예제 #1
0
파일: ldap.py 프로젝트: pylanglois/uadm
def go(args = []):
    if len(args) < 2:
        msg = u"Missing parameter. Usage: uadm add ldap user|group"
        l().error(msg)
        send_error_report(msg)
        exit(1)
    else:
        command = str(args[1]).lower()
        if command == 'user':

            new_user = args[2] if len(args) >= 3 else None
            new_user = get_input_string("What is the new ldap username?", new_user)
            new_user_mail = get_input_string("What is %s email?" % new_user, '%s@%s' % (new_user, CONF_MAP['UADM_LDAP_DOMAIN']))  

            ldaphelper.get_cred()

            new_user_pass = ldaphelper.create_user(new_user, new_user_mail)
            send_report(unicode(
                                "\nHi,\n\n"
                                "A new user was created:\n\n"
                                "username: %(username)s\n"
                                "password: %(password)s\n" 
                                "\n\nUse it with care!!!" 
                                ""% 
                                    {
                                        'username':new_user,
                                        'password':new_user_pass,
                                    }
                                ), 
                        subject_prefix='New ldap user created.')

        elif command == 'group':

            new_group = args[2] if len(args) >= 3 else None
            new_group = get_input_string("What is the new ldap group name?", new_group)  

            ldaphelper.get_cred()

            ldaphelper.create_group(new_group)
예제 #2
0
파일: site.py 프로젝트: pylanglois/uadm
def go(args):
    mod_conf({
        "UADM_DISABLE_MAIL" : True,
    })

    mod_conf({
        'SITE_DOC_ROOT' : "/var/www",
        'SITE_VHOST_DIR' : "/etc/apache2/sites-available",
    }, override=False)
    
    admin_mail = CONF_MAP["UADM_TECH_EMAIL"]
    site_name = args[1] if len(args) > 1 else HOST_INFO["hostname"]
    add_www_redirect = 'n'
    use_auto_mount = 'y'

    create_ldap_user_group = 'Y'
    ldap_username = None
    ldap_useremail = None
    ldap_groupname = None

    create_unix_user_group = 'n'
    unix_username = None
    unix_groupname = None

    #Ask for admin mail
    admin_mail = get_input_string("What is the server admin email (yours)?", admin_mail)

    #Ask for site name
    site_name = get_input_string("What is the dns name of the new site?", site_name)
    if not is_valid_hostname(site_name):
        print "'%s' is not a valid hostname!!!" % site_name
        exit(1)
   
    #Ask for www redirect
    if not site_name.startswith("www."):
        add_www_redirect = get_input_choices("Do you want to redirect %s to www.%s automatically?" % (site_name, site_name), ['Y','n'])

    #Ask for group name
    if CONF_MAP['UADM_LDAP_AD']:
        create_ldap_user_group = get_input_choices("Create a default ldap user and group for this site?", ['Y','n'])
        if create_ldap_user_group == 'y':
            valid = False
            while not valid:
                ldap_username = get_input_string("What is the new ldap username?", gen_username())
                ldap_useremail = get_input_string("What is the new ldap user email?", '%s@%s' % (ldap_username, CONF_MAP['UADM_LDAP_DOMAIN']))
                ldap_groupname = get_input_string("What is the new ldap group name?", site_name)
                is_ugroup = unixhelper.is_unix_group(ldap_groupname)
                is_uuser = unixhelper.is_unix_user(ldap_username)
                if is_ugroup:
                    print "The unix group %s exists. Please choose another name." % ldap_groupname 
                if is_uuser:
                    print "The unix user %s exists. Please choose another name." % ldap_username
                valid = not is_ugroup and not is_uuser
            ldaphelper.get_cred()

    create_unix_user_group = get_input_choices("Create a default unix user and group for this site?", ['y','N'])
    if create_unix_user_group == 'y':
            valid = False
            while not valid:
                unix_username = get_input_string("What is the new unix username?", gen_username())
                unix_groupname = get_input_string("What is the new unix group name?", site_name)
                #check for ldap collision
                group_collision = unixhelper.is_notunix_group(unix_groupname) and ldap_groupname != unix_groupname 
                user_collision = unixhelper.is_notunix_user(unix_username) and ldap_username != unix_username 
                if group_collision :
                    print "The ldap group %s exists. Please choose another name." % unix_groupname 
                if user_collision:
                    print "The ldap user %s exists. Please choose another name." % unix_username
                valid = not user_collision and not group_collision

    #Ask for auto_mount
    use_auto_mount = get_input_choices("Do you want use auto mount in /home/user/%s?" % site_name, ['Y','n'])

    ready_to_go = """
    OK, ready to go. Are those info correct?

    admin_mail = %(admin_mail)s
    site_name = %(site_name)s
    add_www_redirect = %(add_www_redirect)s
    use_auto_mount = %(use_auto_mount)s
    create_ldap_user_group = %(create_ldap_user_group)s
    ldap_username = %(ldap_username)s 
    ldap_useremail = %(ldap_useremail)s
    ldap_groupname = %(ldap_groupname)s
    create_unix_user_group = %(create_unix_user_group)s
    unix_username = %(unix_username)s
    unix_groupname = %(unix_groupname)s

>>>""" % {
    "admin_mail": admin_mail,
    "site_name" : site_name,
    "add_www_redirect" : add_www_redirect,
    "use_auto_mount" : use_auto_mount,
    "create_ldap_user_group" : create_ldap_user_group,
    "create_unix_user_group" : create_unix_user_group,
    "ldap_username" : ldap_username,
    "ldap_useremail" : ldap_useremail,
    "ldap_groupname" : ldap_groupname,
    "unix_username" : unix_username,
    "unix_groupname" : unix_groupname,
    }

    ready = get_input_choices(ready_to_go, ['Y','n'])
    if ready == 'y':
        try:
            
            if create_ldap_user_group == 'y':
                if len(ldaphelper.search_entities("cn="+ldap_groupname)) == 0:
                    ldaphelper.create_group(ldap_groupname)

                if len(ldaphelper.search_entities("cn="+ldap_username)) == 0:
                    userpass = ldaphelper.create_user(ldap_username, ldap_useremail)
                    print userpass

                if not ldaphelper.is_member_of(ldap_username, ldap_groupname):
                    ldaphelper.user_to_group(ldap_username, ldap_groupname)

            if create_unix_user_group == 'y':
                if not unixhelper.group_exists(unix_groupname):
                    unixhelper.create_group(unix_groupname)

                if not unixhelper.user_exists(unix_username):
                    userpass = unixhelper.create_user(unix_username)
                    print userpass

                if not unixhelper.is_member_of(unix_username, unix_groupname):
                    unixhelper.user_to_group(unix_username, unix_groupname)
                
            vhost, logrotate, index, site_url = build_vhost(admin_mail, site_name, add_www_redirect)

            #Prep documentroot directory with ACLs
            root_dir = "%s/%s" % (CONF_MAP['SITE_DOC_ROOT'], site_url)
            cmd_list = [
                'mkdir -p %s/logs' % root_dir,
                'chown -R www-data:www-data %s' % root_dir,
                'setfacl -R    -m g:%s:rwx %s' % (unix_groupname, root_dir),
                'setfacl -R -d -m g:%s:rwx %s' % (unix_groupname, root_dir),
            ]

            if create_ldap_user_group == 'y':
                cmd_list.append('setfacl -R    -m g:%s:rwx %s' % (ldap_groupname, root_dir))
                cmd_list.append('setfacl -R -d -m g:%s:rwx %s' % (ldap_groupname, root_dir))

            if create_unix_user_group == 'y':
                cmd_list.append('setfacl -R    -m g:%s:rwx %s' % (unix_groupname, root_dir))
                cmd_list.append('setfacl -R -d -m g:%s:rwx %s' % (unix_groupname, root_dir))

            completed, ret_map = exec_cmd_list(cmd_list)
            if not completed:
                raise Exception("Error in ACL setup.")

            #Create index
            fname = "%s/index.html" % root_dir
            create_file(fname, index)

            #Create VirtualHost
            fname = "%s/%s" % (CONF_MAP['SITE_VHOST_DIR'], site_url)
            create_file(fname, vhost)

            #Create Logrotate
            fname = "%s/%s" % (CONF_MAP['UADM_LOGROTATE_DIR'], site_url)
            create_file(fname, logrotate)

            cmd_list = [
                str('a2ensite  %s' % site_url),
                str('apache2ctl graceful'),
            ]

            completed, ret_map = exec_cmd_list(cmd_list)
            if not completed:
                raise Exception("Error restarting apache!!!")

            if use_auto_mount == 'y':

                cmd_list = [
                    str('mkdir -p %s' % CONF_MAP['SITE_AUTO_MOUNT_DIR']),
                ]
                completed, ret_map = exec_cmd_list(cmd_list)
                if not completed:
                    exit(1)

                auto_mount_template = Template(open(get_rel_path("auto_mount_template.py")).read())
                auto_mount = auto_mount_template.safe_substitute(
                    template_site_name=site_name,
                    template_group_name=www_root_sec_group,
                )

                fname = "%s/%s" % (CONF_MAP['site_AUTO_MOUNT_DIR'], site_url.replace(".","_"))
                create_file(fname, auto_mount)

                cmd_list = [
                    str('chmod +x %s' % fname),
                ]
                completed, ret_map = exec_cmd_list(cmd_list)
                if not completed:
                    raise Exception("Error with chmod for automount.")

        except Exception as err:
            l().exception("Exception of fire! %s" % err)