def apply_quassel_changes(daan, changes): if not changes: return if settings.QUASSEL_CONFIGDIR is None: logging.warning('no QUASSEL_CONFIGDIR available, skipping') return db_path = os.path.join( settings.QUASSEL_CONFIGDIR, 'quassel-storage.sqlite') conn = sqlite3.connect(db_path) c = conn.cursor() for user in changes['remove']: logging.info('quassel: removing %s', user) c.execute("SELECT userid FROM quasseluser WHERE username=?", (user,)) userid, = c.fetchone() c.execute("DELETE FROM quasseluser WHERE username=?", (user,)) c.execute("DELETE FROM identity WHERE userid=?", (userid,)) c.execute("DELETE FROM ircserver WHERE userid=?", (userid,)) c.execute("DELETE FROM user_setting WHERE userid=?", (userid,)) c.execute("DELETE FROM buffer WHERE userid=?", (userid,)) c.execute("DELETE FROM network WHERE userid=?", (userid,)) for user in changes['add']: logging.info('quassel: adding %s', user) hashed_pw = hashlib.sha1(pseudo_randstr()).hexdigest() c.execute("INSERT INTO quasseluser(username, password) VALUES (?, ?)", (user, hashed_pw)) conn.commit()
def unix_setpass(cilia, user, password): kn_gid = grp.getgrnam('kn').gr_gid pwent = pwd.getpwnam(user) if pwent.pw_gid != kn_gid: return {'error': "Permission denied. Gid is not kn"} crypthash = crypt.crypt(password, pseudo_randstr(2)) subprocess.call(['usermod', '-p', crypthash, user]) return {'success': True}
def set_password(self, pwd, save=True): salt = pseudo_randstr() alg = 'sha1' self._data['password'] = { 'algorithm': alg, 'salt': salt, 'hash': get_hexdigest(alg, salt, pwd)} if save: self.save()
def set_password(self, pwd, save=True): salt = pseudo_randstr() alg = 'sha1' self._data['password'] = { 'algorithm': alg, 'salt': salt, 'hash': get_hexdigest(alg, salt, pwd) } if save: self.save()
def forum_setpass(daan, user, password): creds = settings.FORUM_MYSQL_SECRET dc = MySQLdb.connect(creds[0], user=creds[1], passwd=creds[2], db=creds[3]) c = dc.cursor() salt = pseudo_randstr() h = hashlib.sha1(password).hexdigest() h = hashlib.sha1(salt + h).hexdigest() c.execute("UPDATE users SET password=%s, salt=%s WHERE username=%s;", (h, salt, user)) c.execute("COMMIT;") c.close() dc.close()
def user_reset_password(request, _id): if not "secretariaat" in request.user.cached_groups_names: raise PermissionDenied u = Es.by_id(_id).as_user() if not u.is_active: raise ValueError, _("Gebruiker is niet geactiveerd") pwd = pseudo_randstr() u.set_password(pwd) giedo.change_password(str(u.name), pwd, pwd) render_then_email("leden/reset-password.mail.txt", u, {"user": u, "password": pwd}) messages.info(request, _("Wachtwoord gereset!")) return redirect_to_referer(request)
def user_reset_password(request, _id): if not 'secretariaat' in request.user.cached_groups_names: raise PermissionDenied u = Es.by_id(_id).as_user() pwd = pseudo_randstr() u.set_password(pwd) giedo.change_password(str(u.name), pwd, pwd) render_then_email("leden/reset-password.mail.txt", u.canonical_full_email, { 'user': u, 'password': pwd}) request.user.push_message("Wachtwoord gereset!") return redirect_to_referer(request)
def _sync_villanet(self): ret = self.villanet_request({'action': 'listUsers'}) if not ret[0]: return ret = json.loads(ret[1]) users = dict() ulut = dict() for u in Es.users(): ulut[u._id] = str(u.name) member_relations_grouped = dict() for rel in Es.query_relations(_with=Es.by_name('leden'), until=now()): if rel['who'] not in member_relations_grouped: member_relations_grouped[rel['who']] = [] member_relations_grouped[rel['who']].append(rel) for user_id, relations in member_relations_grouped.items(): latest = max(relations, key=lambda x: x['until']) users[ulut[user_id]] = latest['until'].strftime('%Y-%m-%d') vn = set(ret.keys()) kn = set(users.keys()) dt_max = settings.DT_MAX.strftime('%Y-%m-%d') for name in kn - vn: data = { 'username': name, 'password': self.villanet_encrypt_password(pseudo_randstr(16)), } if users[name] != dt_max: data['till'] = users[name] pc = Es.PushChange({ 'system': 'villanet', 'action': 'addUser', 'data': data }) pc.save() for name in vn - kn: logging.info("Stray user %s" % name) for name in vn & kn: remote = (ret[name]['till'][:10] if ret[name]['till'] is not None else '') local = users[name] if users[name] != dt_max else '' if remote != local: pc = Es.PushChange({ 'system': 'villanet', 'action': 'changeUser', 'data': { 'username': name, 'till': local } }) pc.save() self.push_changes_event.set()
def forum_setpass(daan, user, password): creds = settings.FORUM_MYSQL_SECRET if not creds: logging.warning('forum: no credentials available, skipping') return None dc = MySQLdb.connect(creds[0], user=creds[1], passwd=creds[2], db=creds[3]) c = dc.cursor() salt = pseudo_randstr() h = hashlib.sha1(password).hexdigest() h = hashlib.sha1(salt + h).hexdigest() c.execute("UPDATE users SET password=%s, salt=%s WHERE username=%s;", (h, salt, user)) c.execute("COMMIT;") c.close() dc.close()
def apply_quassel_changes(daan, changes): if not changes: return db_path = os.path.join(settings.QUASSEL_CONFIGDIR, 'quassel-storage.sqlite') conn = sqlite3.connect(db_path) c = conn.cursor() for user in changes['remove']: logging.info('quassel: removing %s', user) c.execute("DELETE FROM quasseluser WHERE username=?", (user,)) for user in changes['add']: logging.info('quassel: adding %s', user) hashed_pw = hashlib.sha1(pseudo_randstr()).hexdigest() c.execute("INSERT INTO quasseluser(username, password) VALUES (?, ?)", (user, hashed_pw)) conn.commit()
def user_reset_password(request, _id): if 'secretariaat' not in request.user.cached_groups_names: raise PermissionDenied u = Es.by_id(_id).as_user() if not u.is_active: raise ValueError(_("Gebruiker is niet geactiveerd")) pwd = pseudo_randstr() u.set_password(pwd) giedo.change_password(str(u.name), pwd, pwd) render_then_email("leden/reset-password.mail.html", u, { 'user': u, 'password': pwd }) messages.info(request, _("Wachtwoord gereset!")) return redirect_to_referer(request)
def _sync_villanet(self): if not settings.VILLANET_SECRET_API_KEY: logging.warn("VILLANET_SECRET_API_KEY not set") return ret = self.villanet_request({'action': 'listUsers'}) if not ret[0]: return ret = json.loads(ret[1]) users = dict() ulut = dict() for u in Es.users(): ulut[u._id] = str(u.name) member_relations_grouped = dict() for rel in Es.query_relations(_with=Es.by_name('leden'), until=now()): if rel['who'] not in member_relations_grouped: member_relations_grouped[rel['who']] = [] member_relations_grouped[rel['who']].append(rel) for user_id, relations in member_relations_grouped.items(): latest = max(relations, key=lambda x: x['until']) users[ulut[user_id]] = latest['until'].strftime('%Y-%m-%d') vn = set(ret.keys()) kn = set(users.keys()) dt_max = settings.DT_MAX.strftime('%Y-%m-%d') for name in kn - vn: data = { 'username': name, 'password': self.villanet_encrypt_password( pseudo_randstr(16)), } if users[name] != dt_max: data['till'] = users[name] pc = Es.PushChange({'system': 'villanet', 'action': 'addUser', 'data': data}) pc.save() for name in vn - kn: logging.info("Stray user %s" % name) for name in vn & kn: remote = (ret[name]['till'][:10] if ret[name]['till'] is not None else '') local = users[name] if users[name] != dt_max else '' if remote != local: pc = Es.PushChange({'system': 'villanet', 'action': 'changeUser', 'data': { 'username': name, 'till': local }}) pc.save() self.push_changes_event.set()
def set_samba_map(cilia, _map): l = logging.getLogger(__name__) smbusers = pdbedit_list() smbusers_surplus = set(smbusers) added_users = False # Determine which are missing for user in _map['users']: # This filters accents fn = ''.join(x for x in _map['users'][user]['full_name'] if x in string.printable) if user not in smbusers: l.info("Added %s", user) bogus_password = pseudo_randstr(16) ph = subprocess.Popen( ['pdbedit', '-a', '-t', '-u', user, '-f', fn], stdin=subprocess.PIPE, stdout=subprocess.PIPE, stderr=subprocess.STDOUT, close_fds=True ) cmd_input = "%s\n%s\n" % (bogus_password, bogus_password) ph.communicate(cmd_input.encode()) added_users = True continue smbusers_surplus.remove(user) if fn != smbusers[user]['realname']: subprocess.call(['pdbedit', '-u', user, '-f', fn]) l.info("Updated %s' realname", user) if added_users: smbusers = pdbedit_list() for user in _map['users']: if (user in _map['groups']['leden'] and smbusers[user]['flag_disabled']): subprocess.call(['smbpasswd', '-e', user]) l.info("Enabled %s", user) if (user not in _map['groups']['leden'] and not smbusers[user]['flag_disabled']): subprocess.call(['smbpasswd', '-d', user]) l.info("Disabled %s", user) for user in smbusers_surplus: l.info("Removing stray user %s", user) subprocess.call(['pdbedit', '-x', '-u', user])
def user_reset_password(request, _id): if not 'secretariaat' in request.user.cached_groups_names: raise PermissionDenied u = Es.by_id(_id).as_user() pwd = pseudo_randstr() u.set_password(pwd) giedo.change_password(str(u.name), pwd, pwd) email = EmailMessage( "[KN] Nieuw wachtwoord", ("Beste %s,\n\n"+ "Jouw wachtwoord is gereset. Je kunt inloggen met:\n"+ " gebruikersnaam %s\n"+ " wachtwoord %s\n\n"+ "Met een vriendelijke groet,\n\n"+ " Het Karpe Noktem Smoelenboek") % ( u.first_name, str(u.name), pwd), 'Karpe Noktem\'s ledenadministratie <*****@*****.**>', [u.canonical_email]) email.send() request.user.push_message("Wachtwoord gereset!") return redirect_to_referer(request)
def set_samba_map(cilia, _map): l = logging.getLogger(__name__) smbusers = pdbedit_list() smbusers_surplus = set(smbusers) added_users = False # Determine which are missing for user in _map['users']: # This filters accents fn = filter(lambda x: x in string.printable, _map['users'][user]['full_name']) if user not in smbusers: l.info("Added %s", user) bogus_password = pseudo_randstr(16) ph = subprocess.Popen( ['pdbedit', '-a', '-t', '-u', user, '-f', fn], stdin=subprocess.PIPE, stdout=subprocess.PIPE, stderr=subprocess.STDOUT, close_fds=True) ph.communicate("%s\n%s\n" % (bogus_password, bogus_password)) added_users = True continue smbusers_surplus.remove(user) if fn != smbusers[user]['realname']: subprocess.call(['pdbedit', '-u', user, '-f', fn]) l.info("Updated %s' realname", user) if added_users: smbusers = pdbedit_list() for user in _map['users']: if (user in _map['groups']['leden'] and smbusers[user]['flag_disabled']): subprocess.call(['smbpasswd', '-e', user]) l.info("Enabled %s", user) if (user not in _map['groups']['leden'] and not smbusers[user]['flag_disabled']): subprocess.call(['smbpasswd', '-d', user]) l.info("Disabled %s", user) for user in smbusers_surplus: l.info("Removing stray user %s", user) subprocess.call(['pdbedit', '-x', '-u', user])
def secr_add_user(request): if "secretariaat" not in request.user.cached_groups_names: raise PermissionDenied if request.method == "POST": form = AddUserForm(request.POST) if form.is_valid(): fd = form.cleaned_data # First, create the entity. u = Es.User( { "types": ["user"], "names": [fd["username"]], "humanNames": [{"human": fd["first_name"] + " " + fd["last_name"]}], "person": { "titles": [], "nick": fd["first_name"], "given": None, "family": fd["last_name"], "gender": fd["gender"], "dateOfBirth": date_to_dt(fd["dateOfBirth"]), }, "emailAddresses": [{"email": fd["email"], "from": DT_MIN, "until": DT_MAX}], "addresses": [ { "street": fd["addr_street"], "number": fd["addr_number"], "zip": fd["addr_zip"], "city": fd["addr_city"], "from": DT_MIN, "until": DT_MAX, } ], "telephones": [{"number": fd["telephone"], "from": DT_MIN, "until": DT_MAX}], "studies": [ { "institute": _id(fd["study_inst"]), "study": _id(fd["study"]), "from": DT_MIN, "until": DT_MAX, "number": fd["study_number"], } ], "is_active": True, "password": None, } ) logging.info("Added user %s" % fd["username"]) u.save() # Then, add the relations. groups = ["leden"] groups.append({"m": "mannen", "v": "vrouwen"}.get(fd["gender"])) if fd["incasso"]: groups.append("incasso") else: groups.append("geen-incasso") for group in groups: Es.add_relation(u, Es.id_by_name(group, use_cache=True), _from=date_to_dt(fd["dateJoined"])) for l in fd["addToList"]: Es.add_relation(u, Es.id_by_name(l, use_cache=True), _from=now()) # Let giedo synch. to create the e-mail adresses, unix user, etc. # TODO use giedo.async() and let giedo send the welcome e-mail giedo.sync() # Create a new password and send it via e-mail pwd = pseudo_randstr() u.set_password(pwd) giedo.change_password(str(u.name), pwd, pwd) render_then_email("leden/set-password.mail.txt", u, {"user": u, "password": pwd}) # Send the welcome e-mail render_then_email("leden/welcome.mail.txt", u, {"u": u}) Es.notify_informacie("adduser", request.user, entity=u._id) return HttpResponseRedirect(reverse("user-by-name", args=(fd["username"],))) else: form = AddUserForm() return render_to_response("leden/secr_add_user.html", {"form": form}, context_instance=RequestContext(request))
def unix_setpass(cilia, user, password): # XXX Prevent changing root's password. Allow only users with group kn? crypthash = crypt.crypt(password, pseudo_randstr(2)) subprocess.call(['usermod', '-p', crypthash, user])
def secr_add_user(request): if 'secretariaat' not in request.user.cached_groups_names: raise PermissionDenied if request.method == 'POST': form = AddUserForm(request.POST) if form.is_valid(): fd = form.cleaned_data # First, create the entity. u = Es.User({ 'types': ['user'], 'names': [fd['username']], 'humanNames': [{ 'human': fd['first_name'] + ' ' + fd['last_name'] }], 'person': { 'titles': [], 'nick': fd['first_name'], 'given': None, 'family': fd['last_name'], 'dateOfBirth': date_to_dt(fd['dateOfBirth']) }, 'email': fd['email'], 'address': { 'street': fd['addr_street'], 'number': fd['addr_number'], 'zip': fd['addr_zip'], 'city': fd['addr_city'] }, 'telephone': fd['telephone'], 'studies': [{ 'institute': _id(fd['study_inst']), 'study': _id(fd['study']), 'from': DT_MIN, 'until': DT_MAX, 'number': fd['study_number'] }], 'is_active': True, 'password': None }) logging.info("Added user %s" % fd['username']) u.save() # Then, add the relations. groups = ['leden'] if fd['incasso']: groups.append('incasso') else: groups.append('geen-incasso') for group in groups: Es.add_relation(u, Es.id_by_name(group, use_cache=True), _from=date_to_dt(fd['dateJoined'])) for l in fd['addToList']: Es.add_relation(u, Es.id_by_name(l, use_cache=True), _from=now()) # Let giedo synch. to create the e-mail adresses, unix user, etc. # TODO use giedo.async() and let giedo send the welcome e-mail giedo.sync() # Create a new password and send it via e-mail pwd = pseudo_randstr() u.set_password(pwd) giedo.change_password(str(u.name), pwd, pwd) render_then_email("leden/set-password.mail.html", u, { 'user': u, 'password': pwd }) # Send the welcome e-mail render_then_email("leden/welcome.mail.html", u, {'u': u}) Es.notify_informacie('adduser', request.user, entity=u._id) return HttpResponseRedirect( reverse('user-by-name', args=(fd['username'], ))) else: form = AddUserForm() return render(request, 'leden/secr_add_user.html', {'form': form})
def secr_add_user(request): if 'secretariaat' not in request.user.cached_groups_names: raise PermissionDenied if request.method == 'POST': form = AddUserForm(request.POST) if form.is_valid(): fd = form.cleaned_data # First, create the entity. u = Es.User({ 'types': ['user'], 'names': [fd['username']], 'humanNames': [{'human': fd['first_name'] + ' ' + fd['last_name']}], 'person': { 'titles': [], 'nick': fd['first_name'], 'given': None, 'family': fd['last_name'], 'dateOfBirth': date_to_dt( fd['dateOfBirth']) }, 'emailAddresses': [ {'email': fd['email'], 'from': DT_MIN, 'until': DT_MAX}], 'addresses': [ {'street': fd['addr_street'], 'number': fd['addr_number'], 'zip': fd['addr_zip'], 'city': fd['addr_city'], 'from': DT_MIN, 'until': DT_MAX}], 'telephones': [ {'number': fd['telephone'], 'from': DT_MIN, 'until': DT_MAX}], 'studies': [ {'institute': _id(fd['study_inst']), 'study': _id(fd['study']), 'from': DT_MIN, 'until': DT_MAX, 'number': fd['study_number']}], 'is_active': True, 'password': None }) logging.info("Added user %s" % fd['username']) u.save() # Then, add the relations. groups = ['leden'] if fd['incasso']: groups.append('incasso') else: groups.append('geen-incasso') for group in groups: Es.add_relation(u, Es.id_by_name(group, use_cache=True), _from=date_to_dt(fd['dateJoined'])) for l in fd['addToList']: Es.add_relation(u, Es.id_by_name(l, use_cache=True), _from=now()) # Let giedo synch. to create the e-mail adresses, unix user, etc. # TODO use giedo.async() and let giedo send the welcome e-mail giedo.sync() # Create a new password and send it via e-mail pwd = pseudo_randstr() u.set_password(pwd) giedo.change_password(str(u.name), pwd, pwd) render_then_email("leden/set-password.mail.txt", u, { 'user': u, 'password': pwd}) # Send the welcome e-mail render_then_email("leden/welcome.mail.txt", u, { 'u': u}) Es.notify_informacie('adduser', request.user, entity=u._id) return HttpResponseRedirect(reverse('user-by-name', args=(fd['username'],))) else: form = AddUserForm() return render_to_response('leden/secr_add_user.html', {'form': form}, context_instance=RequestContext(request))