def apply_quassel_changes(daan, changes):
if not changes:
return
if settings.QUASSEL_CONFIGDIR is None:
logging.warning('no QUASSEL_CONFIGDIR available, skipping')
return
db_path = os.path.join(
settings.QUASSEL_CONFIGDIR,
'quassel-storage.sqlite')
conn = sqlite3.connect(db_path)
c = conn.cursor()
for user in changes['remove']:
logging.info('quassel: removing %s', user)
c.execute("SELECT userid FROM quasseluser WHERE username=?", (user,))
userid, = c.fetchone()
c.execute("DELETE FROM quasseluser WHERE username=?", (user,))
c.execute("DELETE FROM identity WHERE userid=?", (userid,))
c.execute("DELETE FROM ircserver WHERE userid=?", (userid,))
c.execute("DELETE FROM user_setting WHERE userid=?", (userid,))
c.execute("DELETE FROM buffer WHERE userid=?", (userid,))
c.execute("DELETE FROM network WHERE userid=?", (userid,))
for user in changes['add']:
logging.info('quassel: adding %s', user)
hashed_pw = hashlib.sha1(pseudo_randstr()).hexdigest()
c.execute("INSERT INTO quasseluser(username, password) VALUES (?, ?)",
(user, hashed_pw))
conn.commit()
def unix_setpass(cilia, user, password):
kn_gid = grp.getgrnam('kn').gr_gid
pwent = pwd.getpwnam(user)
if pwent.pw_gid != kn_gid:
return {'error': "Permission denied. Gid is not kn"}
crypthash = crypt.crypt(password, pseudo_randstr(2))
subprocess.call(['usermod', '-p', crypthash, user])
return {'success': True}
def set_password(self, pwd, save=True):
salt = pseudo_randstr()
alg = 'sha1'
self._data['password'] = {
'algorithm': alg,
'salt': salt,
'hash': get_hexdigest(alg, salt, pwd)}
if save:
self.save()
def set_password(self, pwd, save=True):
salt = pseudo_randstr()
alg = 'sha1'
self._data['password'] = {
'algorithm': alg,
'salt': salt,
'hash': get_hexdigest(alg, salt, pwd)
}
if save:
self.save()
def forum_setpass(daan, user, password):
creds = settings.FORUM_MYSQL_SECRET
dc = MySQLdb.connect(creds[0], user=creds[1], passwd=creds[2], db=creds[3])
c = dc.cursor()
salt = pseudo_randstr()
h = hashlib.sha1(password).hexdigest()
h = hashlib.sha1(salt + h).hexdigest()
c.execute("UPDATE users SET password=%s, salt=%s WHERE username=%s;",
(h, salt, user))
c.execute("COMMIT;")
c.close()
dc.close()
def forum_setpass(daan, user, password):
creds = settings.FORUM_MYSQL_SECRET
dc = MySQLdb.connect(creds[0], user=creds[1], passwd=creds[2], db=creds[3])
c = dc.cursor()
salt = pseudo_randstr()
h = hashlib.sha1(password).hexdigest()
h = hashlib.sha1(salt + h).hexdigest()
c.execute("UPDATE users SET password=%s, salt=%s WHERE username=%s;",
(h, salt, user))
c.execute("COMMIT;")
c.close()
dc.close()
def user_reset_password(request, _id):
if not "secretariaat" in request.user.cached_groups_names:
raise PermissionDenied
u = Es.by_id(_id).as_user()
if not u.is_active:
raise ValueError, _("Gebruiker is niet geactiveerd")
pwd = pseudo_randstr()
u.set_password(pwd)
giedo.change_password(str(u.name), pwd, pwd)
render_then_email("leden/reset-password.mail.txt", u, {"user": u, "password": pwd})
messages.info(request, _("Wachtwoord gereset!"))
return redirect_to_referer(request)
def user_reset_password(request, _id):
if not 'secretariaat' in request.user.cached_groups_names:
raise PermissionDenied
u = Es.by_id(_id).as_user()
pwd = pseudo_randstr()
u.set_password(pwd)
giedo.change_password(str(u.name), pwd, pwd)
render_then_email("leden/reset-password.mail.txt",
u.canonical_full_email, {
'user': u,
'password': pwd})
request.user.push_message("Wachtwoord gereset!")
return redirect_to_referer(request)
def user_reset_password(request, _id):
if not 'secretariaat' in request.user.cached_groups_names:
raise PermissionDenied
u = Es.by_id(_id).as_user()
pwd = pseudo_randstr()
u.set_password(pwd)
giedo.change_password(str(u.name), pwd, pwd)
render_then_email("leden/reset-password.mail.txt",
u.canonical_full_email, {
'user': u,
'password': pwd})
request.user.push_message("Wachtwoord gereset!")
return redirect_to_referer(request)
def _sync_villanet(self):
ret = self.villanet_request({'action': 'listUsers'})
if not ret[0]:
return
ret = json.loads(ret[1])
users = dict()
ulut = dict()
for u in Es.users():
ulut[u._id] = str(u.name)
member_relations_grouped = dict()
for rel in Es.query_relations(_with=Es.by_name('leden'), until=now()):
if rel['who'] not in member_relations_grouped:
member_relations_grouped[rel['who']] = []
member_relations_grouped[rel['who']].append(rel)
for user_id, relations in member_relations_grouped.items():
latest = max(relations, key=lambda x: x['until'])
users[ulut[user_id]] = latest['until'].strftime('%Y-%m-%d')
vn = set(ret.keys())
kn = set(users.keys())
dt_max = settings.DT_MAX.strftime('%Y-%m-%d')
for name in kn - vn:
data = {
'username': name,
'password': self.villanet_encrypt_password(pseudo_randstr(16)),
}
if users[name] != dt_max:
data['till'] = users[name]
pc = Es.PushChange({
'system': 'villanet',
'action': 'addUser',
'data': data
})
pc.save()
for name in vn - kn:
logging.info("Stray user %s" % name)
for name in vn & kn:
remote = (ret[name]['till'][:10]
if ret[name]['till'] is not None else '')
local = users[name] if users[name] != dt_max else ''
if remote != local:
pc = Es.PushChange({
'system': 'villanet',
'action': 'changeUser',
'data': {
'username': name,
'till': local
}
})
pc.save()
self.push_changes_event.set()
def forum_setpass(daan, user, password):
creds = settings.FORUM_MYSQL_SECRET
if not creds:
logging.warning('forum: no credentials available, skipping')
return None
dc = MySQLdb.connect(creds[0], user=creds[1], passwd=creds[2], db=creds[3])
c = dc.cursor()
salt = pseudo_randstr()
h = hashlib.sha1(password).hexdigest()
h = hashlib.sha1(salt + h).hexdigest()
c.execute("UPDATE users SET password=%s, salt=%s WHERE username=%s;",
(h, salt, user))
c.execute("COMMIT;")
c.close()
dc.close()
def apply_quassel_changes(daan, changes):
if not changes:
return
db_path = os.path.join(settings.QUASSEL_CONFIGDIR, 'quassel-storage.sqlite')
conn = sqlite3.connect(db_path)
c = conn.cursor()
for user in changes['remove']:
logging.info('quassel: removing %s', user)
c.execute("DELETE FROM quasseluser WHERE username=?", (user,))
for user in changes['add']:
logging.info('quassel: adding %s', user)
hashed_pw = hashlib.sha1(pseudo_randstr()).hexdigest()
c.execute("INSERT INTO quasseluser(username, password) VALUES (?, ?)",
(user, hashed_pw))
conn.commit()
def user_reset_password(request, _id):
if 'secretariaat' not in request.user.cached_groups_names:
raise PermissionDenied
u = Es.by_id(_id).as_user()
if not u.is_active:
raise ValueError(_("Gebruiker is niet geactiveerd"))
pwd = pseudo_randstr()
u.set_password(pwd)
giedo.change_password(str(u.name), pwd, pwd)
render_then_email("leden/reset-password.mail.html", u, {
'user': u,
'password': pwd
})
messages.info(request, _("Wachtwoord gereset!"))
return redirect_to_referer(request)
def _sync_villanet(self):
if not settings.VILLANET_SECRET_API_KEY:
logging.warn("VILLANET_SECRET_API_KEY not set")
return
ret = self.villanet_request({'action': 'listUsers'})
if not ret[0]:
return
ret = json.loads(ret[1])
users = dict()
ulut = dict()
for u in Es.users():
ulut[u._id] = str(u.name)
member_relations_grouped = dict()
for rel in Es.query_relations(_with=Es.by_name('leden'), until=now()):
if rel['who'] not in member_relations_grouped:
member_relations_grouped[rel['who']] = []
member_relations_grouped[rel['who']].append(rel)
for user_id, relations in member_relations_grouped.items():
latest = max(relations, key=lambda x: x['until'])
users[ulut[user_id]] = latest['until'].strftime('%Y-%m-%d')
vn = set(ret.keys())
kn = set(users.keys())
dt_max = settings.DT_MAX.strftime('%Y-%m-%d')
for name in kn - vn:
data = {
'username': name,
'password': self.villanet_encrypt_password(
pseudo_randstr(16)),
}
if users[name] != dt_max:
data['till'] = users[name]
pc = Es.PushChange({'system': 'villanet', 'action': 'addUser',
'data': data})
pc.save()
for name in vn - kn:
logging.info("Stray user %s" % name)
for name in vn & kn:
remote = (ret[name]['till'][:10] if ret[name]['till'] is not None
else '')
local = users[name] if users[name] != dt_max else ''
if remote != local:
pc = Es.PushChange({'system': 'villanet',
'action': 'changeUser', 'data': {
'username': name,
'till': local
}})
pc.save()
self.push_changes_event.set()
def set_samba_map(cilia, _map):
l = logging.getLogger(__name__)
smbusers = pdbedit_list()
smbusers_surplus = set(smbusers)
added_users = False
# Determine which are missing
for user in _map['users']:
# This filters accents
fn = ''.join(x for x in _map['users'][user]['full_name']
if x in string.printable)
if user not in smbusers:
l.info("Added %s", user)
bogus_password = pseudo_randstr(16)
ph = subprocess.Popen(
['pdbedit', '-a', '-t', '-u', user, '-f', fn],
stdin=subprocess.PIPE,
stdout=subprocess.PIPE,
stderr=subprocess.STDOUT,
close_fds=True
)
cmd_input = "%s\n%s\n" % (bogus_password, bogus_password)
ph.communicate(cmd_input.encode())
added_users = True
continue
smbusers_surplus.remove(user)
if fn != smbusers[user]['realname']:
subprocess.call(['pdbedit', '-u', user, '-f', fn])
l.info("Updated %s' realname", user)
if added_users:
smbusers = pdbedit_list()
for user in _map['users']:
if (user in _map['groups']['leden']
and smbusers[user]['flag_disabled']):
subprocess.call(['smbpasswd', '-e', user])
l.info("Enabled %s", user)
if (user not in _map['groups']['leden']
and not smbusers[user]['flag_disabled']):
subprocess.call(['smbpasswd', '-d', user])
l.info("Disabled %s", user)
for user in smbusers_surplus:
l.info("Removing stray user %s", user)
subprocess.call(['pdbedit', '-x', '-u', user])
def user_reset_password(request, _id):
if not 'secretariaat' in request.user.cached_groups_names:
raise PermissionDenied
u = Es.by_id(_id).as_user()
pwd = pseudo_randstr()
u.set_password(pwd)
giedo.change_password(str(u.name), pwd, pwd)
email = EmailMessage(
"[KN] Nieuw wachtwoord",
("Beste %s,\n\n"+
"Jouw wachtwoord is gereset. Je kunt inloggen met:\n"+
" gebruikersnaam %s\n"+
" wachtwoord %s\n\n"+
"Met een vriendelijke groet,\n\n"+
" Het Karpe Noktem Smoelenboek") % (
u.first_name, str(u.name), pwd),
'Karpe Noktem\'s ledenadministratie <*****@*****.**>',
[u.canonical_email])
email.send()
request.user.push_message("Wachtwoord gereset!")
return redirect_to_referer(request)
def set_samba_map(cilia, _map):
l = logging.getLogger(__name__)
smbusers = pdbedit_list()
smbusers_surplus = set(smbusers)
added_users = False
# Determine which are missing
for user in _map['users']:
# This filters accents
fn = filter(lambda x: x in string.printable,
_map['users'][user]['full_name'])
if user not in smbusers:
l.info("Added %s", user)
bogus_password = pseudo_randstr(16)
ph = subprocess.Popen(
['pdbedit', '-a', '-t', '-u', user, '-f', fn],
stdin=subprocess.PIPE,
stdout=subprocess.PIPE,
stderr=subprocess.STDOUT,
close_fds=True)
ph.communicate("%s\n%s\n" % (bogus_password, bogus_password))
added_users = True
continue
smbusers_surplus.remove(user)
if fn != smbusers[user]['realname']:
subprocess.call(['pdbedit', '-u', user, '-f', fn])
l.info("Updated %s' realname", user)
if added_users:
smbusers = pdbedit_list()
for user in _map['users']:
if (user in _map['groups']['leden']
and smbusers[user]['flag_disabled']):
subprocess.call(['smbpasswd', '-e', user])
l.info("Enabled %s", user)
if (user not in _map['groups']['leden']
and not smbusers[user]['flag_disabled']):
subprocess.call(['smbpasswd', '-d', user])
l.info("Disabled %s", user)
for user in smbusers_surplus:
l.info("Removing stray user %s", user)
subprocess.call(['pdbedit', '-x', '-u', user])
def secr_add_user(request):
if "secretariaat" not in request.user.cached_groups_names:
raise PermissionDenied
if request.method == "POST":
form = AddUserForm(request.POST)
if form.is_valid():
fd = form.cleaned_data
# First, create the entity.
u = Es.User(
{
"types": ["user"],
"names": [fd["username"]],
"humanNames": [{"human": fd["first_name"] + " " + fd["last_name"]}],
"person": {
"titles": [],
"nick": fd["first_name"],
"given": None,
"family": fd["last_name"],
"gender": fd["gender"],
"dateOfBirth": date_to_dt(fd["dateOfBirth"]),
},
"emailAddresses": [{"email": fd["email"], "from": DT_MIN, "until": DT_MAX}],
"addresses": [
{
"street": fd["addr_street"],
"number": fd["addr_number"],
"zip": fd["addr_zip"],
"city": fd["addr_city"],
"from": DT_MIN,
"until": DT_MAX,
}
],
"telephones": [{"number": fd["telephone"], "from": DT_MIN, "until": DT_MAX}],
"studies": [
{
"institute": _id(fd["study_inst"]),
"study": _id(fd["study"]),
"from": DT_MIN,
"until": DT_MAX,
"number": fd["study_number"],
}
],
"is_active": True,
"password": None,
}
)
logging.info("Added user %s" % fd["username"])
u.save()
# Then, add the relations.
groups = ["leden"]
groups.append({"m": "mannen", "v": "vrouwen"}.get(fd["gender"]))
if fd["incasso"]:
groups.append("incasso")
else:
groups.append("geen-incasso")
for group in groups:
Es.add_relation(u, Es.id_by_name(group, use_cache=True), _from=date_to_dt(fd["dateJoined"]))
for l in fd["addToList"]:
Es.add_relation(u, Es.id_by_name(l, use_cache=True), _from=now())
# Let giedo synch. to create the e-mail adresses, unix user, etc.
# TODO use giedo.async() and let giedo send the welcome e-mail
giedo.sync()
# Create a new password and send it via e-mail
pwd = pseudo_randstr()
u.set_password(pwd)
giedo.change_password(str(u.name), pwd, pwd)
render_then_email("leden/set-password.mail.txt", u, {"user": u, "password": pwd})
# Send the welcome e-mail
render_then_email("leden/welcome.mail.txt", u, {"u": u})
Es.notify_informacie("adduser", request.user, entity=u._id)
return HttpResponseRedirect(reverse("user-by-name", args=(fd["username"],)))
else:
form = AddUserForm()
return render_to_response("leden/secr_add_user.html", {"form": form}, context_instance=RequestContext(request))
def unix_setpass(cilia, user, password):
# XXX Prevent changing root's password. Allow only users with group kn?
crypthash = crypt.crypt(password, pseudo_randstr(2))
subprocess.call(['usermod', '-p', crypthash, user])
def secr_add_user(request):
if 'secretariaat' not in request.user.cached_groups_names:
raise PermissionDenied
if request.method == 'POST':
form = AddUserForm(request.POST)
if form.is_valid():
fd = form.cleaned_data
# First, create the entity.
u = Es.User({
'types': ['user'],
'names': [fd['username']],
'humanNames': [{
'human':
fd['first_name'] + ' ' + fd['last_name']
}],
'person': {
'titles': [],
'nick': fd['first_name'],
'given': None,
'family': fd['last_name'],
'dateOfBirth': date_to_dt(fd['dateOfBirth'])
},
'email':
fd['email'],
'address': {
'street': fd['addr_street'],
'number': fd['addr_number'],
'zip': fd['addr_zip'],
'city': fd['addr_city']
},
'telephone':
fd['telephone'],
'studies': [{
'institute': _id(fd['study_inst']),
'study': _id(fd['study']),
'from': DT_MIN,
'until': DT_MAX,
'number': fd['study_number']
}],
'is_active':
True,
'password':
None
})
logging.info("Added user %s" % fd['username'])
u.save()
# Then, add the relations.
groups = ['leden']
if fd['incasso']:
groups.append('incasso')
else:
groups.append('geen-incasso')
for group in groups:
Es.add_relation(u,
Es.id_by_name(group, use_cache=True),
_from=date_to_dt(fd['dateJoined']))
for l in fd['addToList']:
Es.add_relation(u,
Es.id_by_name(l, use_cache=True),
_from=now())
# Let giedo synch. to create the e-mail adresses, unix user, etc.
# TODO use giedo.async() and let giedo send the welcome e-mail
giedo.sync()
# Create a new password and send it via e-mail
pwd = pseudo_randstr()
u.set_password(pwd)
giedo.change_password(str(u.name), pwd, pwd)
render_then_email("leden/set-password.mail.html", u, {
'user': u,
'password': pwd
})
# Send the welcome e-mail
render_then_email("leden/welcome.mail.html", u, {'u': u})
Es.notify_informacie('adduser', request.user, entity=u._id)
return HttpResponseRedirect(
reverse('user-by-name', args=(fd['username'], )))
else:
form = AddUserForm()
return render(request, 'leden/secr_add_user.html', {'form': form})
def secr_add_user(request):
if 'secretariaat' not in request.user.cached_groups_names:
raise PermissionDenied
if request.method == 'POST':
form = AddUserForm(request.POST)
if form.is_valid():
fd = form.cleaned_data
# First, create the entity.
u = Es.User({
'types': ['user'],
'names': [fd['username']],
'humanNames': [{'human': fd['first_name'] + ' ' +
fd['last_name']}],
'person': {
'titles': [],
'nick': fd['first_name'],
'given': None,
'family': fd['last_name'],
'dateOfBirth': date_to_dt(
fd['dateOfBirth'])
},
'emailAddresses': [
{'email': fd['email'],
'from': DT_MIN,
'until': DT_MAX}],
'addresses': [
{'street': fd['addr_street'],
'number': fd['addr_number'],
'zip': fd['addr_zip'],
'city': fd['addr_city'],
'from': DT_MIN,
'until': DT_MAX}],
'telephones': [
{'number': fd['telephone'],
'from': DT_MIN,
'until': DT_MAX}],
'studies': [
{'institute': _id(fd['study_inst']),
'study': _id(fd['study']),
'from': DT_MIN,
'until': DT_MAX,
'number': fd['study_number']}],
'is_active': True,
'password': None
})
logging.info("Added user %s" % fd['username'])
u.save()
# Then, add the relations.
groups = ['leden']
if fd['incasso']:
groups.append('incasso')
else:
groups.append('geen-incasso')
for group in groups:
Es.add_relation(u, Es.id_by_name(group,
use_cache=True),
_from=date_to_dt(fd['dateJoined']))
for l in fd['addToList']:
Es.add_relation(u, Es.id_by_name(l, use_cache=True),
_from=now())
# Let giedo synch. to create the e-mail adresses, unix user, etc.
# TODO use giedo.async() and let giedo send the welcome e-mail
giedo.sync()
# Create a new password and send it via e-mail
pwd = pseudo_randstr()
u.set_password(pwd)
giedo.change_password(str(u.name), pwd, pwd)
render_then_email("leden/set-password.mail.txt", u, {
'user': u,
'password': pwd})
# Send the welcome e-mail
render_then_email("leden/welcome.mail.txt", u, {
'u': u})
Es.notify_informacie('adduser', request.user, entity=u._id)
return HttpResponseRedirect(reverse('user-by-name',
args=(fd['username'],)))
else:
form = AddUserForm()
return render_to_response('leden/secr_add_user.html',
{'form': form},
context_instance=RequestContext(request))
