Esempio n. 1
0
    def load(self, site_name):
        safe_site_name = self.get_safe_name(site_name)
        if self.is_conf_exists(safe_site_name):
            conf_path = "%s/%s" % (CONF_MAP('site','conf_path'), safe_site_name)
            self.conf = UWSAConfiguration(conf_file=conf_path,
                                            template=files.get_rel_path("data/site.conf.tpl"),
                                            exclude=self.exclude)

        self.set_name(site_name, self.conf.get('vhost','redirect'))
Esempio n. 2
0
 def __init__(self):
     AbstractCommand.__init__(self)
     self.exclude = {
                         'access':[
                                     'unix_pass',
                                     'ldap_pass',
                                     'ldap_to_apply',
                                 ],
                         'mysql':[
                                     'mysql_apply',
                                 ],
                     }
     self.conf = UWSAConfiguration(template=files.get_rel_path("data/site.conf.tpl"),exclude=self.exclude)
     self.t = '        '
     self.tt = self.t + self.t
     self.domain_admin_user = None
     self.domain_admin_pass = None
Esempio n. 3
0
class SiteCommand(AbstractCommand):

    NAME = 'site'

    def __init__(self):
        AbstractCommand.__init__(self)
        self.exclude = {
                            'access':[
                                        'unix_pass',
                                        'ldap_pass',
                                        'ldap_to_apply',
                                    ],
                            'mysql':[
                                        'mysql_apply',
                                    ],
                        }
        self.conf = UWSAConfiguration(template=files.get_rel_path("data/site.conf.tpl"),exclude=self.exclude)
        self.t = '        '
        self.tt = self.t + self.t
        self.domain_admin_user = None
        self.domain_admin_pass = None

    def init_help(self):
        help = AbstractCommand.init_help(self)
        help['command_detail'] = t("\n\nThe command %s is used create, modify or update web site") % self.NAME
        return help

    def get_log_name(self):
        return 'site'

    def output_config(self):
        try:
            if inputs.get_input_yesno(t("Do you want to send configuration of %(name)s to %(mail)s?") %
                                        {   'name': self.conf.get('main','site_name'), 
                                            'mail': CONF_MAP('mail','admin_mail'),
                                        }):
                self.send_status_mail()
        except Exception:
            L.exception(t("Problem sending mail in %s") % __file__)
        print self.gen_status_msg()


    def do(self, args=[]):
        completed = AbstractCommand.do(self,args)
        if not completed:
            if 'fix' in args:
                args.remove('fix')
                completed = self.do_fix_all(self.get_next_arg(args))
            elif self.__class__ == SiteCommand:
                self.print_unsupported(args)
        return completed

    def do_fix_all(self, site_name):
        site_name = self.ask_site_name(site_name)

        if not self.is_conf_exists(site_name):
            print t("This site does not exists.")
            return False

        self.load(site_name)
        self.fix_config(overwrite=True)
        self.output_config()


    def is_conf_exists(self, site_name):
        safe_site_name = self.get_safe_name(site_name)
        conf_path = "%s/%s" % (CONF_MAP('site','conf_path'), safe_site_name)
        return files.exists(conf_path)

    def load(self, site_name):
        safe_site_name = self.get_safe_name(site_name)
        if self.is_conf_exists(safe_site_name):
            conf_path = "%s/%s" % (CONF_MAP('site','conf_path'), safe_site_name)
            self.conf = UWSAConfiguration(conf_file=conf_path,
                                            template=files.get_rel_path("data/site.conf.tpl"),
                                            exclude=self.exclude)

        self.set_name(site_name, self.conf.get('vhost','redirect'))

    def save(self):
        safe_site_name = self.get_safe_name(self.conf.get('main','site_name'))
        conf_path = "%s/%s" % (CONF_MAP('site','conf_path'), safe_site_name)
        self.conf.save_to_file(conf_path)

    def gen_status_msg(self):
        msg = t("Hi! A new site was created! Here it's configuration.\n\n")
        msg += t("Site name: %s\n") % self.conf.get('main','site_name')
        msg += t("Site dev name: %s\n") % self.conf.get('main','site_dev_name')
        msg += t("Redirect enabled: %s\n") % self.conf.get('vhost','redirect')
        msg += t("Client name: %s\n") % self.conf.get('main','client_name')
        msg += t("Client email: %s\n") % self.conf.get('main','client_mail')

        if self.conf.get('wordpress','enabled'):
            msg += t("\nWordpress")

        if self.conf.get('wikimedia','enabled'):
            msg += t("\nWikimedia")

        if self.conf.get('typo3','enabled'):
            msg += t("\ntypo3")

        msg += t("\nAllowOverride is: %s\n") % self.conf.get('vhost','allow_override')
        msg += t("\nThe PHP engine is: %s\n") % self.conf.get('php','php_engine')

        if self.conf.get('access','ldap_user'):
            msg += t("LDAP user: %s\n") % self.conf.get('access','ldap_user')
            msg += t("LDAP pass: %s\n") % self.conf.get('access','ldap_pass')
        if self.conf.get('access','ldap_group'):
            msg += t("LDAP group: %s\n") % self.conf.get('access','ldap_group')

        if self.conf.get('access','unix_user'):
            msg += t("UNIX user: %s\n") % self.conf.get('access','unix_user')
            if self.conf.get('access','unix_pass'):
                msg += t("UNIX pass: %s\n") % self.conf.get('access','unix_pass')
        if self.conf.get('access','unix_group'):
            msg += t("UNIX group: %s\n") % self.conf.get('access','unix_group')

        if self.conf.get('mysql','schema'):
            msg += t("MySQL user: %s\n") % self.conf.get('mysql','user')
            msg += t("MySQL pass: %s\n") % self.conf.get('mysql','pass')
            msg += t("MySQL schema: %s\n") % self.conf.get('mysql','schema')

        msg += t("\n\nEnjoy!")
        msg += t("\n\nNote: use the following command to unban client ip from fail2ban: \n%s") % "sudo iptables -D fail2ban-ssh -s IP.ADD.RE.SS -j DROP"

        return msg

    def send_status_mail(self):
        msg = self.gen_status_msg()
        sub = core.mail_subject('site', t("%s configuration") % self.conf.get('main','site_name'))
        core.mail(sub, msg)

    def set_name(self, name, redirect=False):

        if redirect and not name.startswith('www.'):
            name = 'www.' + name

        self.conf.mod('main','site_name', name)
        self.conf.mod('vhost','redirect', redirect)

    def get_safe_name(self, name):
        return name.replace(".","-").replace(" ","").replace("/","").replace("\\","")

    def ask_site_name(self, site_name):
        q = t("What is the name of the site?")
        site_name = inputs.get_input_string(q, site_name)
        return site_name

    def ask_overwrite(self, site_name):
        q = t("The site %(name)s already exists. Do you want to overwrite its configuration?") % {'name':site_name}
        return inputs.get_input_yesno(q)

    def ask_redirect(self, redirect=False):
        redirect = inputs.get_input_yesno(t("Do you (really) need a www redirect?"))
        return redirect

    def ask_client_name(self, old):
        name = inputs.get_input_string(t("What is the client full name?"),old)
        return name

    def ask_client_mail(self, old):
        mail = inputs.get_input_string(t("What is the client email?"),old)
        return mail

    def update_client_info(self):
        name = self.ask_client_name(self.conf.get('main','client_name'))
        mail = self.ask_client_mail(self.conf.get('main','client_mail'))
        self.conf.mod('main','client_name', name)
        self.conf.mod('main','client_mail', mail)

    def ask_domain_admin(self):
        if self.domain_admin_user is None or self.domain_admin_user is None:
            self.domain_admin_user = inputs.get_input_string(t("What is the domain admin username?"))
            self.domain_admin_pass = inputs.get_password(t("What is the domain admin password?"), confirm=False, validate=False)
        ldap.DOMAIN_USER = self.domain_admin_user
        ldap.DOMAIN_PASS = self.domain_admin_pass

    def ask_create_user(self, default=None):
        return self.ask_create_ug(t("What is the new username?"), default)

    def ask_create_group(self, default=None):
        return self.ask_create_ug(t("What is the new groupname?"), default)

    def ask_create_ug(self, prompt, default=None):
        default = inputs.gen_username() if default is None else default
        val = inputs.get_input_string(prompt, default)
        return val

    def generate_virtualhost(self):

        site_name =  self.conf.get('main','site_name')
        site_dev_name =  self.conf.get('main', 'site_dev_name')
        safe_site_name = self.get_safe_name(site_name)
        site_short_name =  site_name.replace('www.','',1)
        admin_mail =  CONF_MAP('mail','admin_mail')

        server_name = self.t + "ServerName %s\n" % site_name
        server_alias = self.t + "ServerAlias %s\n" % site_dev_name
        rewrite_cond = ""

        site_path, root_path, log_path, upload_tmp_path = self.generate_dir()

        options = self.conf.get('vhost','options')
        allow_override = self.conf.get('vhost','allow_override')
        php_extra = self.tt
        if str(self.conf.get('php','php_engine')).lower() != 'on':
            php_extra += "php_admin_value engine off"

        if self.conf.get('vhost','redirect'):
            server_alias += self.t + "ServerAlias %s\n" % site_short_name
            rewrite_cond = str(""
                                "%(tab)sRewriteEngine on\n"
                                "%(tab)sRewriteCond %(http_post)s ^%(site_rewrite_cond)s$ [NC]\n"
                                "%(tab)sRewriteRule ^(.*)$ http://%(site_name)s$1 [R=301,L]\n"
                                % {
                                    "http_post":"%{HTTP_HOST}",
                                    "site_rewrite_cond":site_short_name.replace(".","\."),
                                    "site_name":site_name,
                                    "tab":self.t,
                                })
        vhost = ""
        with open(files.get_rel_path("data/virtualhost.tpl")) as f:
            vhost_tpl = Template(f.read())
            vhost = vhost_tpl.safe_substitute(
                                            admin_mail=admin_mail,
                                            server_name=server_name.strip(),
                                            server_alias=server_alias.strip(),
                                            root_path=root_path,
                                            site_path=site_path,
                                            rewrite_cond=rewrite_cond.strip(),
                                            options=options,
                                            allow_override=allow_override,
                                            php_extra=php_extra.strip(),
                                            safe_site_name=safe_site_name,
                                            log_path=log_path,
                                            upload_tmp_path=upload_tmp_path,
                                            )

        return vhost

    def fix_vhost(self):
        safe_site_name = self.get_safe_name(self.conf.get('main','site_name'))
        vhost = self.generate_virtualhost()
        vhost_filename = CONF_MAP('site','vhost_path') + "/%s" % safe_site_name
        files.create(vhost_filename, vhost)

    def generate_dir(self):
        uwsa_www_path = CONF_MAP('site','www_path')
        safe_site_name = self.get_safe_name(self.conf.get('main','site_name'))
        site_path =  uwsa_www_path + "/%s" % safe_site_name
        root_path = site_path + "/%s" % self.conf.get('vhost','root_path')
        log_path = site_path + "/%s" % self.conf.get('vhost','log_path')
        upload_tmp_path = site_path + "/%s" % self.conf.get('vhost','upload_tmp_path')
        return site_path, root_path, log_path, upload_tmp_path

    def mkdir(self, overwrite=False):
        site_path, root_path, log_path, upload_tmp_path = self.generate_dir()
        files.mkdir(root_path, overwrite)
        files.mkdir(log_path, overwrite)
        files.mkdir(upload_tmp_path, overwrite)

    def create_access(self):
        user_mail = self.conf.get('main','client_mail')

        unix_user = self.conf.get('access','unix_user')
        unix_pass = self.conf.get('access','unix_pass')
        unix_group = self.conf.get('access','unix_group')

        ldap_user = self.conf.get('access','ldap_user')
        ldap_pass = self.conf.get('access','ldap_pass')
        ldap_group = self.conf.get('access','ldap_group')

        if CONF_MAP('ldap','enabled') and self.conf.get('access','ldap_to_apply'):
            self.ask_domain_admin()
            if ldap_user and not ldap.user_exists(ldap_user):
                ldap.create_user(ldap_user, user_mail, ldap_pass)
            if ldap_group and not ldap.group_exists(ldap_group):
                ldap.create_group(ldap_group)
            if ldap_user and ldap_group and not ldap.is_member_of(ldap_user, ldap_group):
                ldap.user_to_group(ldap_user, ldap_group)

        if CONF_MAP('unix','enabled'):
            if unix_user and not unix.user_exists(unix_user):
                unix.create_user(unix_user, user_mail, unix_pass)
            if unix_group and not unix.group_exists(unix_group):
                unix.create_group(unix_group)
            if unix_user and unix_group and not unix.is_member_of(unix_user , unix_group):
                unix.user_to_group(unix_user, unix_group)

    def generate_acl(self, group):
        cron_acl = ""
        site_path, root_path, log_path, upload_tmp_path = self.generate_dir()

        with open(files.get_rel_path("data/cron_acl.tpl")) as f:
            cron_acl_tpl = Template(f.read())
            cron_acl = cron_acl_tpl.safe_substitute(group=group, site_path=site_path)

        return cron_acl

    def fix_cron_acl(self):
        unix_group = self.conf.get('access','unix_group')
        ldap_group = self.conf.get('access','ldap_group')

        if unix_group and CONF_MAP('unix','enabled'):
            unix_acl = self.generate_acl(unix_group)
            cron_fullpath = "/etc/cron.acl/%s" % self.get_safe_name(unix_group)
            files.create(cron_fullpath, unix_acl)
            files.chmod(cron_fullpath, u='rx',g='rx',o='rx')

        if ldap_group and CONF_MAP('ldap','enabled'):
            ldap_acl = self.generate_acl(ldap_group)
            cron_fullpath = "/etc/cron.acl/%s" % self.get_safe_name(ldap_group)
            files.create(cron_fullpath, ldap_acl)
            files.chmod(cron_fullpath, u='rx',g='rx',o='rx')

    def check_centrify_allow(self, group):
        is_ok = True
        is_ok &= files.contains('/etc/centrifydc/groups.allow', group)
        return is_ok

    def fix_centrify_allow(self):
        g_allow = '/etc/centrifydc/groups.allow'
        ldap_group = self.conf.get('access','ldap_group')
        if ldap_group and not files.contains(g_allow, ldap_group):
            files.append(g_allow, '\n%s' % ldap_group)

    def generate_auto_mount(self):
        auto_mount = ""

        safe_site_name = self.get_safe_name(self.conf.get('main','site_name'))
        site_path, root_path, log_path, upload_tmp_path = self.generate_dir()
        unix_group = self.conf.get('access','unix_group')
        ldap_group = self.conf.get('access','ldap_group')

        with open(files.get_rel_path("data/auto_mount.tpl.py")) as f:
            auto_mount_tpl = Template(f.read())
            auto_mount = auto_mount_tpl.safe_substitute(
                                            site_name=safe_site_name,
                                            site_path=site_path,
                                            ldap_group=ldap_group,
                                            unix_group=unix_group,
                                            )

        return auto_mount

    def fix_auto_mount(self):
        safe_site_name = self.get_safe_name(self.conf.get('main','site_name'))
        auto_mount = self.generate_auto_mount()
        auto_mount_filename = CONF_MAP('libpam_script','auto_mount_dir') + "/%s" % safe_site_name
        files.create(auto_mount_filename, auto_mount)
        files.chmod(auto_mount_filename, u='rx',g='rx',o='')

    def ask_mysql_cred(self):
        if mysql.MYSQL_USER != 'root':
            mysql.MYSQL_USER = '******'
            mysql.MYSQL_PASS = inputs.get_password(t("What is the mysql password for root?"), confirm=False, validate=False)

    def fix_mysql(self):
        mysql_user = self.conf.get('mysql','user')
        mysql_pass = self.conf.get('mysql','pass')
        mysql_schema = self.conf.get('mysql','schema')
        mysql_apply = self.conf.get('mysql','mysql_apply')

        if mysql_apply:
            self.ask_mysql_cred()

            if mysql_user:
                if mysql.user_exists(mysql_user):
                    mysql.update_user_password(mysql_user,mysql_pass)
                else:
                    mysql.create_user(mysql_user,mysql_pass)

            if mysql_schema and not mysql.schema_exists(mysql_schema):
                mysql.create_schema(mysql_schema)

            if mysql_schema and mysql_user:
                mysql.grant_user(mysql_user, mysql_schema)

    def try_acl_activation(self):
        unix_group = self.conf.get('access','unix_group')
        ldap_group = self.conf.get('access','ldap_group')
        cmd_list = []

        if unix_group:
            #unix_acl = self.generate_acl(unix_group)
            cron_fullpath = "/etc/cron.acl/%s" % self.get_safe_name(unix_group)
            cmd_list.append(cron_fullpath)

        if ldap_group:
            #ldap_acl = self.generate_acl(ldap_group)
            cron_fullpath = "/etc/cron.acl/%s" % self.get_safe_name(ldap_group)
            cmd_list.append(cron_fullpath)

        if len(cmd_list) > 0:
            completed, pinfo = core.exec_cmd_list(cmd_list)
            if not completed:
                L.error(t("ACL not applied properly, probably because centrify is not updated. "
                          "You will need to apply them manually or wait the auto apply..."))

    def create_wordpress(self):
        if self.conf.get('wordpress','enabled'):
            site_path, root_path, log_path, upload_tmp_path = self.generate_dir()
            wp_tpl_webroot = CONF_MAP('site','wordpress_template_path') + "/webroot"
            wp_tpl_schema = CONF_MAP('site','wordpress_template_path') + "/schema/wordpress_tpl_schema.sql"
            wp_webroot_conf = root_path + "/wp-config.php"
            mysql_user = self.conf.get('mysql','user')
            mysql_pass = self.conf.get('mysql','pass')
            mysql_schema = self.conf.get('mysql','schema')
            site_name = self.conf.get('main','site_name')

            if inputs.get_input_noyes(t("Do you want deploy the default wordpress template under %s?") % root_path):
                if files.exists(wp_tpl_webroot):
                    cmd_list = [
                        "bash -c 'cp -fr %s/* %s/'" % (wp_tpl_webroot, root_path),
                    ]
                    completed, pinfo = core.exec_cmd_list(cmd_list)
                    if not completed:
                        L.error(t("Cannot deploy the template."))
                else:
                    L.info(t("There is no template under %s") % wp_tpl_webroot)
            elif inputs.get_input_yesno(t("Do you want to only deploy default plugins?")):
                if files.exists(wp_tpl_webroot):
                    cmd_list = [
                        "bash -c 'mkdir -p %s/wp-content/plugins'" % root_path,
                        "bash -c 'cp -fr %s/wp-content/plugins/* %s/wp-content/plugins/'" % (wp_tpl_webroot, root_path),
                    ]
                    completed, pinfo = core.exec_cmd_list(cmd_list)
                    if not completed:
                        L.error(t("Cannot deploy plugins."))
                else:
                    L.info(t("There is no template under %s") % wp_tpl_webroot)

            if files.exists(wp_webroot_conf):
                params_dict = {
                        'DB_NAME': mysql_schema,
                        'DB_USER': mysql_user,
                        'DB_PASSWORD': mysql_pass,
                        'DB_HOST':'localhost',
                    }
                for key in params_dict:
                    pattern = "define\(\s*?['\"]%s['\"].*;" % key
                    target = "define('%s', '%s');" % (key, params_dict[key])
                    files.re_replace_in(wp_webroot_conf, pattern, target)
            else:
                L.info(t("There is no wp-config.php under %s") % root_path)

            if files.exists(wp_tpl_schema) and inputs.get_input_noyes(t("Do you want to restore default database?")):
                L.info(t("Restoring default schema %s.") % mysql_schema)
                tmp_file = "/tmp/uwsa_wp_schema_%s" % uuid.uuid4()
                files.cp(wp_tpl_schema, tmp_file)
                files.re_replace_in(tmp_file,'UWSA_SCHEMA_NAME', mysql_schema)
                files.replace_in_php_database(tmp_file,'UWSA_SITE_NAME', site_name)
                cmd_list = [
                    {
                        'command': "bash -c 'mysql -u %s -p%s %s < %s'" % (mysql_user, mysql_pass, mysql_schema, tmp_file),
                        'anonymous': "bash -c 'mysql -u %s -p%s %s < %s'"  % (mysql_user, "XXXXX", mysql_schema, tmp_file),
                    },
                ]

                completed, pinfo = core.exec_cmd_list(cmd_list)
                if not completed:
                    L.error(t("Failed to restore schema %s!") % mysql_schema)
                os.remove(tmp_file)

    def fix_config(self, overwrite=False):
        unix_group = self.conf.get('access','unix_group')
        ldap_group = self.conf.get('access','ldap_group')
        self.mkdir(overwrite)
        self.fix_vhost()
        self.create_access()
        if CONF_MAP('ldap','enabled') and self.conf.get('access','ldap_to_apply'):
            centrify.ldap_centrify_refresh(unix_group, ldap_group)
            self.fix_centrify_allow()
        self.fix_cron_acl()
        self.fix_auto_mount()
        self.fix_mysql()
        self.create_wordpress()
        apache.enable(self.get_safe_name(self.conf.get('main','site_name')))
        apache.graceful()
        self.try_acl_activation()
Esempio n. 4
0
    # Send the email (this example assumes SMTP authentication is required)
    import smtplib
    smtp = smtplib.SMTP(smtp_server)
    #smtp.connect(smtp,25)
    #smtp.login('exampleuser', 'examplepass')
    smtp.sendmail(strFrom, strTo, msgRoot.as_string())
    smtp.quit()
    ## end of http://code.activestate.com/recipes/473810/ }}}

#--------------------------------------------------------------------------------------------------#
# Global initialisation
#--------------------------------------------------------------------------------------------------#

CONFIG = UWSAConfiguration(conf_file='/etc/uwsa/uwsa.conf',
                            template=files.get_rel_path("data/uwsa.conf.tpl"),
                            exclude = {
                                'core':['tool_name',],
                            })
CONFIG.mod('core','tool_name','uwsa')
CONF_MAP = CONFIG.get
hi = get_host_info()
CONFIG.mod('mail','hostname',hi['hostname'])
CONFIG.mod('mail','ip',hi['ip'])
L = Logger()

#--------------------------------------------------------------------------------------------------#
# Main
#--------------------------------------------------------------------------------------------------#

if __name__ == 'uwsa.core':