def update_user_permissions(verbose=False): from skolesys.lib.conf import conf import skolesys.lib.usermanager as userman um = userman.UserManager() userinfo = um.list_users(None) homes_root = "%s/%s/users" % (conf.get('DOMAIN','domain_root'),conf.get('DOMAIN','domain_name')) for uid,info in userinfo.items(): if verbose: print 'Fixing user permissions for "%s"...' % uid gid = int(info['gidNumber']) home = "%s/%s" % (homes_root,uid) if not os.path.exists(home): execute('mkdir %s' % home) execute('chown %s.%d %s' % (uid,gid,home)) documents = "%s/documents" % home if not os.path.exists(documents): execute('mkdir %s' % documents) execute('chown %s.%d %s' % (uid,gid,documents)) cmd_fix_owner = 'chown %s.%s %s/* -RP' % (uid,gid,documents) cmd_fix_perm = 'chmod u-x,u+Xrw,g-rwx,o-rwx %s/* -R' % documents execute(cmd_fix_owner) execute(cmd_fix_perm) make_root_block(documents)
def write_configuration(self,access_type,auth_type=None,auth_name=None,servername=None): # Clean up configurations self.remove_configuration() # Write new configuration auth_str = '' if access_type == None: access_type = 'both' if auth_type != None and auth_type.lower()=='group': if auth_name == None: auth_name = 'Password restriction to %s' % self.groupname auth_str = auth_pam_group auth_str = auth_str.replace('<auth_name>',auth_name) auth_str = auth_str.replace('<groupname>',self.groupname) if servername==None: d = directory d = d.replace('<domain_name>',conf.get('DOMAIN','domain_name')) d = d.replace('<groupname>',self.groupname) d = d.replace('<auth>',auth_str) f = open('/etc/skolesys/www/directories/%s/%s' % (access_type,self.groupname) , 'w') f.write(d) f.close() else: d = directory d = d.replace('<domain_name>',conf.get('DOMAIN','domain_name')) d = d.replace('<groupname>',self.groupname) d = d.replace('<auth>',auth_str) f = open('/etc/skolesys/www/directories/%s/%s' % (access_type,self.groupname) , 'w') f.write(d) f.close() self.setup_resource_location()
def setup_resource_location(self): print "bla" if not os.path.exists('%s/data' % self.resloc): os.system('mkdir %s/data' % self.resloc) os.system('chgrp %s %s/data -Rf' % (self.groupname,self.resloc)) os.system('chmod g+rwt %s/data -Rf' % self.resloc) home_path = "%s/%s/groups/%s" % (conf.get('DOMAIN','domain_root'),conf.get('DOMAIN','domain_name'),self.groupname) if not os.path.exists('%s/www' % home_path): os.system('ln -sf %s/data %s/www' % (self.resloc,home_path))
def basedn_by_usertype(usertype=None): confkey = ou_confkey_by_usertype(usertype) if not confkey: return None from skolesys.lib.conf import conf try: basedn = conf.get("LDAPSERVER", "basedn") user_ou = conf.get("LDAPSERVER", "logins_ou") usertype_ou = conf.get("LDAPSERVER", confkey) except: return None return "%s,%s,%s" % (usertype_ou, user_ou, basedn)
def basedn_by_grouptype(grouptype=None): confkey = ou_confkey_by_grouptype(grouptype) if not confkey: return None from skolesys.lib.conf import conf try: basedn = conf.get("LDAPSERVER", "basedn") group_ou = conf.get("LDAPSERVER", "groups_ou") grouptype_ou = conf.get("LDAPSERVER", confkey) except: return None return "%s,%s,%s" % (grouptype_ou, group_ou, basedn)
def mk_user_ss_remote(username): publish_dir = '/skolesys/www/ss-remote/userclients/%s/win32' % username if not os.path.exists(publish_dir): os.makedirs(publish_dir) try: linux_home_path = pwd.getpwnam(username)[5] except: print 'User "%s" does not exist or has no homedir' % username sys.exit(1) domain_name = conf.get('DOMAIN','domain_name') host = "%s.skolesys.dk" % domain_name.split('.')[0] remote_host = conf.get('TERMINAL_SERVICE','freenx') f=open('%s/hostinfo.conf' % publish_dir,'w') f.write("""[HOSTINFO] host = %s remote_host = %s remote_port = 22 local_port = 10000 """ % (host,remote_host)) f.close() if os.path.exists('/skolesys/www/ss-remote/win32/ss-remote.exe'): if not os.path.exists('%s/.ssh/id_dsa'%linux_home_path): print 'User "%s" has no keyfile "%s/.ssh/id_dsa"' % (username,linux_home_path) sys.exit(1) os.system('cp /skolesys/www/ss-remote/win32/ss-remote.exe %s/' % publish_dir) zf = zipfile.ZipFile('%s/ss-remote.exe' % publish_dir ,'a') zf.write('%s/hostinfo.conf' % publish_dir,'dist/hostinfo.conf') zf.write('%s/.ssh/id_dsa'%linux_home_path,'dist/id_dsa') zf.close() w,r = os.popen2('zip -z %s/ss-remote.exe' % publish_dir) w.write(""";The comment below contains SFX script commands Setup=start.vbs TempMode Overwrite=1 """) w.close() r.close() os.system('chown www-data.www-data %s -R' % publish_dir)
def tr(domain,msg,lang=None): """ tr is the base translation function that can fetch the translation from any domain on any language. It is a simple lazy implementaion that stores the translation objects per domain/lang as they are used. This makes the tr function ideal in persistent applications, so the language files do not need to be parsed again and again. """ global translators if lang==None: # If language isn't passed to the function lang = 'en' # safe fallback if os.getuid()==0: # if root then use lang defined in skolesys.conf from skolesys.lib.conf import conf lang = conf.get('OPTIONS','default_lang') elif os.environ.has_key('LANG'): # Else use the environment lang = os.environ['LANG'] print lang if not translators.has_key((domain,lang)): try: translators[(domain,lang)] = gettext.translation(domain, languages=[lang]) except IOError,e: return msg+"*"
def update_group_permissions(verbose=False): from skolesys.lib.conf import conf import skolesys.lib.groupmanager as groupman gm = groupman.GroupManager() groupinfo = gm.list_groups('service') groups_root = "%s/%s/groups" % (conf.get('DOMAIN','domain_root'),conf.get('DOMAIN','domain_name')) for gid,info in groupinfo.items(): if verbose: print 'Fixing group permissions for "%s"...' % gid home = "%s/%s" % (groups_root,gid) if not os.path.exists(home): execute('mkdir %s' % home) execute('chgrp %s %s -R -f' % (gid,home)) execute('chmod g+wrs,o-rwx %s -R -f' % home) execute('chgrp %s %s -R -f' % (gid,home)) execute('chmod o-rwx,g-x,g+X,u-x,u+X %s -R -f' % home)
# MERCHANTABILITY or FITNESS FOR A PARTICULAR PURPOSE. See the GNU # Library General Public License for more details. # # You should have received a copy of the GNU Library General Public License # along with this library; see the file COPYING.LIB. If not, write to # the Free Software Foundation, Inc., 51 Franklin Street, Fifth Floor, # Boston, MA 02110-1301, USA. __author__ = "Jakob Simon-Gaarde <*****@*****.**>" import syslog from skolesys.lib.conf import conf cur_loglevel = 0 # by default logging is off if conf.has_option('DOMAIN','loglevel'): loglevel = conf.get('DOMAIN','loglevel') if loglevel.isdigit(): cur_loglevel = int(loglevel) def write(msg,loglevel=3,context=None,force=False): global cur_loglevel if cur_loglevel<loglevel and force==False: # Log level filters out this message return ident = "skolesys" if context: ident = "skolesys-%s" % str(context) syslog.openlog(ident)
def fetch_conf_ou(ou,conf): try: return c.match(conf.get('LDAPSERVER','%s_ou' % ou)).groups() except: print "skolesys.conf needs the required variable '%s_ou' to be set." % ou sys.exit(1)
def init_mainserver(): import skolesys.tools.mkpasswd as pw import getpass,os,time,re,sys import inspect,shutil import skolesys import skolesys.cfmachine.apthelpers as apthelper import skolesys.tools.sysinfo as sysinfo # Check root privilegdes if not os.getuid()==0: print "This command requires root priviledges" sys.exit(1) os.system('clear') location = os.path.split(inspect.getfile(skolesys))[0] print "SkoleSYS administrator login" print "----------------------------" in_adminpw = getpass.getpass('Enter the ldap skolesys.org admin passwd: ') if in_adminpw != getpass.getpass('Verify the ldap skolesys.org admin passwd: '): print "The passwords entered did not match" sys.exit(1) print print "The school administrator login" print "------------------------------" in_schooladminpw = getpass.getpass('Enter the ldap school admin passwd: ') if in_schooladminpw != getpass.getpass('Verify the ldap school admin passwd: '): print "The passwords entered did not match" sys.exit(1) print print "School domain setup" print "-------------------" organization_name = raw_input("What is the name of the school: ") print domain_name = raw_input("What is the school's domain name (ex. riggshigh.co.uk): ") domain_name_prefix = domain_name.split('.')[0] print country_code = raw_input("What is the country code of servers location (ex. dk=Denmark, uk=United Kingdom): ") print province = raw_input("Province or state (free text no constraints): ") print lang = raw_input("What should be the default language (ex. da=danish, en=english): ") print package_group = None while not package_group: package_group = raw_input("Choose which package group to use for this server (testing,stable) [stable]: ") if package_group == '': package_group = 'stable' if not ['testing','stable'].count(package_group): package_group = None # Create certificate and master ssh keypair f = open('%s/seeder/cert.cnf_template' % location ) cert_cnf_lines = f.readlines() f.close() f = open('cert.cnf','w') for l in cert_cnf_lines: l = l.replace('<domain_name>',domain_name) l = l.replace('<lang>',lang) l = l.replace('<country_code>',country_code) l = l.replace('<province>',province) l = l.replace('<organization_name>','skolesys') l = l.replace('<organization_unit_name>',organization_name) l = l.replace('<common_name>',organization_name) l = l.replace('<country_code>',country_code) f.write(l) f.close() res = os.system('openssl req -new -passin pass:%s -passout pass:%s -config cert.cnf > new.cert.csr' % (in_schooladminpw,in_schooladminpw)) if not res==0: print print "SkoleSYS Seeder - failed while creating the SOAP certificate files" sys.exit(1) res = os.system('openssl rsa -in privkey.pem -passin pass:%s -out %s.key' % (in_schooladminpw,domain_name)) if not res==0: print print "SkoleSYS Seeder - failed while creating the SOAP certificate files" sys.exit(1) res = os.system('openssl x509 -in new.cert.csr -out %s.cert -req -signkey %s.key -days 20000' % (domain_name,domain_name)) if not res==0: print print "SkoleSYS Seeder - failed while creating the SOAP certificate files" sys.exit(1) # Copy certificate into place if not os.path.exists('/etc/skolesys/cert/'): os.makedirs('/etc/skolesys/cert/') res = os.system('cp %s.key %s.cert /etc/skolesys/cert/' % (domain_name,domain_name)) if not res==0: print print "SkoleSYS Seeder - failed while copying certificate into place" sys.exit(1) # Create the master ssh keypair if not os.path.exists('/etc/skolesys/ssh/'): os.makedirs('/etc/skolesys/ssh/') res = os.system('ssh-keygen -b 1024 -t dsa -N "" -f /etc/skolesys/ssh/id_dsa') if not res==0: print print "SkoleSYS Seeder - failed while creating the master ssh keypair" sys.exit(1) # Read template files before they are removed f = open('%s/seeder/slapd.conf_template' % location) slapd_conf_lines = f.readlines() f.close() f = open('%s/seeder/skolesys.ldif_template' % location) skolesys_ldif_lines = f.readlines() f.close() # INSTALL # Wipe sources.list on mainserver install os.system('echo "" > /etc/apt/sources.list') # fetch the release codename codename = sysinfo.get_dist_codename() # ensure some entries in sources.list apt_source_entries = [ {'type':'deb','uri':'http://archive.skolesys.dk/%s' % package_group,'distribution':codename,'components':['main']}, {'type':'deb','uri':'http://archive.ubuntu.com/ubuntu/','distribution':codename,'components':['main','restricted','universe']}, {'type':'deb-src','uri':'http://archive.ubuntu.com/ubuntu/','distribution':codename,'components':['main','restricted','universe']}, {'type':'deb','uri':'http://archive.ubuntu.com/ubuntu/','distribution':'%s-backports' % codename ,'components':['main','restricted','universe','multiverse']}, {'type':'deb-src','uri':'http://archive.ubuntu.com/ubuntu/','distribution':'%s-backports' % codename,'components':['main','restricted','universe','multiverse']}, {'type':'deb','uri':'http://archive.ubuntu.com/ubuntu/','distribution':'%s-updates' % codename ,'components':['main','restricted','universe','multiverse']}, {'type':'deb-src','uri':'http://archive.ubuntu.com/ubuntu/','distribution':'%s-updates' % codename,'components':['main','restricted','universe','multiverse']}, {'type':'deb','uri':'http://security.ubuntu.com/ubuntu','distribution':'%s-security' % codename,'components':['main','restricted','universe']}, {'type':'deb-src','uri':'http://security.ubuntu.com/ubuntu','distribution':'%s-security' % codename,'components':['main','restricted','universe']}] slist = apthelper.SourcesList() for src in apt_source_entries: slist.add_source(src['type'],src['uri'],src['distribution'],src['components']) slist.print_sources_list() if slist.dirty: slist.write_sources_list() res = os.system('apt-get update') if not res==0: print print "SkoleSYS Seeder - failed while updating packages" sys.exit(1) # Better read the skolesys.conf template file since the mainserver package will remove it next f = open('%s/seeder/skolesys.conf_template' % location) lines = f.readlines() f.close() f = open('/etc/skolesys/skolesys.conf','w') for l in lines: l = l.replace('<domain_name>',domain_name) l = l.replace('<domain_name_prefix>',domain_name_prefix) l = l.replace('<uc_domain_name_prefix>', domain_name_prefix.upper()) l = l.replace('<package_group>',package_group) l = l.replace('<lang>',lang) f.write(l) f.close() os.system('chmod 644 /etc/skolesys/skolesys.conf') # Replace python-skolesys-seeder with python-skolesys-mainserver os.environ['DEBIAN_FRONTEND'] = 'noninteractive' os.environ['DEBCONF_ADMIN_EMAIL'] = '' res = os.system('apt-get install -y slapd') if not res==0: print print "SkoleSYS Seeder - failed while installing LDAP server" sys.exit(1) res = os.system('apt-get install -y ldap-utils') if not res==0: print print "SkoleSYS Seeder - failed while installing LDAP utils" sys.exit(1) shutil.copy('%s/seeder/skolesys.schema' % location,'/etc/ldap/schema/') shutil.copy('%s/seeder/samba.schema' % location,'/etc/ldap/schema/') if not os.path.exists('/skolesys/misc_backup'): os.makedirs('/skolesys/misc_backup') if not os.path.exists('/skolesys/%s/groups' % domain_name): os.makedirs('/skolesys/%s/groups' % domain_name) if not os.path.exists('/skolesys/%s/users' % domain_name): os.makedirs('/skolesys/%s/users' % domain_name) if not os.path.exists('/skolesys/%s/profiles' % domain_name): os.makedirs('/skolesys/%s/profiles' % domain_name) if not os.path.exists('/skolesys/%s/services' % domain_name): os.makedirs('/skolesys/%s/services' % domain_name) if not os.path.exists('/skolesys/%s/smbshares' % domain_name): os.makedirs('/skolesys/%s/smbshares' % domain_name) f = open('/etc/pam_ldap.secret','w') f.write('%s\n' % in_adminpw) f.close() from skolesys.lib.conf import conf res = os.system('/etc/init.d/slapd stop') if not res==0: print print "SkoleSYS Seeder - failed while stopping the LDAP Server" sys.exit(1) os.system('rm /var/lib/ldap/* -R -f') f = open('/etc/ldap/slapd.conf','w') for l in slapd_conf_lines: l = l.replace('<basedn>',conf.get('LDAPSERVER','basedn')) l = l.replace('<passwd>',pw.mkpasswd(in_adminpw,3,'ssha').strip()) l = l.replace('<admin>',conf.get('LDAPSERVER','admin')) f.write(l) f.close() os.system('chmod 600 /etc/ldap/slapd.conf') # ldif fore initializing ldap f = open('skolesys.ldif','w') c = re.compile('(ou=(\S+))') def fetch_conf_ou(ou,conf): try: return c.match(conf.get('LDAPSERVER','%s_ou' % ou)).groups() except: print "skolesys.conf needs the required variable '%s_ou' to be set." % ou sys.exit(1) groups_ou,groups = fetch_conf_ou('groups',conf) logins_ou,logins = fetch_conf_ou('logins',conf) teachers_ou,teachers = fetch_conf_ou('teachers',conf) students_ou,students = fetch_conf_ou('students',conf) parents_ou,parents = fetch_conf_ou('parents',conf) others_ou,others = fetch_conf_ou('others',conf) primary_ou,primary = fetch_conf_ou('primary',conf) system_ou,system = fetch_conf_ou('system',conf) service_ou,service = fetch_conf_ou('service',conf) samba_ou,samba = fetch_conf_ou('samba',conf) smb_users_ou,smb_users = fetch_conf_ou('smb_users',conf) smb_machines_ou,smb_machines = fetch_conf_ou('smb_machines',conf) smb_groups_ou,smb_groups = fetch_conf_ou('smb_groups',conf) hosts_ou,hosts = fetch_conf_ou('hosts',conf) domain_name_prefix = conf.get('DOMAIN','domain_name').split('.')[0] for l in skolesys_ldif_lines: l = l.replace('<basedn>',conf.get('LDAPSERVER','basedn')) l = l.replace('<groups_ou>',groups_ou) l = l.replace('<logins_ou>',logins_ou) l = l.replace('<teachers_ou>',teachers_ou) l = l.replace('<students_ou>',students_ou) l = l.replace('<parents_ou>',parents_ou) l = l.replace('<others_ou>',others_ou) l = l.replace('<primary_ou>',primary_ou) l = l.replace('<system_ou>',system_ou) l = l.replace('<service_ou>',service_ou) l = l.replace('<samba_ou>',samba_ou) l = l.replace('<smb_users_ou>',smb_users_ou) l = l.replace('<smb_machines_ou>',smb_machines_ou) l = l.replace('<smb_groups_ou>',smb_groups_ou) l = l.replace('<hosts_ou>',hosts_ou) l = l.replace('<groups>',groups) l = l.replace('<logins>',logins) l = l.replace('<teachers>',teachers) l = l.replace('<students>',students) l = l.replace('<parents>',parents) l = l.replace('<others>',others) l = l.replace('<primary>',primary) l = l.replace('<system>',system) l = l.replace('<service>',service) l = l.replace('<samba>',samba) l = l.replace('<smb_users>',smb_users) l = l.replace('<smb_machines>',smb_machines) l = l.replace('<smb_groups>',smb_groups) l = l.replace('<hosts>',hosts) l = l.replace('<domain_name>',conf.get('DOMAIN','domain_name')) l = l.replace('<domain_name_prefix>',domain_name_prefix) l = l.replace('<passwd>',pw.mkpasswd(in_adminpw,3,'crypt').strip()) l = l.replace('<schooladmin_passwd>',pw.mkpasswd(in_schooladminpw,3,'crypt').strip()) f.write(l) f.close() res = os.system('/etc/init.d/slapd restart') if not res==0: print print "SkoleSYS Seeder - failed while restarting the LDAP Server" sys.exit(1) print "Sleeping 5 seconds to ensure slapd restart..." time.sleep(5) res = os.system('ldapadd -x -D "cn=admin,dc=skolesys,dc=org" -w %s -f skolesys.ldif' % in_adminpw) if not res==0: print print "SkoleSYS Seeder - failed while adding creating LDAP server structure" sys.exit(1) res = os.system('rm skolesys.ldif -f') f = open('/etc/hosts','a') f.write('127.0.0.1\tmainserver.localnet\n') f.close() res = os.system('apt-get install -y python-skolesys-mainserver') if not res==0: print print "SkoleSYS Seeder - failed while installing SkoleSYS mainserver package" sys.exit(1) import skolesys.lib.hostmanager as h import skolesys.definitions.hostdef as hostdef import skolesys.soap.netinfo as netinfo hm = h.HostManager() print hm.register_host(netinfo.if2hwaddr('eth0'),'mainserver',hostdef.hosttype_as_id('mainserver'),update_hosts=False) import skolesys.cfmachine.configbuilder as confbuilder cb = confbuilder.ConfigBuilder(hostdef.hosttype_as_id('mainserver'),codename,netinfo.if2hwaddr('eth0'),'seed-mainserver') curdir = os.getcwd() os.chdir(cb.tempdir) res = os.system('./install.sh') if not res==0: print print "SkoleSYS Seeder - failed while fetching the configuration" sys.exit(1) os.chdir(curdir) del cb res = os.system('smbpasswd -w %s' % in_schooladminpw) if not res==0: print print "SkoleSYS Seeder - failed while storing LDAP password for samba" sys.exit(1) res = os.system('/etc/init.d/samba restart') if not res==0: print print "SkoleSYS Seeder - faield to restart samba" sys.exit(1) res = os.system('useradd smbadmin') if not res==0: print print "SkoleSYS Seeder - failed while adding user smbadmin" sys.exit(1) w,r = os.popen2('smbpasswd -a smbadmin -s') w.write('%s\n' % in_schooladminpw) w.write('%s\n' % in_schooladminpw) w.close() r.close() print "Done configuring the mainserver." print "Add system groups..." os.system('ss_groupmanager creategroup ssadmin -n "SkoleSYS Administrator" -t primary') os.system('ss_usermanager createuser ssadmin -g SkoleSYS -f Admin -t other -G ssadmin -p %s' % in_adminpw) os.system('ss_accessmanager grant_access ssadmin access.soap.bind')