dbconn.fetchall(): memberResult = ldapGroups.addUser(user["id"], id) if memberResult < 0: addFailed = True if addFailed: return "ERR_LDAP_ERROR", 500 else: return "ERR_ALL_DONE", 200 try: removeError = requests.delete( url="http://localhost:25252/removeError/" + id + "/ERR_LDAP_ENTRY_MISSING/0") except: return "ERR_CONNECTION_ERROR", 500 try: removeError = requests.delete( url="http://localhost:25252/removeError/" + id + "/ERR_LDAP_ENTRY_INCOMPLETE/0") except: return "ERR_CONNECTION_ERROR", 500 return "SUCCESS", 200
def createProfile(): if not es.isAuthorized("devimgmt"): return "ERR_ACCESS_DENIED", 403 dbconn = db.database() dbconn.execute("INSERT INTO devprofile (name, comment, networklockDefault) VALUES (%s, %s, %s)", (request.form.get("name"), request.form.get("comment"), request.form.get("networklockDefault"))) if not dbconn.commit(): return "ERR_DATABASE_ERROR", 500 id = dbconn.getId() failed = False if request.form.get("groups"): for group in json.loads(request.form.get("groups")): dbconn.execute("INSERT INTO devprofile_has_groups (devprofile_id, group_id) VALUES (%s, %s)", (id, group)) if not dbconn.commit(): failed = True if request.form.get("shares"): for share in json.loads(request.form.get("shares")): dbconn.execute("INSERT INTO devprofile_has_shares (devprofile_id, shares_id) VALUES (%s, %s)", (id, share)) if not dbconn.commit(): failed = True if failed: return "ERR_DATABASE_ERROR", 500 return str(id), 201
def groupOperation(id, uid): if not es.isAuthorized("usermgmt"): return "ERR_ACCESS_DENIED", 403 dbconn = db.database() lg = ldap.groups() if request.method == "POST": dbconn.execute( "INSERT INTO people_has_groups (people_id, group_id) VALUES (%s, %s)", (uid, id)) if not dbconn.commit(): return "ERR_DATABASE_ERROR", 500 if not lg.addUser(uid, id) == 0: return "ERR_LDAP_ERROR", 500 return "SUCCESS", 201 elif request.method == "DELETE": dbconn.execute( "DELETE FROM people_has_groups WHERE people_id = %s AND group_id = %s", (uid, id)) if not dbconn.commit(): return "ERR_DATABASE_ERROR", 500 if not lg.deleteUser(uid, id) == 0: return "ERR_LDAP_ERROR", 500 return "SUCCESS", 200
def fixGroupMembership(id): if not es.isAuthorized("usermgmt"): return "ERR_ACCESS_DENIED", 403 dbconn = db.database() ldapGroups = ldap.groups() dbconn.execute("SELECT username FROM people WHERE id = %s", (id, )) username = dbconn.fetchone()["username"] for target in json.loads(request.form.get("targets")): dbconn.execute("SELECT id FROM groups WHERE name = %s", (target, )) gid = dbconn.fetchone()["id"] if not checkers.checkLdapGroupMembership(username, gid): memberResult = ldapGroups.addUser(id, gid) if memberResult == -1: return "ERR_LDAP_ERROR", 500 if memberResult == -2: return "ERR_DATABASE_ERROR", 500 try: removeError = requests.delete( url="http://localhost:25252/removeError/" + id + "/ERR_LDAP_GROUP_MEMBERSHIP/1") except: return "ERR_CONNECTION_ERROR", 500 return "SUCCESS", 200
def newPassword(id): if not es.isAuthorized("usermgmt"): return "ERR_ACCESS_DENIED", 403 dbconn = db.database() lu = ldap.users() dbconn.execute( "SELECT unix_hash FROM userpassword UP INNER JOIN people P ON UP.people_id = P.id WHERE P.id = %s", (id, )) result = dbconn.fetchone() if not passlib.hash.ldap_salted_sha1.verify(request.form.get("old"), result["unix_hash"]): return "ERR_AUTH_PASSWORD", 500 if not request.form.get("new1") == request.form.get("new2"): return "ERR_PASSWORDS_DIFFERENT", 500 dbconn.execute( "UPDATE userpassword SET unix_hash = %s, smb_hash = %s, hint = %s, autogen = 0, cleartext = NULL WHERE people_id = %s", (hash.unix(request.form.get("new1")), hash.samba(request.form.get("new1")), request.form.get("pwhint"), id)) if not dbconn.commit(): return "ERR_DATABASE_ERROR", 500 if not lu.update(id) == 0: return "ERR_LDAP_ERROR", 500 return "SUCCESS", 200
def userCount(): if not es.isAuthorized("usermgmt"): return "ERR_ACCESS_DENIED", 403 dbconn = db.database() dbconn.execute("SELECT COUNT(*) AS c FROM groups") return jsonify({"count": dbconn.fetchone()["c"]}), 200