class Instance(Base): def init(self): self.progress_state = Progress() @simple_response def dpkg_locked(self): """Do not execute join scripts when dpkg is running (e.g. via App Center) """ return self._dpkg_locked() def _dpkg_locked(self): fd = apt_pkg.get_lock('/var/lib/dpkg/lock') if fd == -1: return True else: os.close(fd) return False @simple_response def query(self): """collects status about join scripts""" # unjoined system? if not self._joined: return [] # List all join scripts files = {} for fname in os.listdir(INSTDIR): match = RE_JOINFILE.match(fname) if match: entry = match.groupdict() entry['configured'] = True entry['status'] = '1:%s' % (entry['prio']) files[entry['name']] = entry # check for unconfigured scripts process = subprocess.Popen(['/usr/sbin/univention-check-join-status'], shell=False, stdout=subprocess.PIPE) stdout, stderr = process.communicate() if process.returncode == 0: return files.values() for line in stdout.splitlines(): # is there a general error? match = RE_ERROR.match(line) if match and not line.startswith( 'Error: Not all install files configured'): raise UMC_Error(_('Error: %s') % match.groups()[0]) # unconfigured script match = RE_NOT_CONFIGURED.match(line) if match: name = match.groups()[0] if name not in files: # The joinscripts does not exists in the filesystem or has a invalid name MODULE.error( 'not existing join script or join script with invalid name mentioned in status file: %r' % (name, )) continue files[name]['configured'] = False files[name]['status'] = '0:%s' % (files[name]['prio'], ) return files.values() @simple_response def joined(self): return self._joined @simple_response def progress(self): return self.progress_state.poll() @simple_response def running(self): """ returns true if a join script is running. """ return self._running @simple_response def master(self): """ returns the hostname of the domaincontroller master as fqdn """ return get_master_dns_lookup() @property def _joined(self): return os.path.exists('/var/univention-join/joined') @property def _running(self): return os.path.exists(LOCKFILE) def _lock(self): try: open(LOCKFILE, 'a').close() except (IOError, OSError) as ex: MODULE.warn('_lock: %s' % (ex)) def _unlock(self): try: if self._running: os.unlink(LOCKFILE) except (IOError, OSError) as ex: MODULE.warn('_unlock: %s' % (ex)) def __del__(self): self._unlock() # TODO __finalize__? @simple_response def logview(self): """Returns the last 2MB of the join.log file""" with open(LOGFILE, 'rb') as fd: return fd.read(2097152).decode('utf-8', 'replace') @sanitize( username=StringSanitizer(required=True, minimum=1), password=StringSanitizer(required=True, minimum=1), hostname=HostSanitizer(required=True, regex_pattern=RE_HOSTNAME), ) def join(self, request): username, password, hostname = (request.options['username'], request.options['password'], request.options['hostname']) # Check if already a join process is running if self._running: raise UMC_Error(_('A join process is already running.')) # check for valid server role if ucr.get('server/role') == 'domaincontroller_master': raise UMC_Error( _('Invalid server role! A master domain controller can not be joined.' )) # check for dpkg lock if self._dpkg_locked(): raise UMC_Error( _('Currently, software is being installed or uninstalled. Join scripts should not be run right now.' )) def _thread(): self.progress_state.reset() self.progress_state.component = _('Domain join') self._lock() return system_join( hostname, username, password, info_handler=self.progress_state.info_handler, step_handler=self.progress_state.add_steps, error_handler=self.progress_state.error_handler, component_handler=self.progress_state.component_handler, critical_handler=self.progress_state.critical_handler, ) def _finished(thread, result): MODULE.info('Finished joining') self._unlock() self.progress_state.info = _('finished...') self.progress_state.finish() if isinstance(result, BaseException): msg = '%s\n%s: %s\n' % ( ''.join(traceback.format_tb(thread.exc_info[2])), thread.exc_info[0].__name__, str(thread.exc_info[1])) MODULE.warn('Exception during domain join: %s' % msg) self.progress_state.error_handler( _('An unexpected error occurred: %s') % result) # launch thread thread = notifier.threads.Simple('join', _thread, _finished) thread.run() request.status = 202 self.finished(request.id, True) @sanitize(username=StringSanitizer(required=False, minimum=1), password=StringSanitizer(required=False, minimum=1), scripts=ListSanitizer(required=True, min_elements=1), force=BooleanSanitizer(default=False)) def run(self, request): """runs the given join scripts""" # Check if already a join process is running if self._running: raise UMC_Error(_('A join process is already running.')) # check for dpkg lock if self._dpkg_locked(): raise UMC_Error( _('Currently, software is being installed or uninstalled. Join scripts should not be run right now.' )) scripts, username, password, force = (request.options['scripts'], request.options.get('username'), request.options.get('password'), request.options.get( 'force', False)) # sort scripts scripts.sort(key=lambda i: int(re.match('^(\d+)', i).group())) def _thread(): # reset progress state and lock against other join processes self.progress_state.reset() self.progress_state.component = _('Authentication') self._lock() return run_join_scripts( scripts, force, username, password, info_handler=self.progress_state.info_handler, step_handler=self.progress_state.add_steps, error_handler=self.progress_state.error_handler, component_handler=self.progress_state.component_handler, critical_handler=self.progress_state.critical_handler, ) def _finished(thread, result): MODULE.info('Finished running join scripts') self._unlock() self.progress_state.info = _('finished...') self.progress_state.finish() if isinstance(result, BaseException): msg = '%s\n%s: %s\n' % ( ''.join(traceback.format_tb(thread.exc_info[2])), thread.exc_info[0].__name__, str(thread.exc_info[1])) MODULE.warn('Exception during running join scripts: %s' % msg) self.progress_state.error_handler( _('An unexpected error occurred: %s') % result) # launch thread thread = notifier.threads.Simple('join', _thread, _finished) thread.run() # finish request request.status = 202 self.finished(request.id, True)
class Instance(umcm.Base, ProgressMixin): def init(self): os.umask( 0o022 ) # umc umask is too restrictive for app center as it creates a lot of files in docker containers self.ucr = ucr_instance() self.update_applications_done = False install_opener(self.ucr) self._is_working = False try: self.package_manager = PackageManager( info_handler=MODULE.process, step_handler=None, error_handler=MODULE.warn, lock=False, ) except SystemError as exc: MODULE.error(str(exc)) raise umcm.UMC_Error(str(exc), status=500) self.package_manager.set_finished( ) # currently not working. accepting new tasks get_package_manager._package_manager = self.package_manager # build cache _update_modules() get_action('list').get_apps() # not initialize here: error prone due to network errors and also kinda slow self._uu = None self._cm = None # in order to set the correct locale locale.setlocale(locale.LC_ALL, str(self.locale)) try: log_to_logfile() except IOError: pass # connect univention.appcenter.log to the progress-method handler = ProgressInfoHandler(self.package_manager) handler.setLevel(logging.INFO) get_base_logger().addHandler(handler) percentage = ProgressPercentageHandler(self.package_manager) percentage.setLevel(logging.DEBUG) get_base_logger().getChild('actions.install.progress').addHandler( percentage) get_base_logger().getChild('actions.upgrade.progress').addHandler( percentage) get_base_logger().getChild('actions.remove.progress').addHandler( percentage) def get_updater(self): if self._uu is None: self._uu = UniventionUpdater(False) return self._uu def get_component_manager(self): if self._cm is None: self._cm = ComponentManager(self.ucr, self.get_updater()) return self._cm def error_handling(self, etype, exc, etraceback): error_handling(etype, exc, etraceback) return super(Instance, self).error_handling(exc, etype, etraceback) @simple_response def version(self, version=None): info = get_action('info') ret = info.get_compatibility() if not info.is_compatible(version): raise umcm.UMC_Error( 'The App Center version of the requesting host is not compatible with the version of %s (%s)' % (get_local_fqdn(), ret)) return ret @sanitize( version=StringSanitizer(required=True), function=StringSanitizer(required=False), ) @simple_response def version2(self, version, function=None): info = get_action('info') return { 'compatible': info.is_compatible(version, function=function), 'version': info.get_ucs_version() } def _remote_appcenter(self, host, function=None): if host is None: raise ValueError('Cannot connect to None') if not host.endswith('.%s' % self.ucr.get('domainname')): raise ValueError('Only connect to FQDNs within the domain') info = get_action('info') opts = {'version': info.get_ucs_version()} if function is not None: opts['function'] = function try: client = Client(host, self.username, self.password) response = client.umc_command('appcenter/version2', opts) except (HTTPError) as exc: raise umcm.UMC_Error( _('Problems connecting to {0} ({1}). Please update {0}!'). format(host, exc.message)) except (ConnectionError, Exception) as exc: raise umcm.UMC_Error( _('Problems connecting to {} ({}).').format(host, str(exc))) err_msg = _( 'The App Center version of the this host ({}) is not compatible with the version of {} ({})' ).format(opts['version'], host, response.result.get('version')) # i guess this is kind of bad if response.status != 200: raise umcm.UMC_Error(err_msg) # remote says he is not compatible if response.result.get('compatible', True) is False: raise umcm.UMC_Error(err_msg) # i'm not compatible if not info.is_compatible(response.result.get('version')): raise umcm.UMC_Error(err_msg) return client @sanitize(apps=ListSanitizer(AppSanitizer(), required=True), action=ChoicesSanitizer(['install', 'upgrade', 'remove'], required=True)) @simple_response def resolve(self, apps, action): ret = {} ret['apps'] = resolve_dependencies(apps, action) ret['auto_installed'] = [ app.id for app in ret['apps'] if app.id not in [a.id for a in apps] ] apps = ret['apps'] ret['errors'], ret['warnings'] = check(apps, action) domain = get_action('domain') ret['apps'] = domain.to_dict(apps) ret['settings'] = {} self.ucr.load() for app in apps: ret['settings'][app.id] = self._get_config(app, action.title()) return ret @require_apps_update @require_password @sanitize( apps=ListSanitizer(AppSanitizer(), required=True), auto_installed=ListSanitizer(required=True), action=ChoicesSanitizer(['install', 'upgrade', 'remove'], required=True), hosts=DictSanitizer({}, required=True), settings=DictSanitizer({}, required=True), dry_run=BooleanSanitizer(), ) @simple_response(with_progress=True) def run(self, progress, apps, auto_installed, action, hosts, settings, dry_run): localhost = get_local_fqdn() ret = {} if dry_run: for host in hosts: _apps = [ next(app for app in apps if app.id == _app) for _app in hosts[host] ] if host == localhost: ret[host] = self._run_local_dry_run( _apps, action, {}, progress) else: try: ret[host] = self._run_remote_dry_run( host, _apps, action, auto_installed, {}, progress) except umcm.UMC_Error: ret[host] = {'unreachable': [app.id for app in _apps]} else: for app in apps: for host in hosts: if app.id not in hosts[host]: continue host_result = ret.get(host, {}) ret[host] = host_result _settings = {app.id: settings[app.id]} if host == localhost: host_result[app.id] = self._run_local( app, action, _settings, auto_installed, progress) else: host_result[app.id] = self._run_remote( host, app, action, auto_installed, _settings, progress)[app.id] if not host_result[app.id]['success']: break return ret def _run_local_dry_run(self, apps, action, settings, progress): if action == 'upgrade': apps = [Apps().find_candidate(app) or app for app in apps] if len(apps) == 1: progress.title = _('%s: Running tests') % apps[0].name else: progress.title = _('%d Apps: Running tests') % len(apps) ret = {} ret['errors'], ret['warnings'] = check(apps, action) ret['errors'].pop('must_have_no_unmet_dependencies', None) # has to be resolved prior to this call! action = get_action(action)() ret['packages'] = {} for app in apps: args = action._build_namespace( app=[app], dry_run=True, install_master_packages_remotely=False, only_master_packages=False) result = action.dry_run(app, args) if result is not None: ret['packages'][app.id] = result return ret def _run_local(self, app, action, settings, auto_installed, progress): kwargs = { 'noninteractive': True, 'auto_installed': auto_installed, 'skip_checks': [ 'shall_have_enough_ram', 'shall_only_be_installed_in_ad_env_with_password_service', 'must_not_have_concurrent_operation' ], } if settings.get(app.id): kwargs['set_vars'] = settings[app.id] if action == 'install': progress.title = _('Installing %s') % (app.name, ) elif action == 'remove': progress.title = _('Uninstalling %s') % (app.name, ) elif action == 'upgrade': progress.title = _('Upgrading %s') % (app.name, ) action = get_action(action) handler = UMCProgressHandler(progress) handler.setLevel(logging.INFO) action.logger.addHandler(handler) try: package_manager = get_package_manager() with package_manager.no_umc_restart(exclude_apache=True): success = action.call(app=[app], username=self.username, password=self.password, **kwargs) return {'success': success} except AppCenterError as exc: raise umcm.UMC_Error(str(exc), result=dict(display_feedback=True, title='%s %s' % (exc.title, exc.info))) finally: action.logger.removeHandler(handler) def _run_remote_dry_run(self, host, apps, action, auto_installed, settings, progress): return self._run_remote_logic(host, apps, action, auto_installed, settings, progress, dry_run=True) def _run_remote(self, host, app, action, auto_installed, settings, progress): return self._run_remote_logic(host, [app], action, auto_installed, settings, progress, dry_run=False) def _run_remote_logic(self, host, apps, action, auto_installed, settings, progress, dry_run): if len(apps) == 1: progress.title = _('%s: Connecting to %s') % (apps[0].name, host) else: progress.title = _('%d Apps: Connecting to %s') % (len(apps), host) client = self._remote_appcenter(host, function='appcenter/run') opts = { 'apps': [str(app) for app in apps], 'auto_installed': auto_installed, 'action': action, 'hosts': { host: [app.id for app in apps] }, 'settings': settings, 'dry_run': dry_run } progress_id = client.umc_command('appcenter/run', opts).result['id'] while True: result = client.umc_command('appcenter/progress', { 'progress_id': progress_id }).result if result['finished']: return result['result'][host] progress.title = result['title'] progress.intermediate.extend(result['intermediate']) progress.message = result['message'] time.sleep(result['retry_after'] / 1000.0) @simple_response def query(self, quick=False): query_cache_file = '/var/cache/univention-appcenter/umc-query.json' if quick: try: with open(query_cache_file) as fd: return json.load(fd) except (EnvironmentError, ValueError) as exc: MODULE.error('Error returning cached query: %s' % exc) return [] self.update_applications() self.ucr.load() reload_package_manager() list_apps = get_action('list') domain = get_action('domain') apps = list_apps.get_apps() if self.ucr.is_true('appcenter/docker', True): if not self._test_for_docker_service(): raise umcm.UMC_Error( _('The docker service is not running! The App Center will not work properly.' ) + ' ' + _('Make sure docker.io is installed, try starting the service with "service docker start".' )) info = domain.to_dict(apps) with open(query_cache_file, 'w') as fd: json.dump(info, fd) return info def update_applications(self): if self.ucr.is_true('appcenter/umc/update/always', True): update = get_action('update') try: update.call() except NetworkError as err: raise umcm.UMC_Error(str(err)) except Abort: pass self.update_applications_done = True def _test_for_docker_service(self): if docker_bridge_network_conflict(): msg = _( 'A conflict between the system network settings and the docker bridge default network has been detected.' ) + '\n\n' msg += _( 'Please either configure a different network for the docker bridge by setting the UCR variable docker/daemon/default/opts/bip to a different network and restart the system,' ) + ' ' msg += _( 'or disable the docker support in the AppCenter by setting appcenter/docker to false.' ) raise umcm.UMC_Error(msg) if not docker_is_running(): MODULE.warn('Docker is not running! Trying to start it now...') call_process(['invoke-rc.d', 'docker', 'start']) if not docker_is_running(): return False return True @simple_response def suggestions(self, version): try: cache = AppCenterCache.build(server=default_server()) cache_file = cache.get_cache_file('.suggestions.json') with open(cache_file) as fd: json = load(fd) except (EnvironmentError, ValueError): raise umcm.UMC_Error(_('Could not load suggestions.')) else: try: return json[version] except (KeyError, AttributeError): raise umcm.UMC_Error(_('Unexpected suggestions data.')) @simple_response def enable_docker(self): if self._test_for_docker_service(): ucr_save({'appcenter/docker': 'enabled'}) else: raise umcm.UMC_Error( _('Unable to start the docker service!') + ' ' + _('Make sure docker.io is installed, try starting the service with "service docker start".' )) @require_apps_update @require_password @simple_response(with_progress=True) def sync_ldap(self): register = get_action('register') register.call(username=self.username, password=self.password) # used in updater-umc @simple_response def get_by_component_id(self, component_id): domain = get_action('domain') if isinstance(component_id, list): requested_apps = [ Apps().find_by_component_id(cid) for cid in component_id ] return domain.to_dict(requested_apps) else: app = Apps().find_by_component_id(component_id) if app: return domain.to_dict([app])[0] else: raise umcm.UMC_Error( _('Could not find an application for %s') % component_id) # used in updater-umc @simple_response def app_updates(self): upgrade = get_action('upgrade') domain = get_action('domain') return domain.to_dict(list(upgrade.iter_upgradable_apps())) @sanitize(application=StringSanitizer(minimum=1, required=True)) @simple_response def get(self, application): list_apps = get_action('list') domain = get_action('domain') apps = list_apps.get_apps() for app in apps: if app.id == application: break else: app = None if app is None: raise umcm.UMC_Error( _('Could not find an application for %s') % (application, )) return domain.to_dict([app])[0] @sanitize(app=AppSanitizer(required=True)) @simple_response def config(self, app, phase): self.ucr.load() return self._get_config(app, phase) def _get_config(self, app, phase): autostart = self.ucr.get('%s/autostart' % app.id, 'yes') is_running = app_is_running(app) values = {} for setting in app.get_settings(): if phase in setting.show or phase in setting.show_read_only: value = setting.get_value(app, phase) if isinstance(setting, FileSetting) and not isinstance( setting, PasswordFileSetting): if value: value = b64encode( value.encode('utf-8')).decode('ascii') values[setting.name] = value return { 'autostart': autostart, 'is_running': is_running, 'values': values, } @sanitize(app=AppSanitizer(required=True), values=DictSanitizer({})) @simple_response(with_progress=True) def configure(self, progress, app, values, autostart=None): for setting in app.get_settings(): if isinstance(setting, FileSetting) and not isinstance( setting, PasswordFileSetting): if values.get(setting.name): values[setting.name] = b64decode( values[setting.name]).decode('utf-8') configure = get_action('configure') handler = UMCProgressHandler(progress) handler.setLevel(logging.INFO) configure.logger.addHandler(handler) try: return configure.call(app=app, set_vars=values, autostart=autostart) finally: configure.logger.removeHandler(handler) @sanitize(app=AppSanitizer(required=True), mode=ChoicesSanitizer(['start', 'stop'])) @simple_response def app_service(self, app, mode): service = get_action(mode) service.call(app=app) @sanitize(app=AppSanitizer(required=False), action=ChoicesSanitizer(['get', 'buy', 'search', 'vote']), value=StringSanitizer()) @simple_response def track(self, app, action, value): send_information(action, app=app, value=value) @contextmanager def locked(self): try: if self._working(): raise LockError() with package_lock(): yield except LockError: raise umcm.UMC_Error(_('Another package operation is in progress')) def _install_master_packages_on_hosts(self, app, function): if function.startswith('upgrade'): remote_function = 'update-schema' else: remote_function = 'install-schema' master_packages = app.default_packages_master if not master_packages: return hosts = find_hosts_for_master_packages() all_hosts_count = len(hosts) package_manager = get_package_manager() package_manager.set_max_steps( all_hosts_count * 200) # up to 50% if all hosts are installed # maybe we already installed local packages (on master) if self.ucr.get('server/role') == 'domaincontroller_master': # TODO: set_max_steps should reset _start_steps. need function like set_start_steps() package_manager.progress_state._start_steps = all_hosts_count * 100 for host, host_is_master in hosts: package_manager.progress_state.info( _('Installing LDAP packages on %s') % host) try: if not self._install_master_packages_on_host( app, remote_function, host): error_message = 'Unable to install %r on %s. Check /var/log/univention/management-console-module-appcenter.log on the host and this server. All errata updates have been installed on %s?' % ( master_packages, host, host) raise Exception(error_message) except Exception as e: MODULE.error('%s: %s' % (host, e)) if host_is_master: role = 'Primary Directory Node' else: role = 'Backup Directory Node' # ATTENTION: This message is not localised. It is parsed by the frontend to markup this message! If you change this message, be sure to do the same in AppCenterPage.js package_manager.progress_state.error( 'Installing extension of LDAP schema for %s seems to have failed on %s %s' % (app.component_id, role, host)) if host_is_master: raise # only if host_is_master! finally: package_manager.add_hundred_percent() def _install_master_packages_on_host(self, app, function, host): client = Client(host, self.username, self.password) result = client.umc_command( 'appcenter/invoke', { 'function': function, 'application': app.id, 'force': True, 'dont_remote_install': True }).result if result['can_continue']: all_errors = self._query_remote_progress(client) return len(all_errors) == 0 else: MODULE.warn('%r' % result) return False def _install_dry_run_remote(self, app, function, dont_remote_install, force): MODULE.process('Invoke install_dry_run_remote') self.ucr.load() if function.startswith('upgrade'): remote_function = 'update-schema' else: remote_function = 'install-schema' master_packages = app.default_packages_master # connect to Primary/Backup Nodes unreachable = [] hosts_info = {} remote_info = { 'master_unreachable': False, 'problems_with_hosts': False, 'serious_problems_with_hosts': False, } dry_run_threads = [] info = get_action('info') if master_packages and not dont_remote_install: hosts = find_hosts_for_master_packages() # checking remote host is I/O heavy, so use threads # "global" variables: unreachable, hosts_info, remote_info def _check_remote_host(app_id, host, host_is_master, username, password, force, remote_function): MODULE.process('Starting dry_run for %s on %s' % (app_id, host)) MODULE.process('%s: Connecting...' % host) try: client = Client(host, username, password) except (ConnectionError, HTTPError) as exc: MODULE.warn('_check_remote_host: %s: %s' % (host, exc)) unreachable.append(host) if host_is_master: remote_info['master_unreachable'] = True else: MODULE.process('%s: ... done' % host) host_info = {} MODULE.process('%s: Getting version...' % host) try: host_version = client.umc_command( 'appcenter/version', { 'version': info.get_compatibility() }).result except Forbidden: # command is not yet known (older app center) MODULE.process('%s: ... forbidden!' % host) host_version = None except (ConnectionError, HTTPError) as exc: MODULE.warn('%s: Could not get appcenter/version: %s' % (host, exc)) raise except Exception as exc: MODULE.error('%s: Exception: %s' % (host, exc)) raise MODULE.process('%s: ... done' % host) host_info['compatible_version'] = info.is_compatible( host_version) MODULE.process('%s: Invoking %s ...' % (host, remote_function)) try: host_info['result'] = client.umc_command( 'appcenter/invoke_dry_run', { 'function': remote_function, 'application': app_id, 'force': force, 'dont_remote_install': True, }).result except Forbidden: # command is not yet known (older app center) MODULE.process('%s: ... forbidden!' % host) host_info['result'] = { 'can_continue': False, 'serious_problems': False } except (ConnectionError, HTTPError) as exc: MODULE.warn('Could not get appcenter/version: %s' % (exc, )) raise MODULE.process('%s: ... done' % host) if not host_info['compatible_version'] or not host_info[ 'result']['can_continue']: remote_info['problems_with_hosts'] = True if host_info['result'][ 'serious_problems'] or not host_info[ 'compatible_version']: remote_info['serious_problems_with_hosts'] = True hosts_info[host] = host_info MODULE.process('Finished dry_run for %s on %s' % (app_id, host)) for host, host_is_master in hosts: thread = Thread(target=_check_remote_host, args=(app.id, host, host_is_master, self.username, self.password, force, remote_function)) thread.start() dry_run_threads.append(thread) result = {} for thread in dry_run_threads: thread.join() MODULE.process('All %d threads finished' % (len(dry_run_threads))) result['unreachable'] = unreachable result['hosts_info'] = hosts_info result.update(remote_info) return result def _query_remote_progress(self, client): all_errors = set() number_failures = 0 number_failures_max = 20 host = client.hostname while True: try: result = client.umc_command('appcenter/progress').result except (ConnectionError, HTTPError) as exc: MODULE.warn('%s: appcenter/progress returned an error: %s' % (host, exc)) number_failures += 1 if number_failures >= number_failures_max: MODULE.error( '%s: Remote App Center cannot be contacted for more than %d seconds. Maybe just a long Apache Restart? Presume failure! Check logs on remote machine, maybe installation was successful.' % number_failures_max) return False time.sleep(1) continue else: # everything okay. reset "timeout" number_failures = 0 MODULE.info('Result from %s: %r' % (host, result)) info = result['info'] steps = result['steps'] errors = ['%s: %s' % (host, error) for error in result['errors']] if info: self.package_manager.progress_state.info(info) if steps: steps = float( steps ) # bug in package_manager in 3.1-0: int will result in 0 because of division and steps < max_steps self.package_manager.progress_state.percentage(steps) for error in errors: if error not in all_errors: self.package_manager.progress_state.error(error) all_errors.add(error) if result['finished'] is True: break time.sleep(0.1) return all_errors def keep_alive(self, request): ''' Fix for Bug #30611: UMC kills appcenter module if no request is sent for $(ucr get umc/module/timeout). this happens if a user logs out during a very long installation. this function will be run by the frontend to always have one connection open to prevent killing the module. ''' def _thread(): while self._working(): time.sleep(1) def _finished(thread, result): success = not isinstance(result, BaseException) if not success: MODULE.warn('Exception during keep_alive: %s' % result) self.finished(request.id, success) thread = notifier.threads.Simple('keep_alive', notifier.Callback(_thread), _finished) thread.run() @simple_response def ping(self): return True @simple_response def buy(self, application): app = Apps().find(application) if not app or not app.shop_url: return None ret = {} ret['key_id'] = self.ucr.get('license/uuid') ret['ucs_version'] = self.ucr.get('version/version') ret['app_id'] = app.id ret['app_version'] = app.version # ret['locale'] = locale.getlocale()[0] # done by frontend ret['user_count'] = None # FIXME: get users and computers from license ret['computer_count'] = None return ret @simple_response def enable_disable_app(self, application, enable=True): app = Apps().find(application) if not app: return stall = get_action('stall') stall.call(app=app, undo=enable) @simple_response def packages_sections(self): """ fills the 'sections' combobox in the search form """ sections = set() cache = apt.Cache() for package in cache: sections.add(package.section) return sorted(sections) @sanitize(pattern=PatternSanitizer(required=True)) @simple_response def packages_query(self, pattern, section='all', key='package'): """ Query to fill the grid. Structure is fixed here. """ result = [] for package in self.package_manager.packages(reopen=True): if section == 'all' or package.section == section: toshow = False if pattern.pattern == '^.*$': toshow = True elif key == 'package' and pattern.search(package.name): toshow = True elif key == 'description' and package.candidate and pattern.search( package.candidate.raw_description): toshow = True if toshow: result.append(self._package_to_dict(package, full=False)) return result @simple_response def packages_get(self, package): """ retrieves full properties of one package """ package = self.package_manager.get_package(package) if package is not None: return self._package_to_dict(package, full=True) else: # TODO: 404? return {} @sanitize(function=MappingSanitizer( { 'install': 'install', 'upgrade': 'install', 'uninstall': 'remove', }, required=True), packages=ListSanitizer(StringSanitizer(minimum=1), required=True), update=BooleanSanitizer()) @simple_response def packages_invoke_dry_run(self, packages, function, update): if update: self.package_manager.update() packages = self.package_manager.get_packages(packages) kwargs = {'install': [], 'remove': [], 'dry_run': True} if function == 'install': kwargs['install'] = packages else: kwargs['remove'] = packages return dict( zip(['install', 'remove', 'broken'], self.package_manager.mark(**kwargs))) @sanitize(function=MappingSanitizer( { 'install': 'install', 'upgrade': 'install', 'uninstall': 'remove', }, required=True), packages=ListSanitizer(StringSanitizer(minimum=1), required=True)) def packages_invoke(self, request): """ executes an installer action """ packages = request.options.get('packages') function = request.options.get('function') try: if self._working(): # make it multi-tab safe (same session many buttons to be clicked) raise LockError() with self.package_manager.locked(reset_status=True): not_found = [ pkg_name for pkg_name in packages if self.package_manager.get_package(pkg_name) is None ] self.finished(request.id, {'not_found': not_found}) if not not_found: def _thread(package_manager, function, packages): with package_manager.locked(set_finished=True): with package_manager.no_umc_restart( exclude_apache=True): if function == 'install': package_manager.install(*packages) else: package_manager.uninstall(*packages) def _finished(thread, result): if isinstance(result, BaseException): MODULE.warn('Exception during %s %s: %r' % (function, packages, str(result))) thread = notifier.threads.Simple( 'invoke', notifier.Callback(_thread, self.package_manager, function, packages), _finished) thread.run() else: self.package_manager.set_finished( ) # nothing to do, ready to take new commands except LockError: # make it thread safe: another process started a package manager # this module instance already has a running package manager raise umcm.UMC_Error(_('Another package operation is in progress')) @contextmanager def is_working(self): self._is_working = True yield self._is_working = False def _working(self): return self._is_working or os.path.exists( LOCK_FILE) or not self.package_manager.progress_state._finished @simple_response def working(self): # TODO: PackageManager needs is_idle() or something # preferably the package_manager can tell what is currently executed: # package_manager.is_working() => False or _('Installing PKG') return self._working() @simple_response def custom_progress(self): timeout = 5 ret = self.package_manager.poll(timeout) ret['finished'] = not self._working() return ret def _package_to_dict(self, package, full): """ Helper that extracts properties from a 'apt_pkg.Package' object and stores them into a dictionary. Depending on the 'full' switch, stores only limited (for grid display) or full (for detail view) set of properties. """ installed = package.installed # may be None found = True candidate = package.candidate found = candidate is not None if not found: candidate = NoneCandidate() result = { 'package': package.name, 'installed': package.is_installed, 'upgradable': package.is_upgradable and found, 'summary': candidate.summary, } # add (and translate) a combined status field # *** NOTE *** we translate it here: if we would use the Custom Formatter # of the grid then clicking on the sort header would not work. if package.is_installed: if package.is_upgradable: result['status'] = _('upgradable') else: result['status'] = _('installed') else: result['status'] = _('not installed') # additional fields needed for detail view if full: # Some fields differ depending on whether the package is installed or not: if package.is_installed: result['section'] = installed.section result['priority'] = installed.priority or '' result['summary'] = installed.summary # take the current one result['description'] = installed.description result['installed_version'] = installed.version result['size'] = installed.installed_size if package.is_upgradable: result['candidate_version'] = candidate.version else: del result[ 'upgradable'] # not installed: don't show 'upgradable' at all result['section'] = candidate.section result['priority'] = candidate.priority or '' result['description'] = candidate.description result['size'] = candidate.installed_size result['candidate_version'] = candidate.version # format size to handle bytes size = result['size'] byte_mods = ['B', 'kB', 'MB'] for byte_mod in byte_mods: if size < 10000: break size = float(size) / 1000 # MB, not MiB else: size = size * 1000 # once too often if size == int(size): format_string = '%d %s' else: format_string = '%.2f %s' result['size'] = format_string % (size, byte_mod) return result @simple_response def components_query(self): """ Returns components list for the grid in the ComponentsPage. """ # be as current as possible. self.get_updater().ucr_reinit() self.ucr.load() return [ self.get_component_manager().component(comp.name) for comp in self.get_updater().get_components(all=True) ] @sanitize_list(StringSanitizer()) @multi_response(single_values=True) def components_get(self, iterator, component_id): # be as current as possible. self.get_updater().ucr_reinit() self.ucr.load() for component_id in iterator: yield self.get_component_manager().component(component_id) @sanitize_list(DictSanitizer({'object': advanced_components_sanitizer})) @multi_response def components_put(self, iterator, object): """Writes back one or more component definitions. """ # umc.widgets.Form wraps the real data into an array: # # [ # { # 'object' : { ... a dict with the real data .. }, # 'options': None # }, # ... more such entries ... # ] # # Current approach is to return a similarly structured array, # filled with elements, each one corresponding to one array # element of the request: # # [ # { # 'status' : a number where 0 stands for success, anything else # is an error code # 'message' : a result message # 'object' : a dict of field -> error message mapping, allows # the form to show detailed error information # }, # ... more such entries ... # ] with set_save_commit_load(self.ucr) as super_ucr: for object, in iterator: yield self.get_component_manager().put(object, super_ucr) self.package_manager.update() # do the same as components_put (update) # but don't allow adding an already existing entry components_add = sanitize_list( DictSanitizer({'object': add_components_sanitizer}))(components_put) components_add.__name__ = 'components_add' @sanitize_list(StringSanitizer()) @multi_response(single_values=True) def components_del(self, iterator, component_id): for component_id in iterator: yield self.get_component_manager().remove(component_id) self.package_manager.update() @multi_response def settings_get(self, iterator): # *** IMPORTANT *** Our UCR copy must always be current. This is not only # to catch up changes made via other channels (ucr command line etc), # but also to reflect the changes we have made ourselves! self.ucr.load() for _ in iterator: yield { 'unmaintained': self.ucr.is_true('repository/online/unmaintained', False), 'server': self.ucr.get('repository/online/server', ''), 'prefix': self.ucr.get('repository/online/prefix', ''), } @sanitize_list( DictSanitizer({'object': basic_components_sanitizer}), min_elements=1, max_elements=1 # moduleStore with one element... ) @multi_response def settings_put(self, iterator, object): # FIXME: returns values although it should yield (multi_response) changed = False # Set values into our UCR copy. try: with set_save_commit_load(self.ucr) as super_ucr: for object, in iterator: for key, value in object.items(): MODULE.info( " ++ Setting new value for '%s' to '%s'" % (key, value)) super_ucr.set_registry_var( '%s/%s' % (ONLINE_BASE, key), value) changed = super_ucr.changed() except Exception as e: MODULE.warn(" !! Writing UCR failed: %s" % str(e)) return [{'message': str(e), 'status': PUT_WRITE_ERROR}] self.package_manager.update() # Bug #24878: emit a warning if repository is not reachable try: updater = self.get_updater() for line in updater.print_version_repositories().split('\n'): if line.strip(): break else: raise ConfigurationError() except ConfigurationError: msg = _( "There is no repository at this server (or at least none for the current UCS version)" ) MODULE.warn(" !! Updater error: %s" % msg) response = {'message': msg, 'status': PUT_UPDATER_ERROR} # if nothing was committed, we want a different type of error code, # just to appropriately inform the user if changed: response['status'] = PUT_UPDATER_NOREPOS return [response] except BaseException as ex: MODULE.warn(" !! Updater error: %s" % (ex, )) return [{'message': str(ex), 'status': PUT_UPDATER_ERROR}] return [{'status': PUT_SUCCESS}]
def sanitize_reports_create(self, request): choices = self.reports_cfg.get_report_names(request.flavor) return dict( report=ChoicesSanitizer(choices=choices, required=True), objects=ListSanitizer(DNSanitizer(minimum=1), required=True, min_elements=1) )
class Instance(SchoolBaseModule): @sanitize( school=SchoolSanitizer(required=True), pattern=StringSanitizer(default=''), ) @LDAP_Connection() def users(self, request, ldap_user_read=None, ldap_position=None): # parse group parameter group = request.options.get('group') user_type = None if not group or group == 'None': group = None elif group.lower() in ('teacher', 'student'): user_type = group.lower() group = None result = [{ 'id': i.dn, 'label': Display.user(i) } for i in self._users(ldap_user_read, request.options['school'], group=group, user_type=user_type, pattern=request.options['pattern'])] self.finished(request.id, result) @sanitize(pattern=StringSanitizer(default=''), school=SchoolSanitizer(required=True)) @LDAP_Connection() def query(self, request, ldap_user_read=None, ldap_position=None): klasses = [get_group_class(request)] if klasses[0] is Teacher: klasses.append(TeachersAndStaff) groups = [] for klass in klasses: groups.extend( klass.get_all(ldap_user_read, request.options['school'], filter_str=request.options['pattern'], easy_filter=True)) self.finished(request.id, [group.to_dict() for group in groups]) @sanitize(StringSanitizer(required=True)) @LDAP_Connection() def get(self, request, ldap_user_read=None, ldap_position=None): klass = get_group_class(request) for group_dn in request.options: break try: group = klass.from_dn(group_dn, None, ldap_user_read) except udm_exceptions.noObject: raise UMC_Error('unknown object') school = group.school result = group.to_dict() if request.flavor == 'teacher': classes = SchoolClass.get_all(ldap_user_read, school, filter_str=filter_format( 'uniqueMember=%s', (group_dn, ))) result['classes'] = [{ 'id': class_.dn, 'label': class_.get_relative_name() } for class_ in classes] self.finished(request.id, [result]) return result['members'] = self._filter_members(request, group, result.pop('users', []), ldap_user_read) self.finished(request.id, [ result, ]) @staticmethod def _filter_members(request, group, users, ldap_user_read=None): members = [] for member_dn in users: try: user = User.from_dn(member_dn, None, ldap_user_read) except udm_exceptions.noObject: MODULE.process( 'Could not open (foreign) user %r: no permissions/does not exists/not a user' % (member_dn, )) continue if not user.schools or not set(user.schools) & {group.school}: continue if request.flavor == 'class' and not user.is_teacher( ldap_user_read): continue # only display teachers elif request.flavor == 'workgroup' and not user.is_student( ldap_user_read): continue # only display students elif request.flavor == 'workgroup-admin' and not user.is_student( ldap_user_read) and not user.is_administrator( ldap_user_read) and not user.is_staff( ldap_user_read) and not user.is_teacher( ldap_user_read): continue # only display school users members.append({ 'id': user.dn, 'label': Display.user(user.get_udm_object(ldap_user_read)) }) return members @sanitize(DictSanitizer(dict(object=DictSanitizer({}, required=True)))) @LDAP_Connection(USER_READ, MACHINE_WRITE) def put(self, request, ldap_machine_write=None, ldap_user_read=None, ldap_position=None): """Returns the objects for the given IDs requests.options = [ { object : ..., options : ... }, ... ] return: True|<error message> """ if request.flavor == 'teacher': request.options = request.options[0]['object'] return self.add_teacher_to_classes(request) klass = get_group_class(request) for group_from_umc in request.options: group_from_umc = group_from_umc['object'] group_from_umc_dn = group_from_umc['$dn$'] break try: group_from_ldap = klass.from_dn(group_from_umc_dn, None, ldap_machine_write) except udm_exceptions.noObject: raise UMC_Error('unknown group object') old_members = self._filter_members(request, group_from_ldap, group_from_ldap.users, ldap_user_read) removed_members = set(o['id'] for o in old_members) - set( group_from_umc['members']) MODULE.info('Modifying group "%s" with members: %s' % (group_from_ldap.dn, group_from_ldap.users)) MODULE.info('New members: %s' % group_from_umc['members']) MODULE.info('Removed members: %s' % (removed_members, )) if request.flavor == 'workgroup-admin': # do not allow groups to be renamed in order to avoid conflicts with shares # grp.name = '%(school)s-%(name)s' % group group_from_ldap.description = group_from_umc['description'] # Workgroup admin view → update teachers, admins, students, (staff) # Class view → update only the group's teachers (keep all non teachers) # Workgroup teacher view → update only the group's students users = [] # keep specific users from the group for userdn in group_from_ldap.users: try: user = User.from_dn(userdn, None, ldap_machine_write) except udm_exceptions.noObject: # no permissions/is not a user/does not exists → keep the old value users.append(userdn) continue if not user.schools or not set(user.schools) & set( [group_from_ldap.school]): users.append(userdn) continue if (request.flavor == 'class' and not user.is_teacher(ldap_machine_write)) or ( request.flavor == 'workgroup' and not user.is_student(ldap_machine_write) ) or request.flavor == 'workgroup-admin': users.append(userdn) # add only certain users to the group for userdn in group_from_umc['members']: try: user = User.from_dn(userdn, None, ldap_machine_write) except udm_exceptions.noObject as exc: MODULE.error('Not adding not existing user %r to group: %r.' % (userdn, exc)) continue if not user.schools or not set(user.schools) & set( [group_from_ldap.school]): raise UMC_Error( _('User %s does not belong to school %r.') % (Display.user(user.get_udm_object(ldap_machine_write)), group_from_ldap.school)) if request.flavor == 'workgroup-admin' and not user.is_student( ldap_machine_write) and not user.is_administrator( ldap_machine_write) and not user.is_staff( ldap_machine_write) and not user.is_teacher( ldap_machine_write): raise UMC_Error( _('User %s does not belong to school %r.') % (Display.user(user.get_udm_object(ldap_machine_write)), group_from_ldap.school)) if request.flavor == 'class' and not user.is_teacher( ldap_machine_write): raise UMC_Error( _('User %s is not a teacher.') % (Display.user(user.get_udm_object(ldap_machine_write)), )) if request.flavor == 'workgroup' and not user.is_student( ldap_machine_write): raise UMC_Error( _('User %s is not a student.') % (Display.user(user.get_udm_object(ldap_machine_write)), )) users.append(user.dn) group_from_ldap.users = list(set(users) - removed_members) try: success = group_from_ldap.modify(ldap_machine_write) MODULE.info('Modified, group has now members: %s' % (group_from_ldap.users, )) except udm_exceptions.base as exc: MODULE.process('An error occurred while modifying "%s": %s' % (group_from_umc['$dn$'], exc.message)) raise UMC_Error(_('Failed to modify group (%s).') % exc.message) self.finished(request.id, success) @sanitize(DictSanitizer(dict(object=DictSanitizer({}, required=True)))) @only_workgroup_admin @LDAP_Connection(USER_READ, USER_WRITE) def add(self, request, ldap_user_write=None, ldap_user_read=None, ldap_position=None): for group in request.options: group = group['object'] break try: grp = {} grp['school'] = group['school'] grp['name'] = '%(school)s-%(name)s' % group grp['description'] = group['description'] grp['users'] = group['members'] grp = WorkGroup(**grp) success = grp.create(ldap_user_write) if not success and grp.exists(ldap_user_read): raise UMC_Error( _('The workgroup %r already exists!') % grp.name) except udm_exceptions.base as exc: MODULE.process( 'An error occurred while creating the group "%s": %s' % (group['name'], exc.message)) raise UMC_Error(_('Failed to create group (%s).') % exc.message) self.finished(request.id, success) @sanitize(DictSanitizer(dict(object=ListSanitizer(min_elements=1)))) @only_workgroup_admin @LDAP_Connection(USER_READ, USER_WRITE) def remove(self, request, ldap_user_write=None, ldap_user_read=None, ldap_position=None): """Deletes a workgroup""" for group_dn in request.options: group_dn = group_dn['object'][0] break group = WorkGroup.from_dn(group_dn, None, ldap_user_write) if not group.school: raise UMC_Error('Group must within the scope of a school OU: %s' % group_dn) try: success = group.remove(ldap_user_write) except udm_exceptions.base as exc: MODULE.error('Could not remove group "%s": %s' % (group.dn, exc)) self.finished(request.id, [{ 'success': False, 'message': str(exc) }]) return self.finished(request.id, [{'success': success}]) @sanitize( **{ '$dn$': StringSanitizer(required=True), 'classes': ListSanitizer(StringSanitizer(required=True), required=True), 'school': SchoolSanitizer(required=True), }) @LDAP_Connection(USER_READ, MACHINE_WRITE) def add_teacher_to_classes(self, request, ldap_machine_write=None, ldap_user_read=None, ldap_position=None): teacher = request.options['$dn$'] classes = set(request.options['classes']) try: teacher = Teacher.from_dn(teacher, None, ldap_machine_write) if not teacher.is_teacher(ldap_machine_write): raise udm_exceptions.noObject() except udm_exceptions.noObject: raise UMC_Error('The user is not a teacher.') original_classes = set([ x.dn for x in SchoolClass.get_all( ldap_machine_write, request.options['school'], filter_format('uniqueMember=%s', (teacher.dn, ))) ]) classes_to_remove = original_classes - classes classes_to_add = classes - original_classes failed = [] for classdn in (classes_to_add | classes_to_remove): try: class_ = SchoolClass.from_dn(classdn, teacher.school, ldap_machine_write) except udm_exceptions.noObject: failed.append(classdn) continue if classdn in classes_to_add and teacher.dn not in class_.users: class_.users.append(teacher.dn) elif classdn in classes_to_remove and teacher.dn in class_.users: class_.users.remove(teacher.dn) try: if not class_.modify(ldap_machine_write): failed.append(classdn) except udm_exceptions.base as exc: MODULE.error('Could not add teacher %s to class %s: %s' % (teacher.dn, classdn, exc)) failed.append(classdn) self.finished(request.id, not any(failed))
class Instance(Base): def init(self) -> None: MODULE.info("Initializing 'updater' module (PID = %d)" % (getpid(), )) self._current_job = '' self._logfile_start_line = 0 self._serial_file = Watched_File(COMPONENTS_SERIAL_FILE) try: self.uu = UniventionUpdater(False) except Exception as exc: # FIXME: let it raise self.uu = None MODULE.error("init() ERROR: %s" % (exc, )) @simple_response def query_maintenance_information(self) -> Dict[str, Any]: ret = self._maintenance_information() ret.update(self._last_update()) return ret def _last_update(self) -> Dict[str, Any]: status_file = '/var/lib/univention-updater/univention-updater.status' ret = { 'last_update_failed': False, 'last_update_version': None } # type: Dict[str, Any] try: fstat = stat(status_file) mtime = datetime.fromtimestamp(fstat.st_mtime) delta = datetime.now() - mtime if delta.days != 0: # no fresh failure return ret with open(status_file) as fd: info = dict(line.strip().split('=', 1) # type: ignore for line in fd) # type: Dict[str, str] ret['last_update_failed'] = info.get('status') == 'FAILED' if ret['last_update_failed']: ret['last_update_version'] = info.get('next_version') except (ValueError, EnvironmentError) as exc: MODULE.error(str(exc)) return ret def _maintenance_information(self) -> Dict[str, Any]: default = {'show_warning': False} if not self.uu: return default ucr.load() if ucr.is_true('license/extended_maintenance/disable_warning'): return default version = self.uu.current_version for _ver, data in self.uu.get_releases(version, version): status = data.get('status', 'unmaintained') maintenance_extended = status == 'extended' show_warning = maintenance_extended or status != 'maintained' return { 'ucs_version': str(version), 'show_warning': show_warning, 'maintenance_extended': maintenance_extended, 'base_dn': ucr.get('license/base'), } return default @simple_response def query_releases(self) -> List[Dict[str, str]]: """ Returns a list of system releases suitable for the corresponding ComboBox """ # be as current as possible. self.uu.ucr_reinit() ucr.load() appliance_mode = ucr.is_true('server/appliance') available_versions, blocking_components = self.uu.get_all_available_release_updates( ) result = [{ 'id': str(rel), 'label': 'UCS %s' % (rel, ) } for rel in available_versions] # # appliance_mode=no ; blocking_comp=no → add "latest version" # appliance_mode=no ; blocking_comp=yes → no "latest version" # appliance_mode=yes; blocking_comp=no → add "latest version" # appliance_mode=yes; blocking_comp=yes → add "latest version" # if result and (appliance_mode or not blocking_components): # UniventionUpdater returns available version in ascending order, so # the last returned entry is the one to be flagged as 'latest' if there's # no blocking component. result[-1]['label'] = '%s (%s)' % (result[-1]['label'], _('latest version')) return result @sanitize(hooks=ListSanitizer(StringSanitizer(minimum=1), required=True)) def call_hooks(self, request: Request) -> None: """ Calls the specified hooks and returns data given back by each hook """ def _thread(request: Request) -> Dict[str, Any]: result = {} hookmanager = HookManager( HOOK_DIRECTORY) # , raise_exceptions=False hooknames = request.options.get('hooks') MODULE.info('requested hooks: %s' % hooknames) for hookname in hooknames: MODULE.info('calling hook %s' % hookname) result[hookname] = hookmanager.call_hook(hookname) MODULE.info('result: %r' % (result, )) return result thread = notifier.threads.Simple( 'call_hooks', notifier.Callback(_thread, request), notifier.Callback(self.thread_finished_callback, request)) thread.run() @simple_response def updates_check(self) -> Dict[str, List[Tuple[str, str]]]: """ Returns the list of packages to be updated/installed by a dist-upgrade. """ install = [] update = [] remove = [] apt = Cache(memonly=True) apt.update() apt.open() apt.clear() apt.upgrade(dist_upgrade=True) for pkg in apt.get_changes(): if pkg.marked_install: install.append((pkg.name, pkg.candidate.version)) if pkg.marked_upgrade: update.append((pkg.name, pkg.candidate.version)) if pkg.marked_delete: remove.append((pkg.name, pkg.installed.version)) return dict( update=sorted(update), install=sorted(install), remove=sorted(remove), ) @simple_response def updates_available(self) -> bool: """ Asks if there are package updates available. (don't get confused by the name of the UniventionUpdater function that is called here.) This is a separate call since it can take an amount of time, thus being invoked by a separate button (and not in the background) """ ucr.load() try: # be as current as possible. what = 'reinitializing UniventionUpdater' self.uu.ucr_reinit() what = 'checking update availability' new, upgrade, removed = self.uu.component_update_get_packages() return any((new, upgrade, removed)) except Exception as ex: typ = str(type(ex)).strip('<>') msg = '[while %s] [%s] %s' % (what, typ, str(ex)) MODULE.error(msg) return False def status(self, request: Request) -> None: # TODO: remove unneeded things """One call for all single-value variables.""" result = {} # type: Dict[str, Any] ucr.load() try: result['erratalevel'] = int(ucr.get('version/erratalevel', 0)) except ValueError: result['erratalevel'] = 0 result['appliance_mode'] = ucr.is_true('server/appliance') result['timestamp'] = int(time()) result['reboot_required'] = ucr.is_true('update/reboot/required', False) try: # be as current as possible. what = 'reinitializing UniventionUpdater' self.uu.ucr_reinit() what = 'getting UCS version' result['ucs_version'] = str(self.uu.current_version) # if nothing is returned -> convert to empty string. what = 'querying available release updates' try: ver = self.uu.release_update_available(errorsto='exception') result[ 'release_update_available'] = '' if ver is None else str( ver) except RequiredComponentError as exc: result['release_update_available'] = exc.version what = 'querying update-blocking components' blocking_components = self.uu.get_all_available_release_updates( )[1] or set() # check apps if result['release_update_available']: try: from univention.appcenter.actions import get_action update_check = get_action('update-check') if update_check: blocking_apps = update_check.get_blocking_apps( ucs_version=result['release_update_available']) if blocking_apps: blocking_components.update(set(blocking_apps)) except (ImportError, ValueError): # the new univention.appcenter package is not installed. # Cannot be a dependency as the app center depends on updater... raise UMC_Error( _('Error checking if installed apps are available for next UCS version.' )) result['release_update_blocking_components'] = ' '.join( blocking_components) # Component counts are now part of the general 'status' data. what = "counting components" components = [ bool(comp) for comp in self.uu.get_components(all=True) ] result['components'] = len(components) result['enabled'] = sum(components) # HACK: the 'Updates' form polls on the serial file # to refresh itself. Including the serial value # into the form helps us to have a dependent field # that can trigger the refresh of the "Releases" # combobox and the 'package updates available' field. result['serial'] = self._serial_file.timestamp() except Exception as exc: # FIXME: don't catch everything raise UMC_Error("%s %s %s" % ( _('Error contacting the update server. Please check your proxy or firewall settings, if any. Or it may be a problem with your configured DNS server.' ), _('This is the error message:'), exc, ), traceback=format_exc()) self.finished(request.id, [result]) @simple_response def running(self) -> str: """ Returns the id (key into INSTALLERS) of a currently running job, or the empty string if nothing is running. """ return self.__which_job_is_running() @sanitize( job=ChoicesSanitizer(list(INSTALLERS) + [''], required=True), count=IntegerSanitizer(default=0), ) @simple_response def updater_log_file(self, job: str, count: int) -> Union[None, float, List[str]]: """ returns the content of the log file associated with the job. :param job: Job name. :param count: has the same meaning as already known: <0 ...... return timestamp of file (for polling) 0 ....... return whole file as a string list >0 ...... ignore this many lines, return the rest of the file .. note:: As soon as we have looked for a running job at least once, we know the job key and can associate it here. TODO: honor a given 'job' argument """ job = self._current_job or job if not job: return None fname = INSTALLERS[job]['logfile'] if count < 0: try: return stat(fname).st_ctime except EnvironmentError: return 0 # don't read complete file if we have an 'ignore' count count += self._logfile_start_line return self._logview(fname, -count) def _logview(self, fname: str, count: int) -> List[str]: """ Contains all functions needed to view or 'tail' an arbitrary text file. :param count: can have different values: < 0 ... ignore this many lines, return the rest of the file 0 ..... return the whole file, split into lines. > 0 ... return the last 'count' lines of the file. (a.k.a. tail -n <count>) """ lines = [] try: with open(fname, 'rb') as fd: for line in fd: if (count < 0): count += 1 else: lines.append(line.rstrip().decode('utf-8', 'replace')) if (count > 0) and (len(lines) > count): lines.pop(0) except EnvironmentError: pass return lines @sanitize( job=ChoicesSanitizer(INSTALLERS, required=True), ) @simple_response def updater_job_status( self, job: str) -> Dict[str, Any]: # TODO: remove this completely """Returns the status of the current/last update even if the job is not running anymore.""" result = {} # type: Dict[str, Any] try: with open(INSTALLERS[job]['statusfile'], 'r') as fd: for line in fd: fields = line.strip().split('=') if len(fields) == 2: result['_%s_' % fields[0]] = fields[1] except EnvironmentError: pass result['running'] = '' != self.__which_job_is_running() return result @sanitize( job=ChoicesSanitizer(INSTALLERS, required=True), detail=StringSanitizer(r'^[A-Za-z0-9\.\- ]*$'), ) @simple_response def run_installer(self, job: str, detail: str = '') -> Dict[str, int]: """ This is the function that invokes any kind of installer. Arguments accepted: :param job: ..... the main thing to do. can be one of: 'release' ...... perform a release update 'distupgrade' .. update all currently installed packages (distupgrade) :param detail: ....... an argument that specifies the subject of the installer: for 'release' .... the target release number, for all other subjects: detail has no meaning. """ MODULE.info("Starting function %r" % (job, )) self._current_job = job spec = INSTALLERS[job] # remember initial lines of logfile before starting update to not show it in the frontend logfile = spec['logfile'] try: with open(logfile, 'rb') as fd: self._logfile_start_line = sum(1 for line in fd) except EnvironmentError: pass command = spec['command'] if '%' in command: command = command % (pipes.quote(detail).translate({ 0: None, 10: None, 13: None }), ) MODULE.info("Creating job: %r" % (command, )) command = ''' %s %s < /dev/null %s''' % (spec["prejob"], command, spec["postjob"]) atjobs.add(command, comments=dict(lines=self._logfile_start_line)) return {'status': 0} def __which_job_is_running(self) -> str: # first check running at jobs for atjob in atjobs.list(True): for job, inst in INSTALLERS.items(): cmd = inst['command'].split('%')[0] if cmd in atjob.command: self._current_job = job try: self._logfile_start_line = int( atjob.comments.get('lines', 0)) except ValueError: pass return job # no atjob found, parse process list (if univention-upgrade was started via CLI) commands = [ ('/usr/share/univention-updater/univention-updater-umc-dist-upgrade', 'distupgrade'), ('/usr/share/univention-updater/univention-updater', 'release'), ('/usr/sbin/univention-upgrade', 'distupgrade' ) # we don't know if it is a dist-upgrade or a release upgrade ] for cmd, job in commands: for process in psutil.process_iter(): try: cmdline = process.cmdline() if callable( process.cmdline) else process.cmdline except psutil.NoSuchProcess: pass if cmd in cmdline: self._current_job = job self._logfile_start_line = 0 return job return ''
class Instance(Base, ProgressMixin): def __init__(self): Base.__init__(self) self.reports_cfg = None self.modules_with_childs = [] self.__license_checks = set() install_opener(ucr) def init(self): if not self.user_dn: raise UserWithoutDN(self._username) MODULE.info('Initializing module as user %r' % (self.user_dn,)) set_bind_function(self.bind_user_connection) # read user settings and initial UDR self.reports_cfg = udr.Config() self.modules_with_childs = container_modules() def set_locale(self, _locale): super(Instance, self).set_locale(_locale) locale.setlocale(locale.LC_TIME, _locale) def error_handling(self, etype, exc, etraceback): super(Instance, self).error_handling(etype, exc, etraceback) if isinstance(exc, (udm_errors.authFail, INVALID_CREDENTIALS)): MODULE.warn('Authentication failed: %s' % (exc,)) raise LDAP_AuthenticationFailed() if isinstance(exc, (udm_errors.base, LDAPError)): MODULE.error(''.join(traceback.format_exception(etype, exc, etraceback))) def bind_user_connection(self, lo): super(Instance, self).bind_user_connection(lo) self.require_license(lo) def require_license(self, lo): if id(lo) in self.__license_checks: return self.__license_checks.add(id(lo)) try: import univention.admin.license # noqa: F401 except ImportError: return # GPL Version try: check_license(lo, True) except LicenseError: lo.allow_modify = False lo.requireLicense() def _get_module_by_request(self, request, object_type=None): """Tries to determine the UDM module to use. If no specific object type is given the request option 'objectType' is used. In case none if this leads to a valid object type the request flavor is chosen. Failing all this will raise in UMC_OptionMissing exception. On success a UMC_Module object is returned.""" if object_type is None: object_type = request.options.get('objectType') module_name = object_type if not module_name or 'all' == module_name: module_name = request.flavor if not module_name or module_name == 'navigation': raise UMC_OptionMissing(_('No flavor or valid UDM module name specified')) return UDM_Module(module_name) @LDAP_Connection def license(self, request, ldap_connection=None, ldap_position=None): message = None try: check_license(ldap_connection) except LicenseError as exc: message = str(exc) self.finished(request.id, {'message': message}) @LDAP_Connection def license_info(self, request, ldap_connection=None, ldap_position=None): license_data = {} try: import univention.admin.license as udm_license except: license_data['licenseVersion'] = 'gpl' else: license_data['licenseVersion'] = udm_license._license.version if udm_license._license.version == '1': for item in ('licenses', 'real'): license_data[item] = {} for lic_type in ('CLIENT', 'ACCOUNT', 'DESKTOP', 'GROUPWARE'): count = getattr(udm_license._license, item)[udm_license._license.version][getattr(udm_license.License, lic_type)] if isinstance(count, basestring): try: count = int(count) except: count = None license_data[item][lic_type.lower()] = count if 'UGS' in udm_license._license.types: udm_license._license.types = filter(lambda x: x != 'UGS', udm_license._license.types) elif udm_license._license.version == '2': for item in ('licenses', 'real'): license_data[item] = {} for lic_type in ('SERVERS', 'USERS', 'MANAGEDCLIENTS', 'CORPORATECLIENTS'): count = getattr(udm_license._license, item)[udm_license._license.version][getattr(udm_license.License, lic_type)] if isinstance(count, basestring): try: count = int(count) except: count = None license_data[item][lic_type.lower()] = count license_data['keyID'] = udm_license._license.licenseKeyID license_data['support'] = udm_license._license.licenseSupport license_data['premiumSupport'] = udm_license._license.licensePremiumSupport license_data['licenseTypes'] = udm_license._license.types license_data['oemProductTypes'] = udm_license._license.oemProductTypes license_data['endDate'] = udm_license._license.endDate license_data['baseDN'] = udm_license._license.licenseBase free_license = '' if license_data['baseDN'] == 'Free for personal use edition': free_license = 'ffpu' if license_data['baseDN'] == 'UCS Core Edition': free_license = 'core' if free_license: license_data['baseDN'] = ucr.get('ldap/base', '') license_data['freeLicense'] = free_license license_data['sysAccountsFound'] = udm_license._license.sysAccountsFound self.finished(request.id, license_data) @prevent_xsrf_check @LDAP_Connection def license_import(self, request, ldap_connection=None, ldap_position=None): filename = None if isinstance(request.options, (list, tuple)) and request.options: # file upload filename = request.options[0]['tmpfile'] if not os.path.realpath(filename).startswith(TEMPUPLOADDIR): self.finished(request.id, [{'success': False, 'message': 'invalid file path'}]) return else: self.required_options(request, 'license') lic = request.options['license'] # Replace non-breaking space with a normal space # https://forge.univention.org/bugzilla/show_bug.cgi?id=30098 lic = lic.replace(unichr(160), " ") lic_file = tempfile.NamedTemporaryFile(delete=False) lic_file.write(lic) lic_file.close() filename = lic_file.name def _error(msg=None): self.finished(request.id, [{ 'success': False, 'message': msg }]) try: with open(filename, 'rb') as fd: # check license and write it to LDAP importer = LicenseImport(fd) importer.check(ucr.get('ldap/base', '')) importer.write(ldap_connection) except (ValueError, AttributeError, LDAPError) as exc: MODULE.error('License import failed (malformed LDIF): %r' % (exc, )) # AttributeError: missing univentionLicenseBaseDN # ValueError raised by ldif.LDIFParser when e.g. dn is duplicated # LDAPError e.g. LDIF contained non existing attributes if isinstance(exc, LDAPError) and len(exc.args) and isinstance(exc.args[0], dict) and exc.args[0].get('info'): _error(_('LDAP error: %s.') % exc.args[0].get('info')) else: _error() return except LicenseError as exc: MODULE.error('LicenseImport check failed: %r' % (exc, )) _error(str(exc)) return finally: os.unlink(filename) self.finished(request.id, [{'success': True}]) @multi_response(progress=[_('Moving %d object(s)'), _('%($dn$)s moved')]) def move(self, iterator, object, options): for object, options in iterator: if 'container' not in options: yield {'$dn$': object, 'success': False, 'details': _('The destination is missing')} continue module = get_module(None, object) if not module: yield {'$dn$': object, 'success': False, 'details': _('Could not identify the given LDAP object')} elif 'move' not in module.operations: yield {'$dn$': object, 'success': False, 'details': _('This object can not be moved')} else: try: module.move(object, options['container']) yield {'$dn$': object, 'success': True} except UDM_Error as e: yield {'$dn$': object, 'success': False, 'details': str(e)} @sanitize(DictSanitizer(dict( object=DictSanitizer(dict(), required=True), options=DictSanitizer(dict( objectType=StringSanitizer(required=True) ), required=True) ), required=True)) def add(self, request): """Creates LDAP objects. requests.options = [ { 'options' : {}, 'object' : {} }, ... ] return: [ { '$dn$' : <LDAP DN>, 'success' : (True|False), 'details' : <message> }, ... ] """ def _thread(request): result = [] for obj in request.options: options = obj.get('options', {}) properties = obj.get('object', {}) module = self._get_module_by_request(request, object_type=options.get('objectType')) if '$labelObjectType$' in properties: del properties['$labelObjectType$'] try: dn = module.create(properties, container=options.get('container'), superordinate=options.get('superordinate')) result.append({'$dn$': dn, 'success': True}) except UDM_Error as e: result.append({'$dn$': e.dn, 'success': False, 'details': str(e)}) return result thread = notifier.threads.Simple('Get', notifier.Callback(_thread, request), notifier.Callback(self.thread_finished_callback, request)) thread.run() @sanitize(DictSanitizer(dict( object=DictSanitizer({ '$dn$': StringSanitizer(required=True) }, required=True), )), required=True) def put(self, request): """Modifies the given list of LDAP objects. requests.options = [ { 'options' : {}, 'object' : {} }, ... ] return: [ { '$dn$' : <LDAP DN>, 'success' : (True|False), 'details' : <message> }, ... ] """ def _thread(request): result = [] for obj in request.options: properties = obj.get('object') or {} ldap_dn = properties['$dn$'] module = get_module(request.flavor, ldap_dn) if module is None: if len(request.options) == 1: raise ObjectDoesNotExist(ldap_dn) result.append({'$dn$': ldap_dn, 'success': False, 'details': _('LDAP object does not exist.')}) continue MODULE.info('Modifying LDAP object %s' % (ldap_dn,)) if '$labelObjectType$' in properties: del properties['$labelObjectType$'] try: module.modify(properties) result.append({'$dn$': ldap_dn, 'success': True}) except UDM_Error as exc: result.append({'$dn$': ldap_dn, 'success': False, 'details': str(exc)}) return result thread = notifier.threads.Simple('Get', notifier.Callback(_thread, request), notifier.Callback(self.thread_finished_callback, request)) thread.run() def remove(self, request): """Removes the given list of LDAP objects. requests.options = [ { 'object' : <LDAP DN>, 'options' { 'cleanup' : (True|False), 'recursive' : (True|False) } }, ... ] return: [ { '$dn$' : <LDAP DN>, 'success' : (True|False), 'details' : <message> }, ... ] """ def _thread(request): result = [] for item in request.options: ldap_dn = item.get('object') options = item.get('options', {}) module = get_module(request.flavor, ldap_dn) if module is None: result.append({'$dn$': ldap_dn, 'success': False, 'details': _('LDAP object could not be identified')}) continue try: module.remove(ldap_dn, options.get('cleanup', False), options.get('recursive', False)) result.append({'$dn$': ldap_dn, 'success': True}) except UDM_Error as e: result.append({'$dn$': ldap_dn, 'success': False, 'details': str(e)}) return result thread = notifier.threads.Simple('Get', notifier.Callback(_thread, request), notifier.Callback(self.thread_finished_callback, request)) thread.run() @simple_response def meta_info(self, objectType): module = UDM_Module(objectType) if module: return { 'help_link': module.help_link, 'help_text': module.help_text, 'columns': module.columns } def get(self, request): """Retrieves the given list of LDAP objects. Password property will be removed. requests.options = [ <LDAP DN>, ... ] return: [ { '$dn$' : <LDAP DN>, <object properties> }, ... ] """ MODULE.info('Starting thread for udm/get request') thread = notifier.threads.Simple('Get', notifier.Callback(self._get, request), notifier.Callback(self.thread_finished_callback, request)) thread.run() def copy(self, request): thread = notifier.threads.Simple('Copy', notifier.Callback(self._get, request, True), notifier.Callback(self.thread_finished_callback, request)) thread.run() def _get(self, request, copy=False): def _remove_uncopyable_properties(obj): if not copy: return for name, p in obj.descriptions.items(): if not p.copyable: obj.info.pop(name, None) result = [] for ldap_dn in request.options: if request.flavor == 'users/self': ldap_dn = self._user_dn module = get_module(request.flavor, ldap_dn) if module is None: raise ObjectDoesNotExist(ldap_dn) else: obj = module.get(ldap_dn) if obj: _remove_uncopyable_properties(obj) obj.set_defaults = True obj.set_default_values() _remove_uncopyable_properties(obj) props = obj.info empty_props_with_default_set = {} for key in obj.info.keys(): if obj.hasChanged(key): empty_props_with_default_set[key] = { 'default_value': obj.info[key], 'prevent_umc_default_popup': obj.descriptions[key].prevent_umc_default_popup } props['$empty_props_with_default_set$'] = empty_props_with_default_set for passwd in module.password_properties: if passwd in props: del props[passwd] if not copy: props['$dn$'] = obj.dn props['$options$'] = {} for opt in module.get_options(udm_object=obj): props['$options$'][opt['id']] = opt['value'] props['$policies$'] = {} for policy in obj.policies: pol_mod = get_module(None, policy) if pol_mod and pol_mod.name: props['$policies$'].setdefault(pol_mod.name, []).append(policy) props['$labelObjectType$'] = module.title props['$flags$'] = obj.oldattr.get('univentionObjectFlag', []) props['$operations$'] = module.operations props['$references$'] = module.get_references(ldap_dn) result.append(props) else: MODULE.process('The LDAP object for the LDAP DN %s could not be found' % ldap_dn) return result @sanitize( objectPropertyValue=PropertySearchSanitizer( add_asterisks=ADD_ASTERISKS, use_asterisks=USE_ASTERISKS, further_arguments=['objectType', 'objectProperty'], ), objectProperty=ObjectPropertySanitizer(required=True), fields=ListSanitizer(), ) def query(self, request): """Searches for LDAP objects and returns a few properties of the found objects requests.options = {} 'objectType' -- the object type to search for (default: if not given the flavor is used) 'objectProperty' -- the object property that should be scaned 'objectPropertyValue' -- the filter that should be found in the property 'fields' -- the properties which should be returned 'container' -- the base container where the search should be started (default: LDAP base) 'superordinate' -- the superordinate object for the search (default: None) 'scope' -- the search scope (default: sub) return: [ { '$dn$' : <LDAP DN>, 'objectType' : <UDM module name>, 'path' : <location of object> }, ... ] """ def _thread(request): ucr.load() module = self._get_module_by_request(request) superordinate = request.options.get('superordinate') if superordinate == 'None': superordinate = None elif superordinate is not None: MODULE.info('Query defines a superordinate %s' % superordinate) mod = get_module(request.flavor, superordinate) if mod is not None: MODULE.info('Found UDM module %r for superordinate %s' % (mod.name, superordinate)) superordinate = mod.get(superordinate) if not request.options.get('container'): request.options['container'] = superordinate.dn else: raise SuperordinateDoesNotExist(superordinate) container = request.options.get('container') objectProperty = request.options['objectProperty'] objectPropertyValue = request.options['objectPropertyValue'] scope = request.options.get('scope', 'sub') hidden = request.options.get('hidden') fields = (set(request.options.get('fields', []) or []) | set([objectProperty])) - set(['name', 'None']) result = module.search(container, objectProperty, objectPropertyValue, superordinate, scope=scope, hidden=hidden) if result is None: return [] entries = [] object_type = request.options.get('objectType', request.flavor) for obj in result: if obj is None: continue module = get_module(object_type, obj.dn) if module is None: # This happens when concurrent a object is removed between the module.search() and get_module() call MODULE.warn('LDAP object does not exists %s (flavor: %s). The object is ignored.' % (obj.dn, request.flavor)) continue entry = { '$dn$': obj.dn, '$childs$': module.childs, '$flags$': obj.oldattr.get('univentionObjectFlag', []), '$operations$': module.operations, 'objectType': module.name, 'labelObjectType': module.subtitle, 'name': module.obj_description(obj), 'path': ldap_dn2path(obj.dn, include_rdn=False) } if '$value$' in fields: entry['$value$'] = [module.property_description(obj, column['name']) for column in module.columns] for field in fields - set(module.password_properties) - set(entry.keys()): entry[field] = module.property_description(obj, field) entries.append(entry) return entries thread = notifier.threads.Simple('Query', notifier.Callback(_thread, request), notifier.Callback(self.thread_finished_callback, request)) thread.run() def reports_query(self, request): """Returns a list of reports for the given object type""" # i18n: translattion for univention-directory-reports _('PDF Document') self.finished(request.id, [{'id': name, 'label': _(name)} for name in sorted(self.reports_cfg.get_report_names(request.flavor))]) def sanitize_reports_create(self, request): choices = self.reports_cfg.get_report_names(request.flavor) return dict( report=ChoicesSanitizer(choices=choices, required=True), objects=ListSanitizer(DNSanitizer(minimum=1), required=True, min_elements=1) ) @sanitize_func(sanitize_reports_create) def reports_create(self, request): """Creates a report for the given LDAP DNs and returns the URL to access the file""" @LDAP_Connection def _thread(request, ldap_connection=None, ldap_position=None): report = udr.Report(ldap_connection) try: report_file = report.create(request.flavor, request.options['report'], request.options['objects']) except udr.ReportError as exc: raise UMC_Error(str(exc)) path = '/usr/share/univention-management-console-module-udm/' filename = os.path.join(path, os.path.basename(report_file)) shutil.move(report_file, path) os.chmod(filename, 0o600) url = '/univention/command/udm/reports/get?report=%s' % (urllib.quote(os.path.basename(report_file)),) return {'URL': url} thread = notifier.threads.Simple('ReportsCreate', notifier.Callback(_thread, request), notifier.Callback(self.thread_finished_callback, request)) thread.run() @allow_get_request @sanitize(report=StringSanitizer(required=True)) def reports_get(self, request): report = request.options['report'] path = '/usr/share/univention-management-console-module-udm/' filename = os.path.join(path, os.path.basename(report)) try: with open(filename) as fd: self.finished(request.id, fd.read(), mimetype='text/csv' if report.endswith('.csv') else 'application/pdf') except EnvironmentError: raise UMC_Error(_('The report does not exists. Please create a new one.'), status=404) def values(self, request): """Returns the default search pattern/value for the given object property requests.options = {} 'objectProperty' -- the object property that should be scaned return: <value> """ module = self._get_module_by_request(request) property_name = request.options.get('objectProperty') if property_name == 'None': result = None else: result = module.get_default_values(property_name) self.finished(request.id, result) @sanitize( networkDN=StringSanitizer(required=True), increaseCounter=BooleanSanitizer(default=False) ) def network(self, request): """Returns the next IP configuration based on the given network object requests.options = {} 'networkDN' -- the LDAP DN of the network object 'increaseCounter' -- if given and set to True, network object counter for IP addresses is increased return: {} """ module = UDM_Module('networks/network') obj = module.get(request.options['networkDN']) if not obj: raise ObjectDoesNotExist(request.options['networkDN']) try: obj.refreshNextIp() except udm_errors.nextFreeIp: raise NoIpLeft(request.options['networkDN']) result = {'ip': obj['nextIp'], 'dnsEntryZoneForward': obj['dnsEntryZoneForward'], 'dhcpEntryZone': obj['dhcpEntryZone'], 'dnsEntryZoneReverse': obj['dnsEntryZoneReverse']} self.finished(request.id, result) if request.options['increaseCounter']: # increase the next free IP address obj.stepIp() obj.modify() @module_from_request @simple_response() def containers(self, module): """Returns the list of default containers for the given object type. Therefor the python module and the default object in the LDAP directory are searched. requests.options = {} 'objectType' -- The UDM module name return: [ { 'id' : <LDAP DN of container>, 'label' : <name> }, ... ] """ containers = [{'id': x, 'label': ldap_dn2path(x)} for x in module.get_default_containers()] containers.sort(cmp=lambda x, y: cmp(x['label'].lower(), y['label'].lower())) return containers @module_from_request @simple_response def templates(self, module): """Returns the list of template objects for the given object type. requests.options = {} 'objectType' -- The UDM module name return: [ { 'id' : <LDAP DN of container or None>, 'label' : <name> }, ... ] """ result = [] if module.template: template = UDM_Module(module.template) objects = template.search(ucr.get('ldap/base')) for obj in objects: obj.open() result.append({'id': obj.dn, 'label': obj[template.identifies]}) return result @LDAP_Connection def types(self, request, ldap_connection=None, ldap_position=None): """Returns the list of object types matching the given flavor or container. requests.options = {} 'superordinate' -- if available only types for the given superordinate are returned (not for the navigation) 'container' -- if available only types suitable for the given container are returned (only for the navigation) return: [ { 'id' : <LDAP DN of container or None>, 'label' : <name> }, ... ] """ superordinate = request.options.get('superordinate') if request.flavor != 'navigation': module = UDM_Module(request.flavor) if superordinate: module = get_module(request.flavor, superordinate) or module self.finished(request.id, module.child_modules) return container = request.options.get('container') or superordinate if not container: # no container is specified, return all existing object types MODULE.info('no container specified, returning all object types') self.finished(request.id, map(lambda module: {'id': module[0], 'label': getattr(module[1], 'short_description', module[0])}, udm_modules.modules.items())) return if 'None' == container: # if 'None' is given, use the LDAP base container = ucr.get('ldap/base') MODULE.info('no container == \'None\', set LDAP base as container') # create a list of modules that can be created # ... all container types except container/dc allowed_modules = set([m for m in udm_modules.containers if udm_modules.name(m) != 'container/dc']) # the container may be a superordinate or have one as its parent # (or grandparent, ....) superordinate = udm_modules.find_superordinate(container, None, ldap_connection) if superordinate: # there is a superordinate... add its subtypes to the list of allowed modules MODULE.info('container has a superordinate: %s' % superordinate) allowed_modules.update(udm_modules.subordinates(superordinate)) else: # add all types that do not have a superordinate MODULE.info('container has no superordinate') allowed_modules.update(mod for mod in udm_modules.modules.values() if not udm_modules.superordinates(mod)) # make sure that the object type can be created allowed_modules = filter(lambda mod: udm_modules.supports(mod, 'add'), allowed_modules) MODULE.info('all modules that are allowed: %s' % [udm_modules.name(mod) for mod in allowed_modules]) # return the final list of object types self.finished(request.id, map(lambda module: {'id': udm_modules.name(module), 'label': getattr(module, 'short_description', udm_modules.name(module))}, allowed_modules)) @bundled @sanitize(objectType=StringSanitizer()) # objectDN=StringSanitizer(allow_none=True), def layout(self, request): """Returns the layout information for the given object type. requests.options = {} 'objectType' -- The UDM module name. If not available the flavor is used return: <layout data structure (see UDM python modules)> """ module = self._get_module_by_request(request) module.load(force_reload=True) # reload for instant extended attributes if request.flavor == 'users/self': object_dn = None else: object_dn = request.options.get('objectDN') return module.get_layout(object_dn) @bundled @sanitize( objectType=StringSanitizer(), objectDn=StringSanitizer(), searchable=BooleanSanitizer(default=False) ) def properties(self, request): """Returns the properties of the given object type. requests.options = {} 'searchable' -- If given only properties that might be used for search filters are returned return: [ {}, ... ] """ module = self._get_module_by_request(request) module.load(force_reload=True) # reload for instant extended attributes object_dn = request.options.get('objectDN') properties = module.get_properties(object_dn) if request.options.get('searchable', False): properties = filter(lambda prop: prop.get('searchable', False), properties) return properties @module_from_request @simple_response def options(self, module): """Returns the options specified for the given object type requests.options = {} 'objectType' -- The UDM module name. If not available the flavor is used return: [ {}, ... ] """ return module.options @bundled @sanitize( objectType=StringSanitizer() ) def policies(self, request): """Returns a list of policy types that apply to the given object type""" module = self._get_module_by_request(request) return module.policies def validate(self, request): """Validates the correctness of values for properties of the given object type. Therefor the syntax definition of the properties is used. requests.options = {} 'objectType' -- The UDM module name. If not available the flavor is used return: [ { 'property' : <name>, 'valid' : (True|False), 'details' : <message> }, ... ] """ def _thread(request): module = self._get_module_by_request(request) result = [] for property_name, value in request.options.get('properties').items(): # ignore special properties named like $.*$, e.g. $options$ if property_name.startswith('$') and property_name.endswith('$'): continue property_obj = module.get_property(property_name) if property_obj is None: raise UMC_OptionMissing(_('Property %s not found') % property_name) # check each element if 'value' is a list if isinstance(value, (tuple, list)) and property_obj.multivalue: subResults = [] subDetails = [] for ival in value: try: property_obj.syntax.parse(ival) subResults.append(True) subDetails.append('') except (udm_errors.valueInvalidSyntax, udm_errors.valueError, TypeError) as e: subResults.append(False) subDetails.append(str(e)) result.append({'property': property_name, 'valid': subResults, 'details': subDetails}) # otherwise we have a single value else: try: property_obj.syntax.parse(value) result.append({'property': property_name, 'valid': True}) except (udm_errors.valueInvalidSyntax, udm_errors.valueError) as e: result.append({'property': property_name, 'valid': False, 'details': str(e)}) return result thread = notifier.threads.Simple('Validate', notifier.Callback(_thread, request), notifier.Callback(self.thread_finished_callback, request)) thread.run() @sanitize( syntax=StringSanitizer(required=True), key=LDAPSearchSanitizer(use_asterisks=False), ) @simple_response def syntax_choices_key(self, syntax, key): syntax = _get_syntax(syntax) if syntax is None: return return search_syntax_choices_by_key(syntax, key) @sanitize(syntax=StringSanitizer(required=True)) @simple_response def syntax_choices_info(self, syntax): syntax = _get_syntax(syntax) if syntax is None: return return info_syntax_choices(syntax) @sanitize( objectPropertyValue=LDAPSearchSanitizer(), objectProperty=ObjectPropertySanitizer(), syntax=StringSanitizer(required=True) ) def syntax_choices(self, request): """Dynamically determine valid values for a given syntax class requests.options = {} 'syntax' -- The UDM syntax class return: [ { 'id' : <name>, 'label' : <text> }, ... ] """ def _thread(request): syntax = _get_syntax(request.options['syntax']) if syntax is None: return return read_syntax_choices(syntax, request.options) thread = notifier.threads.Simple('SyntaxChoice', notifier.Callback(_thread, request), notifier.Callback(self.thread_finished_callback, request)) thread.run() @sanitize( container=StringSanitizer(default='', allow_none=True) ) def move_container_query(self, request): scope = 'one' modules = self.modules_with_childs container = request.options.get('container') if not container: scope = 'base' thread = notifier.threads.Simple('MoveContainerQuery', notifier.Callback(self._container_query, request, container, modules, scope), notifier.Callback(self.thread_finished_callback, request)) thread.run() @sanitize( container=StringSanitizer(allow_none=True) ) def nav_container_query(self, request): """Returns a list of LDAP containers located under the given LDAP base (option 'container'). If no base container is specified the LDAP base object is returned.""" ldap_base = ucr['ldap/base'] container = request.options.get('container') modules = self.modules_with_childs scope = 'one' if not container: # get the tree root == the ldap base scope = 'base' elif request.flavor != 'navigation' and container and ldap_base.lower() == container.lower(): # this is the tree root of DNS / DHCP, show all zones / services scope = 'sub' modules = [request.flavor] thread = notifier.threads.Simple('NavContainerQuery', notifier.Callback(self._container_query, request, container, modules, scope), notifier.Callback(self.thread_finished_callback, request)) thread.run() def _container_query(self, request, container, modules, scope): """Get a list of containers or child objects of the specified container.""" if not container: container = ucr['ldap/base'] defaults = {} if request.flavor != 'navigation': defaults['$operations$'] = ['search', ], # disallow edit if request.flavor in ('dns/dns', 'dhcp/dhcp'): defaults.update({ 'label': UDM_Module(request.flavor).title, 'icon': 'udm-%s' % (request.flavor.replace('/', '-'),), }) return [dict({ 'id': container, 'label': ldap_dn2path(container), 'icon': 'udm-container-dc', 'path': ldap_dn2path(container), 'objectType': 'container/dc', '$operations$': UDM_Module('container/dc').operations, '$flags$': [], '$childs$': True, '$isSuperordinate$': False, }, **defaults)] result = [] for xmodule in modules: xmodule = UDM_Module(xmodule) superordinate = None if xmodule.superordinate_names: for module_superordinate in xmodule.superordinate_names: try: superordinate = UDM_Module(module_superordinate).get(container) except UDM_Error: # the container is not a direct superordinate # FIXME: get the "real" superordinate; Bug #40885 continue if superordinate is None: continue # superordinate object could not be load -> ignore module try: for item in xmodule.search(container, scope=scope, superordinate=superordinate): module = UDM_Module(item.module) result.append({ 'id': item.dn, 'label': item[module.identifies], 'icon': 'udm-%s' % (module.name.replace('/', '-')), 'path': ldap_dn2path(item.dn), 'objectType': module.name, '$operations$': module.operations, '$flags$': item.oldattr.get('univentionObjectFlag', []), '$childs$': module.childs, '$isSuperordinate$': udm_modules.isSuperordinate(module.module), }) except UDM_Error as exc: raise UMC_Error(str(exc)) return result @sanitize( container=StringSanitizer(required=True) ) @LDAP_Connection def nav_object_query(self, request, ldap_connection=None, ldap_position=None): """Returns a list of objects in a LDAP container (scope: one) requests.options = {} 'container' -- the base container where the search should be started (default: LDAP base) 'objectType' -- the object type that should be displayed (optional) 'objectProperty' -- the object property that should be scaned (optional) 'objectPropertyValue' -- the filter that should b found in the property (optional) return: [ { '$dn$' : <LDAP DN>, 'objectType' : <UDM module name>, 'path' : <location of object> }, ... ] """ object_type = request.options.get('objectType', '') if object_type not in ('None', '$containers$'): # we need to search for a specific objectType, then we should call the standard query # we also need to get the correct superordinate superordinate = udm_objects.get_superordinate(object_type, None, ldap_connection, request.options['container']) if superordinate and superordinate.module == 'settings/cn': # false positive detected superordinate; Bug #32843 superordinate = None if superordinate: superordinate = superordinate.dn request.options['superordinate'] = superordinate request.options['scope'] = 'one' self.query(request) return def _thread(container): entries = [] for module, obj in list_objects(container, object_type=object_type): if obj is None: continue if object_type != '$containers$' and module.childs: continue if object_type == '$containers$' and not module.childs: continue entries.append({ '$dn$': obj.dn, '$childs$': module.childs, 'objectType': module.name, 'labelObjectType': module.subtitle, 'name': udm_objects.description(obj), 'path': ldap_dn2path(obj.dn, include_rdn=False), '$flags$': obj.oldattr.get('univentionObjectFlag', []), '$operations$': module.operations, }) return entries thread = notifier.threads.Simple('NavObjectQuery', notifier.Callback(_thread, request.options['container']), notifier.Callback(self.thread_finished_callback, request)) thread.run() @sanitize(DictSanitizer(dict( objectType=StringSanitizer(required=True), policies=ListSanitizer(), policyType=StringSanitizer(required=True), objectDN=Sanitizer(default=None), container=Sanitizer(default=None) # objectDN=StringSanitizer(default=None, allow_none=True), # container=StringSanitizer(default=None, allow_none=True) ))) def object_policies(self, request): """Returns a virtual policy object containing the values that the given object or container inherits""" def _thread(request): object_dn = None container_dn = None obj = None def _get_object(_dn, _module): '''Get existing UDM object and corresponding module. Verify user input.''' if _module is None or _module.module is None: raise UMC_OptionTypeError('The given object type is not valid') _obj = _module.get(_dn) if _obj is None or (_dn and not _obj.exists()): raise ObjectDoesNotExist(_dn) return _obj def _get_object_parts(_options): '''Get object related information and corresponding UDM object/module. Verify user input.''' _object_type = _options['objectType'] _object_dn = _options['objectDN'] _container_dn = _options['container'] if (object_dn, container_dn) == (_object_dn, _container_dn): # nothing has changed w.r.t. last entry -> return last values return (object_dn, container_dn, obj) _obj = None _module = None if _object_dn: # editing an exiting UDM object -> use the object itself _module = UDM_Module(_object_type) _obj = _get_object(_object_dn, _module) elif _container_dn: # editing a new (i.e. non existing) object -> use the parent container _module = get_module(None, _container_dn) _obj = _get_object(_container_dn, _module) return (_object_dn, _container_dn, _obj) ret = [] for ioptions in request.options: object_dn, container_dn, obj = _get_object_parts(ioptions) policy_dns = ioptions.get('policies', []) policy_module = UDM_Module(ioptions['policyType']) policy_obj = _get_object(policy_dns[0] if policy_dns else None, policy_module) if obj is None: ret.append({}) continue policy_obj.clone(obj) # There are 2x2x2 (=8) cases that may occur (c.f., Bug #31916): # (1) # [edit] editing existing UDM object # -> the existing UDM object itself is loaded # [new] virtually edit non-existing UDM object (when a new object is being created) # -> the parent container UDM object is loaded # (2) # [w/pol] UDM object has assigend policies in LDAP directory # [w/o_pol] UDM object has no policies assigend in LDAP directory # (3) # [inherit] user request to (virtually) change the policy to 'inherited' # [set_pol] user request to (virtually) assign a particular policy faked_policy_reference = None if object_dn and not policy_dns: # case: [edit; w/pol; inherit] # -> current policy is (virtually) overwritten with 'None' faked_policy_reference = [None] elif not object_dn and policy_dns: # cases: # * [new; w/pol; inherit] # * [new; w/pol; set_pol] # -> old + temporary policy are both (virtually) set at the parent container faked_policy_reference = obj.policies + policy_dns else: # cases: # * [new; w/o_pol; inherit] # * [new; w/o_pol; set_pol] # * [edit; w/pol; set_pol] # * [edit; w/o_pol; inherit] # * [edit; w/o_pol; set_pol] faked_policy_reference = policy_dns policy_obj.policy_result(faked_policy_reference) infos = copy.copy(policy_obj.polinfo_more) for key, value in infos.items(): if key in policy_obj.polinfo: if isinstance(infos[key], (tuple, list)): continue infos[key]['value'] = policy_obj.polinfo[key] ret.append(infos) return ret thread = notifier.threads.Simple('ObjectPolicies', notifier.Callback(_thread, request), notifier.Callback(self.thread_finished_callback, request)) thread.run() def object_options(self, request): """Returns the options known by the given objectType. If an LDAP DN is passed the current values for the options of this object are returned, otherwise the default values for the options are returned.""" object_type = request.options.get('objectType') if not object_type: raise UMC_OptionMissing('The object type is missing') object_dn = request.options.get('objectDN') def _thread(object_type, object_dn): module = UDM_Module(object_type) if module.module is None: raise UMC_OptionTypeError('The given object type is not valid') return module.get_option(object_dn) thread = notifier.threads.Simple('ObjectOptions', notifier.Callback(_thread, object_type, object_dn), notifier.Callback(self.thread_finished_callback, request)) thread.run() @sanitize(email=EmailSanitizer(required=True)) @simple_response def request_new_license(self, email): license = dump_license() if license is None: raise UMC_CommandError(_('Cannot parse License from LDAP')) data = {} data['email'] = email data['licence'] = license data = urllib.urlencode(data) url = 'https://license.univention.de/keyid/conversion/submit' request = urllib2.Request(url, data=data, headers={'User-agent': 'UMC/AppCenter'}) self._request_license(request) # creating a new ucr variable to prevent duplicated registration (Bug #35711) handler_set(['ucs/web/license/requested=true']) return True def _request_license(self, request): try: urlopen(request) except (urllib2.HTTPError, urllib2.URLError, IOError) as exc: strerror = '' if hasattr(exc, 'read'): # try to parse an html error body = exc.read() match = re.search('<span id="details">(?P<details>.*?)</span>', body, flags=re.DOTALL) if match: strerror = match.group(1).replace('\n', '') if not strerror: if hasattr(exc, 'getcode') and exc.getcode() >= 400: strerror = _('This seems to be a problem with the license server. Please try again later.') while hasattr(exc, 'reason'): exc = exc.reason if hasattr(exc, 'errno'): version = ucr.get('version/version') errno = exc.errno strerror += getattr(exc, 'strerror', '') or '' if errno == 1: # gaierror(1, something like 'SSL Unknown protocol') link_to_doc = _('http://docs.univention.de/manual-%s.html#ip-config:Web_proxy_for_caching_and_policy_management__virus_scan') % version strerror += '. ' + _('This may be a problem with the proxy of your system. You may find help at %s.') % link_to_doc if errno == -2: # gaierror(-2, 'Name or service not known') link_to_doc = _('http://docs.univention.de/manual-%s.html#networks:dns') % version strerror += '. ' + _('This is probably due to the DNS settings of your server. You may find help at %s.') % link_to_doc if not strerror.strip(): strerror = str(exc) raise UMC_Error(_('An error occurred while contacting the license server: %s') % (strerror,), status=500)
class Instance(Base): def init(self): MODULE.info("Initializing 'updater' module (PID = %d)" % (getpid(), )) self._current_job = '' self._logfile_start_line = 0 self._serial_file = Watched_File(COMPONENTS_SERIAL_FILE) self._updates_serial = Watched_Files(UPDATE_SERIAL_FILES) try: self.uu = UniventionUpdater(False) except Exception as exc: # FIXME: let it raise MODULE.error("init() ERROR: %s" % (exc, )) @simple_response def query_maintenance_information(self): ret = self._maintenance_information() ret.update(self._last_update()) return ret def _last_update(self): status_file = '/var/lib/univention-updater/univention-updater.status' ret = {'last_update_failed': False, 'last_update_version': None} try: mtime = stat(status_file).st_mtime mtime = datetime.fromtimestamp(mtime) delta = datetime.now() - mtime if delta.days != 0: # no fresh failure return ret with open(status_file) as fd: content = fd.read() info = dict( line.split('=', 1) for line in content.splitlines()) ret['last_update_failed'] = info.get('status') == 'FAILED' if ret['last_update_failed']: ret['last_update_version'] = info.get('next_version') except (ValueError, EnvironmentError) as exc: MODULE.error(str(exc)) pass return ret def _maintenance_information(self): ucr.load() if ucr.is_true('license/extended_maintenance/disable_warning'): return {'show_warning': False} version = self.uu.get_ucs_version() try: url = 'https://updates.software-univention.de/download/ucs-maintenance/{}.yaml'.format( version) response = requests.get(url, timeout=10) if not response.ok: response.raise_for_status() status = yaml.safe_load(response.content) if not isinstance(status, dict): raise yaml.YAMLError(repr(status)) # the yaml file contains for maintained either false, true or extended as value. # yaml.load converts true and false into booleans but extended into string. _maintained_status = status.get('maintained') maintenance_extended = _maintained_status == 'extended' show_warning = maintenance_extended or not _maintained_status except yaml.YAMLError as exc: MODULE.error('The YAML format is malformed: %s' % (exc, )) return {'show_warning': False} except requests.exceptions.RequestException as exc: MODULE.error("Querying maintenance information failed: %s" % (exc, )) return {'show_warning': False} return { 'ucs_version': version, 'show_warning': show_warning, 'maintenance_extended': maintenance_extended, 'base_dn': ucr.get('license/base') } @simple_response def poll(self): return True @simple_response def query_releases(self): """ Returns a list of system releases suitable for the corresponding ComboBox """ # be as current as possible. self.uu.ucr_reinit() ucr.load() appliance_mode = ucr.is_true('server/appliance') available_versions, blocking_components = self.uu.get_all_available_release_updates( ) result = [{ 'id': rel, 'label': 'UCS %s' % (rel, ) } for rel in available_versions] # # appliance_mode=no ; blocking_comp=no → add "latest version" # appliance_mode=no ; blocking_comp=yes → no "latest version" # appliance_mode=yes; blocking_comp=no → add "latest version" # appliance_mode=yes; blocking_comp=yes → add "latest version" # if result and (appliance_mode or not blocking_components): # UniventionUpdater returns available version in ascending order, so # the last returned entry is the one to be flagged as 'latest' if there's # no blocking component. result[-1]['label'] = '%s (%s)' % (result[-1]['label'], _('latest version')) return result @sanitize(hooks=ListSanitizer(StringSanitizer(minimum=1), required=True)) def call_hooks(self, request): """ Calls the specified hooks and returns data given back by each hook """ def _thread(request): result = {} hookmanager_legacy = univention.hooks.HookManager( HOOK_DIRECTORY_LEGACY) # , raise_exceptions=False hookmanager = univention.hooks.HookManager( HOOK_DIRECTORY) # , raise_exceptions=False hooknames = request.options.get('hooks') MODULE.info('requested hooks: %s' % hooknames) for hookname in hooknames: MODULE.info('calling hook %s' % hookname) result[hookname] = hookmanager.call_hook( hookname) + hookmanager_legacy.call_hook(hookname) MODULE.info('result: %r' % (result, )) return result thread = notifier.threads.Simple( 'call_hooks', notifier.Callback(_thread, request), notifier.Callback(self.thread_finished_callback, request)) thread.run() @simple_response def updates_serial(self): """ Watches the three `sources.list` snippets for changes """ result = self._updates_serial.timestamp() MODULE.info(" -> Serial for UPDATES is '%s'" % result) return result @simple_response def updates_check(self): """ Returns the list of packages to be updated/installed by a dist-upgrade. """ p0 = subprocess.Popen(['LC_ALL=C apt-get update'], stdout=subprocess.PIPE, stderr=subprocess.PIPE, shell=True) (stdout, stderr) = p0.communicate() p1 = subprocess.Popen(['LC_ALL=C apt-get -u dist-upgrade -s'], stdout=subprocess.PIPE, stderr=subprocess.PIPE, shell=True) (stdout, stderr) = p1.communicate() install = [] update = [] remove = [] for line in stdout.split('\n'): # upgrade: # Inst univention-updater [3.1.1-5] (3.1.1-6.408.200810311159 192.168.0.10) # inst: # Inst mc (1:4.6.1-6.12.200710211124 oxae-update.open-xchange.com) # # *** FIX *** the above example lines ignore the fact that there's # some extra text (occasionally) after the last closing # parenthesis. Until now, I've seen only a pair of empty # brackets [], but who knows... match = re.search(r'^Inst (\S+)\s+(.*?)\s*\((\S+)\s.*\)', line) if match: pkg = match.group(1) old = match.group(2) ver = match.group(3) if old: update.append([pkg, ver]) else: install.append([pkg, ver]) elif line.startswith('Remv '): ll = line.split(' ') pkg = ll[1] # i18n: The package version is unknown. ver = _('unknown') if len(ll) > 2: ver = ll[2].replace('[', '').replace(']', '') remove.append([pkg, ver]) return dict( update=sorted(update), install=sorted(install), remove=sorted(remove), ) @simple_response def updates_available(self): """ Asks if there are package updates available. (don't get confused by the name of the UniventionUpdater function that is called here.) This is a separate call since it can take an amount of time, thus being invoked by a separate button (and not in the background) """ ucr.load() try: # be as current as possible. what = 'reinitializing UniventionUpdater' self.uu.ucr_reinit() what = 'checking update availability' return self.uu.component_update_available() except Exception as ex: typ = str(type(ex)).strip('<>') msg = '[while %s] [%s] %s' % (what, typ, str(ex)) MODULE.error(msg) return False def status(self, request): # TODO: remove unneeded things """One call for all single-value variables.""" result = {} ucr.load() try: result['erratalevel'] = int(ucr.get('version/erratalevel', 0)) except ValueError: result['erratalevel'] = 0 result['appliance_mode'] = ucr.is_true('server/appliance') result['easy_mode'] = ucr.is_true('update/umc/updateprocess/easy', False) result['timestamp'] = int(time()) result['reboot_required'] = ucr.is_true('update/reboot/required', False) try: # be as current as possible. what = 'reinitializing UniventionUpdater' self.uu.ucr_reinit() what = 'getting UCS version' result['ucs_version'] = self.uu.get_ucs_version() # if nothing is returned -> convert to empty string. what = 'querying available release updates' try: result[ 'release_update_available'] = self.uu.release_update_available( errorsto='exception') except RequiredComponentError as exc: result['release_update_available'] = exc.version if result['release_update_available'] is None: result['release_update_available'] = '' what = 'querying update-blocking components' try: blocking_components = self.uu.get_all_available_release_updates( )[1] except (UpdaterException, ValueError) as exc: msg = _( 'Error contacting the update server. Please check your proxy or firewall settings, if any. Or it may be a problem with your configured DNS server.' ) msg += ' ' + _('This is the error message:') + ' ' + str(exc) raise UMC_Error(msg) result['release_update_blocking_components'] = ' '.join( blocking_components or []) what = "querying availability for easy mode" if result['easy_mode']: # updates/available should reflect the need for an update easy_update_available = ucr.is_true('update/available', False) # but don't rely on ucr! update/available is set during univention-upgrade --check # but when was the last time this was run? # release update easy_update_available = easy_update_available or result[ 'release_update_available'] # if no update seems necessary perform a real (expensive) check nonetheless easy_update_available = easy_update_available or self.uu.component_update_available( ) result['easy_update_available'] = bool(easy_update_available) else: result['easy_update_available'] = False # Component counts are now part of the general 'status' data. what = "counting components" c_count = 0 e_count = 0 for comp in self.uu.get_all_components(): c_count = c_count + 1 if ucr.is_true('repository/online/component/%s' % (comp, ), False): e_count = e_count + 1 result['components'] = c_count result['enabled'] = e_count # HACK: the 'Updates' form polls on the serial file # to refresh itself. Including the serial value # into the form helps us to have a dependent field # that can trigger the refresh of the "Releases" # combobox and the 'package updates available' field. result['serial'] = self._serial_file.timestamp() except Exception as exc: # FIXME: don't catch everything typ = str(type(exc)).strip('<>') msg = '[while %s] [%s] %s' % (what, typ, exc) msg = _( 'Error contacting the update server. Please check your proxy or firewall settings, if any. Or it may be a problem with your configured DNS server.' ) msg += ' ' + _('This is the error message:') + ' ' + str(exc) raise UMC_Error(msg) self.finished(request.id, [result]) @simple_response def reboot(self): """ Reboots the computer. Simply invokes /sbin/reboot in the background and returns success to the caller. The caller is prepared for connection loss. """ subprocess.call(['/sbin/reboot']) return True @simple_response def running(self): """ Returns the id (key into INSTALLERS) of a currently running job, or the empty string if nothing is running. """ return self.__which_job_is_running() @sanitize( job=ChoicesSanitizer(INSTALLERS.keys() + [''], required=True), count=IntegerSanitizer(default=0), ) @simple_response def updater_log_file(self, job, count): """ returns the content of the log file associated with the job. :param count: has the same meaning as already known: <0 ...... return timestamp of file (for polling) 0 ....... return whole file as a string list >0 ...... ignore this many lines, return the rest of the file .. note:: As soon as we have looked for a running job at least once, we know the job key and can associate it here. TODO: honor a given 'job' argument """ job = self._current_job or job if not job: return fname = INSTALLERS[job]['logfile'] if count < 0: try: return stat(fname)[9] except (IOError, OSError): return 0 # don't read complete file if we have an 'ignore' count count += self._logfile_start_line return self._logview(fname, -count) def _logview(self, fname, count): """ Contains all functions needed to view or 'tail' an arbitrary text file. :param count: can have different values: < 0 ... ignore this many lines, return the rest of the file 0 ..... return the whole file, split into lines. > 0 ... return the last 'count' lines of the file. (a.k.a. tail -n <count>) """ lines = [] try: with open(fname, 'rb') as fd: for line in fd: if (count < 0): count += 1 else: lines.append(line.rstrip().decode('utf-8', 'replace')) if (count > 0) and (len(lines) > count): lines.pop(0) except (IOError, OSError): pass return lines @sanitize( job=ChoicesSanitizer(INSTALLERS.keys(), required=True), ) @simple_response def updater_job_status(self, job): # TODO: remove this completely """Returns the status of the current/last update even if the job is not running anymore.""" result = {} try: with open(INSTALLERS[job]['statusfile'], 'rb') as fd: for line in fd: fields = line.strip().split('=') if len(fields) == 2: result['_%s_' % fields[0]] = fields[1] except (IOError, OSError): pass result['running'] = '' != self.__which_job_is_running() return result @sanitize( job=ChoicesSanitizer(INSTALLERS.keys(), required=True), detail=StringSanitizer(r'^[A-Za-z0-9\.\- ]*$'), ) @simple_response def run_installer(self, job, detail=''): """ This is the function that invokes any kind of installer. Arguments accepted: job ..... the main thing to do. can be one of: 'release' ...... perform a release update 'distupgrade' .. update all currently installed packages (distupgrade) 'check' ........ check what would be done for 'update' ... do we need this? detail ....... an argument that specifies the subject of the installer: for 'release' .... the target release number, for all other subjects: detail has no meaning. """ MODULE.info("Starting function %r" % (job, )) self._current_job = job # remember initial lines of logfile before starting update to not show it in the frontend logfile = INSTALLERS[job]['logfile'] try: with open(logfile, 'rb') as fd: self._logfile_start_line = sum(1 for line in fd) except (IOError, OSError): pass command = INSTALLERS[job]['command'] if '%' in command: command = command % (pipes.quote(detail).replace('\n', '').replace( '\r', '').replace('\x00', ''), ) prejob = '/usr/share/univention-updater/disable-apache2-umc' postjob = '/usr/share/univention-updater/enable-apache2-umc --no-restart' if job == 'release': prejob = 'ucr set updater/maintenance=true' postjob = 'ucr set updater/maintenance=false' MODULE.info("Creating job: %r" % (command, )) command = ''' %s %s < /dev/null %s''' % (prejob, command, postjob) atjobs.add(command, comments=dict(lines=self._logfile_start_line)) return {'status': 0} def __which_job_is_running(self): # first check running at jobs for atjob in atjobs.list(True): for job, inst in INSTALLERS.iteritems(): cmd = inst['command'].split('%')[0] if cmd in atjob.command: self._current_job = job try: self._logfile_start_line = int( atjob.comments.get('lines', 0)) except ValueError: pass return job # no atjob found, parse process list (if univention-upgrade was started via CLI) commands = [ ('/usr/share/univention-updater/univention-updater-umc-dist-upgrade', 'distupgrade'), ('/usr/share/univention-updater/univention-updater', 'release'), ('/usr/sbin/univention-upgrade', 'distupgrade' ) # we don't know if it is a dist-upgrade or a release upgrade ] for cmd, job in commands: for process in psutil.process_iter(): try: cmdline = process.cmdline() if callable( process.cmdline) else process.cmdline except psutil.NoSuchProcess: pass if cmd in cmdline: self._current_job = job self._logfile_start_line = 0 return job return ''
class Instance(SchoolBaseModule): def init(self): super(Instance, self).init() add_module_logger_to_schoollib() @sanitize(school=SchoolSanitizer(required=True), pattern=StringSanitizer(default='')) @LDAP_Connection() def computers(self, request, ldap_user_read=None): pattern = LDAP_Filter.forComputers(request.options.get('pattern', '')) result = [{ 'label': x.name, 'id': x.dn } for x in SchoolComputer.get_all(ldap_user_read, request.options['school'], pattern)] result = sorted(result, cmp=lambda x, y: cmp(x.lower(), y.lower()), key=lambda x: x['label']) # TODO: still necessary? self.finished(request.id, result) @sanitize(school=SchoolSanitizer(required=True), pattern=StringSanitizer(default='')) @LDAP_Connection() def query(self, request, ldap_user_read=None): school = request.options['school'] pattern = LDAP_Filter.forGroups(request.options.get('pattern', ''), school) result = [{ 'name': x.get_relative_name(), 'description': x.description or '', '$dn$': x.dn, } for x in ComputerRoom.get_all(ldap_user_read, school, pattern)] result = sorted(result, cmp=lambda x, y: cmp(x.lower(), y.lower()), key=lambda x: x['name']) # TODO: still necessary? self.finished(request.id, result) @sanitize(DNSanitizer(required=True)) @LDAP_Connection() def get(self, request, ldap_user_read=None): # open the specified room room = ComputerRoom.from_dn(request.options[0], None, ldap_user_read) result = room.to_dict() result['computers'] = result.get('hosts') self.finished(request.id, [result]) @sanitize(DictSanitizer(dict(object=DictSanitizer({}, required=True)))) @LDAP_Connection(USER_READ, USER_WRITE) def add(self, request, ldap_user_write=None, ldap_user_read=None): """Adds a new room""" group_props = request.options[0].get('object', {}) group_props['hosts'] = group_props.get('computers') room = ComputerRoom(**group_props) if room.get_relative_name() == room.name: room.name = '%(school)s-%(name)s' % group_props room.set_dn(room.dn) success = room.create(ldap_user_write) self.finished(request.id, [success]) @sanitize(DictSanitizer(dict(object=DictSanitizer({}, required=True)))) @LDAP_Connection(USER_READ, USER_WRITE) def put(self, request, ldap_user_write=None, ldap_user_read=None): """Modify an existing room""" group_props = request.options[0].get('object', {}) group_props['hosts'] = group_props.get('computers') room = ComputerRoom(**group_props) if room.get_relative_name() == room.name: room.name = '%(school)s-%(name)s' % group_props room.set_dn(group_props['$dn$']) room.modify(ldap_user_write) self.finished(request.id, [True]) @sanitize( DictSanitizer( dict(object=ListSanitizer(DNSanitizer(required=True), min_elements=1)))) @LDAP_Connection(USER_READ, USER_WRITE) def remove(self, request, ldap_user_write=None, ldap_user_read=None): """Deletes a room""" try: room_dn = request.options[0]['object'][0] room = ComputerRoom.from_dn(room_dn, None, ldap_user_write) room.remove(ldap_user_write) except udm_exceptions.base as e: self.finished(request.id, [{'success': False, 'message': str(e)}]) return self.finished(request.id, [{'success': True}])
class Instance(umcm.Base): def init(self): self.ucr = univention.config_registry.ConfigRegistry() self.ucr.load() util.install_opener(self.ucr) self.package_manager = PackageManager( info_handler=MODULE.process, step_handler=None, error_handler=MODULE.warn, lock=False, always_noninteractive=True, ) self.uu = UniventionUpdater(False) self.component_manager = util.ComponentManager(self.ucr, self.uu) # in order to set the correct locale for Application locale.setlocale(locale.LC_ALL, str(self.locale)) @sanitize(email=EmailSanitizer(required=True)) @simple_response def request_new_license(self, email): license = LICENSE.dump_data() if license is None: raise umcm.UMC_CommandError(_('Cannot parse License from LDAP')) data = {} data['email'] = email data['licence'] = license data = urllib.urlencode(data) url = 'https://license.univention.de/keyid/conversion/submit' request = urllib2.Request(url, data=data, headers={'User-agent': 'UMC/AppCenter'}) try: util.urlopen(request) except Exception as e: try: # try to parse an html error body = e.read() detail = re.search( '<span id="details">(?P<details>.*?)</span>', body).group(1) except: detail = str(e) raise umcm.UMC_CommandError( _('An error occurred while sending the request: %s') % detail) else: return True @sanitize(pattern=PatternSanitizer(default='.*')) @simple_response def query(self, pattern): LICENSE.reload() try: applications = Application.all(force_reread=True) except (urllib2.HTTPError, urllib2.URLError) as e: raise umcm.UMC_CommandError( _('Could not query App Center: %s') % e) result = [] self.package_manager.reopen_cache() for application in applications: if pattern.search(application.name): props = application.to_dict(self.package_manager) # delete larger entries for ikey in ('readmeupdate', 'licenseagreement'): if ikey in props: del props[ikey] result.append(props) return result @sanitize(application=StringSanitizer(minimum=1, required=True)) @simple_response def get(self, application): LICENSE.reload() application = Application.find(application) self.package_manager.reopen_cache() return application.to_dict(self.package_manager) @sanitize(function=ChoicesSanitizer(['install', 'uninstall', 'update'], required=True), application=StringSanitizer(minimum=1, required=True), force=BooleanSanitizer()) def invoke(self, request): function = request.options.get('function') application_id = request.options.get('application') application = Application.find(application_id) force = request.options.get('force') try: # make sure that the application cane be installed/updated can_continue = True result = { 'install': [], 'remove': [], 'broken': [], } if not application: MODULE.info('Application not found: %s' % application_id) can_continue = False elif function == 'install' and not application.can_be_installed( self.package_manager): MODULE.info('Application cannot be installed: %s' % application_id) can_continue = False elif function == 'update' and not application.can_be_updated(): MODULE.info('Application cannot be updated: %s' % application_id) can_continue = False if can_continue and function in ('install', 'update'): result = application.install_dry_run(self.package_manager, self.component_manager, remove_component=False) if result['broken'] or (result['remove'] and not force): MODULE.info('Remove component: %s' % application_id) self.component_manager.remove_app(application) self.package_manager.update() can_continue = False elif can_continue and function in ('uninstall', ) and not force: result['remove'] = application.uninstall_dry_run( self.package_manager) can_continue = False result['can_continue'] = can_continue self.finished(request.id, result) if can_continue: def _thread(module, application, function): with module.package_manager.locked(reset_status=True, set_finished=True): with module.package_manager.no_umc_restart(): if function in ('install', 'update'): # dont have to add component: already added during dry_run return application.install( module.package_manager, module.component_manager, add_component=False) else: return application.uninstall( module.package_manager, module.component_manager) def _finished(thread, result): if isinstance(result, BaseException): MODULE.warn('Exception during %s %s: %s' % (function, application_id, str(result))) thread = notifier.threads.Simple( 'invoke', notifier.Callback(_thread, self, application, function), _finished) thread.run() except LockError: # make it thread safe: another process started a package manager # this module instance already has a running package manager raise umcm.UMC_CommandError( _('Another package operation is in progress')) @simple_response def app_center_app_license(self, application): application = Application.find(application) if not application or not application.get('licensefile'): raise umcm.UMC_CommandError( _('No license file available for application: %s') % (application.id)) # open the license file and replace line breaks with BR-tags fp = util.urlopen(application.get('licensefile')) txt = ''.join(fp.readlines()).strip() txt = txt.replace('\n\n\n', '\n<br>\n<br>\n<br>\n') txt = txt.replace('\n\n', '\n<br>\n<br>\n') return txt @simple_response def packages_sections(self): """ fills the 'sections' combobox in the search form """ sections = set() for package in self.package_manager.packages(): sections.add(package.section) return sorted(sections) @sanitize(pattern=PatternSanitizer(required=True)) @simple_response def packages_query(self, pattern, section='all', key='package'): """ Query to fill the grid. Structure is fixed here. """ result = [] for package in self.package_manager.packages(): if section == 'all' or package.section == section: toshow = False if pattern.pattern == '^.*$': toshow = True elif key == 'package' and pattern.search(package.name): toshow = True elif key == 'description' and pattern.search( package.candidate.raw_description): toshow = True if toshow: result.append(self._package_to_dict(package, full=False)) return result @simple_response def packages_get(self, package): """ retrieves full properties of one package """ package = self.package_manager.get_package(package) if package is not None: return self._package_to_dict(package, full=True) else: # TODO: 404? return {} @sanitize(function=MappingSanitizer( { 'install': 'install', 'upgrade': 'install', 'uninstall': 'remove', }, required=True), packages=ListSanitizer(StringSanitizer(minimum=1), required=True)) @simple_response def packages_invoke_dry_run(self, packages, function): packages = self.package_manager.get_packages(packages) kwargs = {'install': [], 'remove': [], 'dry_run': True} if function == 'install': kwargs['install'] = packages else: kwargs['remove'] = packages return dict( zip(['install', 'remove', 'broken'], self.package_manager.mark(**kwargs))) @sanitize(function=MappingSanitizer( { 'install': 'install', 'upgrade': 'install', 'uninstall': 'remove', }, required=True), packages=ListSanitizer(StringSanitizer(minimum=1), required=True)) def packages_invoke(self, request): """ executes an installer action """ packages = request.options.get('packages') function = request.options.get('function') try: with self.package_manager.locked(reset_status=True): not_found = [ pkg_name for pkg_name in packages if self.package_manager.get_package(pkg_name) is None ] self.finished(request.id, {'not_found': not_found}) if not not_found: def _thread(package_manager, function, packages): with package_manager.locked(set_finished=True): with package_manager.no_umc_restart(): if function == 'install': package_manager.install(*packages) else: package_manager.uninstall(*packages) def _finished(thread, result): if isinstance(result, BaseException): MODULE.warn('Exception during %s %s: %r' % (function, packages, str(result))) thread = notifier.threads.Simple( 'invoke', notifier.Callback(_thread, self.package_manager, function, packages), _finished) thread.run() except LockError: # make it thread safe: another process started a package manager # this module instance already has a running package manager raise umcm.UMC_CommandError( _('Another package operation is in progress')) @simple_response def progress(self): timeout = 5 return self.package_manager.poll(timeout) def _package_to_dict(self, package, full): """ Helper that extracts properties from a 'apt_pkg.Package' object and stores them into a dictionary. Depending on the 'full' switch, stores only limited (for grid display) or full (for detail view) set of properties. """ installed = package.installed # may be None candidate = package.candidate result = { 'package': package.name, 'installed': package.is_installed, 'upgradable': package.is_upgradable, 'summary': candidate.summary, } # add (and translate) a combined status field # *** NOTE *** we translate it here: if we would use the Custom Formatter # of the grid then clicking on the sort header would not work. if package.is_installed: if package.is_upgradable: result['status'] = _('upgradable') else: result['status'] = _('installed') else: result['status'] = _('not installed') # additional fields needed for detail view if full: result['section'] = package.section result['priority'] = package.priority # Some fields differ depending on whether the package is installed or not: if package.is_installed: result['summary'] = installed.summary # take the current one result['description'] = installed.description result['installed_version'] = installed.version result['size'] = installed.installed_size if package.is_upgradable: result['candidate_version'] = candidate.version else: del result[ 'upgradable'] # not installed: don't show 'upgradable' at all result['description'] = candidate.description result['size'] = candidate.installed_size result['candidate_version'] = candidate.version # format size to handle bytes size = result['size'] byte_mods = ['B', 'kB', 'MB'] for byte_mod in byte_mods: if size < 10000: break size = float(size) / 1000 # MB, not MiB else: size = size * 1000 # once too often if size == int(size): format_string = '%d %s' else: format_string = '%.2f %s' result['size'] = format_string % (size, byte_mod) return result @simple_response def components_query(self): """ Returns components list for the grid in the ComponentsPage. """ # be as current as possible. self.uu.ucr_reinit() self.ucr.load() result = [] for comp in self.uu.get_all_components(): result.append(self.component_manager.component(comp)) return result @sanitize_list(StringSanitizer()) @multi_response(single_values=True) def components_get(self, iterator, component_id): # be as current as possible. self.uu.ucr_reinit() self.ucr.load() for component_id in iterator: yield self.component_manager.component(component_id) @sanitize_list(DictSanitizer({'object': advanced_components_sanitizer})) @multi_response def components_put(self, iterator, object): """Writes back one or more component definitions. """ # umc.widgets.Form wraps the real data into an array: # # [ # { # 'object' : { ... a dict with the real data .. }, # 'options': None # }, # ... more such entries ... # ] # # Current approach is to return a similarly structured array, # filled with elements, each one corresponding to one array # element of the request: # # [ # { # 'status' : a number where 0 stands for success, anything else # is an error code # 'message' : a result message # 'object' : a dict of field -> error message mapping, allows # the form to show detailed error information # }, # ... more such entries ... # ] with util.set_save_commit_load(self.ucr) as super_ucr: for object, in iterator: yield self.component_manager.put(object, super_ucr) self.package_manager.update() # do the same as components_put (update) # but dont allow adding an already existing entry components_add = sanitize_list( DictSanitizer({'object': add_components_sanitizer}))(components_put) components_add.__name__ = 'components_add' @sanitize_list(StringSanitizer()) @multi_response(single_values=True) def components_del(self, iterator, component_id): for component_id in iterator: yield self.component_manager.remove(component_id) self.package_manager.update() @multi_response def settings_get(self, iterator): # *** IMPORTANT *** Our UCR copy must always be current. This is not only # to catch up changes made via other channels (ucr command line etc), # but also to reflect the changes we have made ourselves! self.ucr.load() for _ in iterator: yield { 'maintained': self.ucr.is_true('repository/online/maintained', False), 'unmaintained': self.ucr.is_true('repository/online/unmaintained', False), 'server': self.ucr.get('repository/online/server', ''), 'prefix': self.ucr.get('repository/online/prefix', ''), } @sanitize_list( DictSanitizer({'object': basic_components_sanitizer}), min_elements=1, max_elements=1 # moduleStore with one element... ) @multi_response def settings_put(self, iterator, object): # FIXME: returns values although it should yield (multi_response) changed = False # Set values into our UCR copy. try: with util.set_save_commit_load(self.ucr) as super_ucr: for object, in iterator: for key, value in object.iteritems(): MODULE.info( " ++ Setting new value for '%s' to '%s'" % (key, value)) super_ucr.set_registry_var( '%s/%s' % (constants.ONLINE_BASE, key), value) changed = super_ucr.changed() except Exception as e: MODULE.warn(" !! Writing UCR failed: %s" % str(e)) return [{'message': str(e), 'status': constants.PUT_WRITE_ERROR}] self.package_manager.update() # Bug #24878: emit a warning if repository is not reachable try: updater = self.uu for line in updater.print_version_repositories().split('\n'): if line.strip(): break else: raise ConfigurationError() except ConfigurationError: msg = _( "There is no repository at this server (or at least none for the current UCS version)" ) MODULE.warn(" !! Updater error: %s" % msg) response = {'message': msg, 'status': constants.PUT_UPDATER_ERROR} # if nothing was committed, we want a different type of error code, # just to appropriately inform the user if changed: response['status'] = constants.PUT_UPDATER_NOREPOS return [response] except: info = sys.exc_info() emsg = '%s: %s' % info[:2] MODULE.warn(" !! Updater error [%s]: %s" % (emsg)) return [{ 'message': str(info[1]), 'status': constants.PUT_UPDATER_ERROR }] return [{'status': constants.PUT_SUCCESS}]
class Instance(SchoolBaseModule): def __init__(self): SchoolBaseModule.__init__(self) self._tmpDir = None self._progress_state = util.Progress() self._lessons = SchoolLessons() def init(self): SchoolBaseModule.init(self) # initiate paths for data distribution util.distribution.initPaths() def destroy(self): # clean temporary data self._cleanTmpDir() def _cleanTmpDir(self): # copied from distribution module # clean up the temporary upload directory if self._tmpDir: MODULE.info('Clean up temporary directory: %s' % self._tmpDir) shutil.rmtree(self._tmpDir, ignore_errors=True) self._tmpDir = None @file_upload @sanitize( DictSanitizer(dict( filename=StringSanitizer(required=True), tmpfile=StringSanitizer(required=True), ), required=True)) def upload(self, request): # copied from distribution module # create a temporary upload directory, if it does not already exist if not self._tmpDir: self._tmpDir = tempfile.mkdtemp(prefix='ucsschool-exam-upload-') MODULE.info('Created temporary directory: %s' % self._tmpDir) for file in request.options: filename = self.__workaround_filename_bug(file) destPath = os.path.join(self._tmpDir, filename) MODULE.info('Received file %r, saving it to %r' % (file['tmpfile'], destPath)) shutil.move(file['tmpfile'], destPath) self.finished(request.id, None) def __workaround_filename_bug(self, file): # the following code block is a heuristic to support both: fixed and unfixed Bug #37716 filename = file['filename'] try: # The UMC-Webserver decodes filename in latin-1, need to revert filename = filename.encode('ISO8859-1') except UnicodeEncodeError: # we got non-latin characters, Bug #37716 is fixed and string contains e.g. '→' filename = file['filename'].encode('UTF-8') else: # the string contains at least no non-latin1 characters try: # try if the bytes could be UTF-8 # can't fail if Bug #37716 is fixed filename.decode('UTF-8') except UnicodeDecodeError: filename = file['filename'].encode( 'UTF-8') # Bug #37716 was fixed MODULE.info('Detected filename %r as %r' % (file['filename'], filename)) # the code block can be removed and replaced by filename = file['filename'].encode('UTF-8') after Bug #37716 return filename @simple_response def internetrules(self): # copied from computerroom module """Returns a list of available internet rules""" return [x.name for x in internetrules.list()] @simple_response def lesson_end(self): current = self._lessons.current if current is not None: return current.end.strftime('%H:%M') return (datetime.datetime.now() + datetime.timedelta(minutes=45)).strftime('%H:%M') @simple_response def progress(self): return self._progress_state.poll() @sanitize( name=StringSanitizer(required=True), room=StringSanitizer(required=True), school=SchoolSanitizer(required=True), directory=StringSanitizer(required=True), shareMode=StringSanitizer(required=True), internetRule=StringSanitizer(required=True), customRule=StringSanitizer(), examEndTime=StringSanitizer(required=True), recipients=ListSanitizer(StringSanitizer(minimum=1), required=True), files=ListSanitizer(StringSanitizer()), ) @require_password @LDAP_Connection() def start_exam(self, request, ldap_user_read=None, ldap_position=None): # reset the current progress state # steps: # 5 -> for preparing exam room # 25 -> for cloning users # 25 -> for each replicated users + copy of the profile directory # 20 -> distribution of exam files # 10 -> setting room properties progress = self._progress_state progress.reset(85) progress.component(_('Initializing')) # create that holds a reference to project, otherwise _thread() cannot # set the project variable in the scope of start_exam: my = type("", (), dict(project=None))() # create a User object for the teacher # perform this LDAP operation outside the thread, to avoid tracebacks # in case of an LDAP timeout sender = util.distribution.openRecipients(self.user_dn, ldap_user_read) if not sender: raise UMC_Error( _('Could not authenticate user "%s"!') % self.user_dn) def _thread(): # make sure that a project with the same name does not exist directory = request.options['directory'] # get absolute path of project file and test for existance fn_test_project = util.distribution.Project.sanitize_project_filename( directory) if os.path.exists(fn_test_project): raise UMC_Error( _('An exam with the name "%s" already exists. Please choose a different name for the exam.' ) % (directory, )) # validate the project data and save project my.project = util.distribution.Project( dict( name=directory, description=request.options['name'], files=request.options.get('files'), sender=sender, )) my.project.validate() my.project.save() # copy files into project directory if self._tmpDir: for ifile in my.project.files: isrc = os.path.join(self._tmpDir, ifile) itarget = os.path.join(my.project.cachedir, ifile) if os.path.exists(isrc): # copy file to cachedir shutil.move(isrc, itarget) os.chown(itarget, 0, 0) # open a new connection to the master UMC try: master = ucr['ldap/master'] client = Client(master) client.authenticate_with_machine_account() except (ConnectionError, HTTPError) as exc: MODULE.error('Could not connect to UMC on %s: %s' % (master, exc)) raise UMC_Error( _('Could not connect to master server %s.') % ucr.get('ldap/master')) # mark the computer room for exam mode progress.component( _('Preparing the computer room for exam mode...')) client.umc_command( 'schoolexam-master/set-computerroom-exammode', dict( school=request.options['school'], roomdn=request.options['room'], )).result # FIXME: no error handling progress.add_steps(5) # read all recipients and fetch all user objects users = [] for idn in request.options['recipients']: ientry = util.distribution.openRecipients(idn, ldap_user_read) if not ientry: continue # recipients can in theory be users or groups members = [] if isinstance(ientry, util.distribution.User): members = [ientry] elif isinstance(ientry, util.distribution.Group): members = ientry.members for entry in members: # ignore exam users user = User.from_dn(entry.dn, None, ldap_user_read) if not user.is_exam_student(ldap_user_read): users.append(entry) # start to create exam user accounts progress.component(_('Preparing exam accounts')) percentPerUser = 25.0 / (1 + len(users)) examUsers = set() student_dns = set() usersReplicated = set() for iuser in users: progress.info( '%s, %s (%s)' % (iuser.lastname, iuser.firstname, iuser.username)) try: ires = client.umc_command( 'schoolexam-master/create-exam-user', dict( school=request.options['school'], userdn=iuser.dn, )).result examuser_dn = ires.get('examuserdn') examUsers.add(examuser_dn) student_dns.add(iuser.dn) MODULE.info('Exam user has been created: %r' % examuser_dn) except (ConnectionError, HTTPError) as exc: MODULE.warn( 'Could not create exam user account for %r: %s' % (iuser.dn, exc)) # indicate the the user has been processed progress.add_steps(percentPerUser) client.umc_command( 'schoolexam-master/add-exam-users-to-groups', dict( users=list(student_dns), school=request.options['school'], )) progress.add_steps(percentPerUser) # wait for the replication of all users to be finished progress.component(_('Preparing user home directories')) recipients = [] # list of User objects for all exam users openAttempts = 30 * 60 # wait max. 30 minutes for replication while (len(examUsers) > len(usersReplicated)) and (openAttempts > 0): openAttempts -= 1 MODULE.info( 'waiting for replication to be finished, %s user objects missing' % (len(examUsers) - len(usersReplicated))) for idn in examUsers - usersReplicated: try: ldap_user_read.get(idn, required=True) except ldap.NO_SUCH_OBJECT: continue # not replicated yet iuser = util.distribution.openRecipients( idn, ldap_user_read) if not iuser: continue # not a users/user object MODULE.info('user has been replicated: %s' % idn) # call hook scripts if 0 != subprocess.call([ '/bin/run-parts', CREATE_USER_POST_HOOK_DIR, '--arg', iuser.username, '--arg', iuser.dn, '--arg', iuser.homedir ]): raise ValueError( 'failed to run hook scripts for user %r' % (iuser.username)) # store User object in list of final recipients recipients.append(iuser) # mark the user as replicated usersReplicated.add(idn) progress.info( '%s, %s (%s)' % (iuser.lastname, iuser.firstname, iuser.username)) progress.add_steps(percentPerUser) # wait a second time.sleep(1) progress.add_steps(percentPerUser) if openAttempts <= 0: MODULE.error( 'replication timeout - %s user objects missing: %r ' % ((len(examUsers) - len(usersReplicated)), (examUsers - usersReplicated))) raise UMC_Error( _('Replication timeout: could not create all exam users')) # update the final list of recipients my.project.recipients = recipients my.project.save() # update local NSS group cache if ucr.is_true('nss/group/cachefile', True): cmd = ['/usr/lib/univention-pam/ldap-group-to-file.py'] if ucr.is_true('nss/group/cachefile/check_member', False): cmd.append('--check_member') MODULE.info('Updating local nss group cache...') if subprocess.call(cmd): MODULE.error('Updating local nss group cache failed: %s' % ' '.join(cmd)) else: MODULE.info( 'Update of local nss group cache finished successfully.' ) # distribute exam files progress.component(_('Distributing exam files')) progress.info('') my.project.distribute() progress.add_steps(20) # prepare room settings via UMCP... # first step: acquire room # second step: adjust room settings progress.component(_('Prepare room settings')) try: user_client = Client(None, self.username, self.password) except (ConnectionError, HTTPError) as exc: MODULE.warn('Authentication failed: %s' % (exc, )) raise UMC_Error(_('Could not connect to local UMC server.')) room = request.options['room'] MODULE.info('Acquire room: %s' % (room, )) user_client.umc_command('computerroom/room/acquire', dict( room=request.options['room'], )).result progress.add_steps(1) MODULE.info('Adjust room settings:\n%s' % '\n'.join( [' %s=%s' % (k, v) for k, v in request.options.iteritems()])) user_client.umc_command( 'computerroom/exam/start', dict( room=room, examDescription=request.options['name'], exam=directory, examEndTime=request.options.get('examEndTime'), )).result progress.add_steps(4) user_client.umc_command( 'computerroom/settings/set', dict( room=room, internetRule=request.options['internetRule'], customRule=request.options.get('customRule'), shareMode=request.options['shareMode'], printMode='default', )).result progress.add_steps(5) def _finished(thread, result, request): # mark the progress state as finished progress.info(_('finished...')) progress.finish() # finish the request at the end in order to force the module to keep # running until all actions have been completed success = not isinstance(result, BaseException) response = dict(success=success) if success: # remove uploaded files from cache self._cleanTmpDir() else: msg = str(result) if not isinstance(result, UMC_Error): response = result msg = ''.join(traceback.format_exception(*thread.exc_info)) progress.error(msg) # in case a distribution project has already be written to disk, purge it if my.project: my.project.purge() self.thread_finished_callback(thread, response, request) thread = notifier.threads.Simple('start_exam', _thread, notifier.Callback(_finished, request)) thread.run() @sanitize( exam=StringSanitizer(required=True), ) @simple_response def collect_exam(self, exam): project = util.distribution.Project.load(exam) if not project: raise UMC_Error(_('No files have been distributed')) project.collect() return True @sanitize( room=DNSanitizer(required=True), ) @LDAP_Connection() def validate_room(self, request, ldap_user_read=None, ldap_position=None): error = None dn = request.options['room'] room = ComputerRoom.from_dn(dn, None, ldap_user_read) if not room.hosts: # FIXME: raise UMC_Error() error = _( 'Room "%s" does not contain any computers. Empty rooms may not be used to start an exam.' ) % room.get_relative_name() self.finished(request.id, error) @sanitize( room=StringSanitizer(required=True), exam=StringSanitizer(required=True), ) def finish_exam(self, request): # reset the current progress state # steps: # 10 -> collecting exam files # 5 -> for preparing exam room # 25 -> for cloning users progress = self._progress_state progress.reset(40) progress.component(_('Initializing')) # try to open project file project = util.distribution.Project.load(request.options.get('exam')) if not project: # the project file does not exist... ignore problem MODULE.warn( 'The project file for exam %s does not exist. Ignoring and finishing exam mode.' % request.options.get('exam')) def _thread(): # perform all actions inside a thread... # collect files progress.component(_('Collecting exam files...')) if project: project.collect() progress.add_steps(10) # open a new connection to the master UMC master = ucr['ldap/master'] try: client = Client(master) client.authenticate_with_machine_account() except (ConnectionError, HTTPError) as exc: MODULE.error('Could not connect to UMC on %s: %s' % (master, exc)) raise UMC_Error( _('Could not connect to master server %s.') % (master, )) school = SchoolSearchBase.getOU(request.options['room']) # unset exam mode for the given computer room progress.component(_('Configuring the computer room...')) client.umc_command( 'schoolexam-master/unset-computerroom-exammode', dict( roomdn=request.options['room'], school=school, )).result progress.add_steps(5) # delete exam users accounts if project: # get a list of user accounts in parallel exams parallelUsers = dict([ (iuser.username, iproject.description) for iproject in util.distribution.Project.list() if iproject.name != project.name for iuser in iproject.recipients ]) progress.component(_('Removing exam accounts')) percentPerUser = 25.0 / (1 + len(project.recipients)) for iuser in project.recipients: progress.info( '%s, %s (%s)' % (iuser.lastname, iuser.firstname, iuser.username)) try: if iuser.username not in parallelUsers: # remove first the home directory shutil.rmtree(iuser.unixhome, ignore_errors=True) # remove LDAP user entry client.umc_command( 'schoolexam-master/remove-exam-user', dict( userdn=iuser.dn, school=school, )).result MODULE.info('Exam user has been removed: %s' % iuser.dn) else: MODULE.process( 'Cannot remove the user account %s as it is registered for the running exam "%s", as well' % (iuser.dn, parallelUsers[iuser.username])) except (ConnectionError, HTTPError) as e: MODULE.warn( 'Could not remove exam user account %s: %s' % (iuser.dn, e)) # indicate the user has been processed progress.add_steps(percentPerUser) progress.add_steps(percentPerUser) def _finished(thread, result): # mark the progress state as finished progress.info(_('finished...')) progress.finish() # running until all actions have been completed if isinstance(result, BaseException): msg = ''.join(traceback.format_exception(*thread.exc_info)) MODULE.error('Exception during exam_finish: %s' % msg) self.finished(request.id, dict(success=False)) progress.error( _('An unexpected error occurred during the preparation: %s' ) % result) else: self.finished(request.id, dict(success=True)) if project: # purge project project.purge() # remove uploaded files from cache self._cleanTmpDir() thread = notifier.threads.Simple('start_exam', _thread, _finished) thread.run()
class Instance(SchoolBaseModule): def query(self, request): """Searches for internet filter rules requests.options = {} 'pattern' -- pattern to match within the rule name or the list of domains """ MODULE.info('internetrules.query: options: %s' % str(request.options)) pattern = request.options.get('pattern', '').lower() def _matchDomain(domains): # helper function to match pattern within the list of domains matches = [idom for idom in domains if pattern in idom.lower()] return 0 < len(matches) # filter out all rules that match the given pattern result = [ dict( name=irule.name, type=_filterTypesInv[irule.type], domains=len(irule.domains), priority=irule.priority, wlan=irule.wlan, ) for irule in rules.list() if pattern in irule.name.lower() or _matchDomain(irule.domains) ] MODULE.info('internetrules.query: results: %s' % str(result)) self.finished(request.id, result) @sanitize(StringSanitizer()) def get(self, request): """Returns the specified rules requests.options = [ <ruleName>, ... ] """ MODULE.info('internetrules.get: options: %s' % str(request.options)) result = [] # fetch all rules with the given names (we need to make sure that "name" is UTF8) names = set(iname.encode('utf8') for iname in request.options) result = [ dict( name=irule.name, type=_filterTypesInv[irule.type], domains=irule.domains, priority=irule.priority, wlan=irule.wlan, ) for irule in rules.list() if irule.name in names ] MODULE.info('internetrules.get: results: %s' % str(result)) self.finished(request.id, result) @sanitize(DictSanitizer(dict(object=StringSanitizer()), required=True)) def remove(self, request): """Removes the specified rules requests.options = [ { "object": <ruleName> }, ... ] """ MODULE.info('internetrules.remove: options: %s' % str(request.options)) result = [] # fetch all rules with the given names for ientry in request.options: iname = ientry['object'] success = False if iname: success = rules.remove(iname) result.append(dict(name=iname, success=success)) MODULE.info('internetrules.remove: results: %s' % str(result)) self.finished(request.id, result) @staticmethod def _parseRule(iprops, forceAllProperties=False): # validate types for ikey, itype in (('name', basestring), ('type', basestring), ('priority', (int, basestring)), ('wlan', bool), ('domains', list)): if ikey not in iprops: if forceAllProperties: # raise exception as the key is not present raise ValueError( _('The key "%s" has not been specified: %s') % (ikey, iprops)) continue if not isinstance(iprops[ikey], itype): typeStr = '' if isinstance(itype, tuple): typeStr = ', '.join([i.__name__ for i in itype]) else: typeStr = itype.__name__ raise ValueError( _('The key "%s" needs to be of type: %s') % (ikey, typeStr)) # validate name if 'name' in iprops and not univention.config_registry.validate_key( iprops['name'].encode('utf-8')): raise ValueError( _('Invalid rule name "%s". The name needs to be a string, the following special characters are not allowed: %s' ) % (iprops.get('name'), '!, ", §, $, %, &, (, ), [, ], {, }, =, ?, `, +, #, \', ",", ;, <, >, \\' )) # validate type if 'type' in iprops and iprops['type'] not in _filterTypes: raise ValueError(_('Filter type is unknown: %s') % iprops['type']) # validate domains if 'domains' in iprops: parsedDomains = [] for idomain in iprops['domains']: def _validValueChar(): # helper function to check for invalid characters for ichar in idomain: if ichar in univention.config_registry.backend.INVALID_VALUE_CHARS: return False return True if not isinstance(idomain, basestring) or not _validValueChar(): raise ValueError(_('Invalid domain ')) # parse domain domain = idomain if '://' not in domain: # make sure that we have a scheme defined for parsing MODULE.info( 'Adding a leading scheme for parsing of domain: %s' % idomain) domain = 'http://%s' % domain domain = urlparse(domain).hostname MODULE.info('Parsed domain: %s -> %s' % (idomain, domain)) if not domain: raise ValueError( _('The specified domain "%s" is not valid. Please specify a valid domain name, such as "wikipedia.org", "facebook.com"' ) % idomain) # add domain to list of parsed domains parsedDomains.append(domain) # save parsed domains in the dict iprops['domains'] = parsedDomains return iprops @sanitize( DictSanitizer(dict(object=DictSanitizer(dict( name=StringSanitizer(required=True), type=ChoicesSanitizer(list(_filterTypes.keys()), required=True), wlan=BooleanSanitizer(required=True), priority=IntegerSanitizer(required=True), domains=ListSanitizer(StringSanitizer(required=True), required=True), ), required=True)), required=True)) def add(self, request): """Add the specified new rules: requests.options = [ { 'object': { 'name': <str>, 'type': 'whitelist' | 'blacklist', 'priority': <int> | <str>, 'wlan': <bool>, 'domains': [<str>, ...], } }, ... ] """ # try to create all specified projects result = [] for ientry in request.options: iprops = ientry['object'] try: # make sure that the rule does not already exist irule = rules.load(iprops['name']) if irule: raise ValueError( _('A rule with the same name does already exist: %s') % iprops['name']) # parse the properties parsedProps = self._parseRule(iprops, True) # create a new rule from the user input newRule = rules.Rule( name=parsedProps['name'], type=_filterTypes[parsedProps['type']], priority=parsedProps['priority'], wlan=parsedProps['wlan'], domains=parsedProps['domains'], ) # try to save filter rule newRule.save() MODULE.info('Created new rule: %s' % newRule) # everything ok result.append(dict(name=iprops['name'], success=True)) except (ValueError, KeyError) as e: # data not valid... create error info MODULE.info( 'data for internet filter rule "%s" is not valid: %s' % (iprops.get('name'), e)) result.append( dict(name=iprops.get('name'), success=False, details=str(e))) # return the results self.finished(request.id, result) @sanitize( DictSanitizer(dict( object=DictSanitizer(dict( name=StringSanitizer(required=True), type=ChoicesSanitizer(list(_filterTypes.keys()), required=True), wlan=BooleanSanitizer(required=True), priority=IntegerSanitizer(required=True), domains=ListSanitizer(StringSanitizer(required=True), required=True), ), required=True), options=DictSanitizer(dict(name=StringSanitizer()), required=True), ), required=True)) def put(self, request): """Modify an existing rules: requests.options = [ { 'object': { 'name': <str>, # optional 'type': 'whitelist' | 'blacklist', # optional 'priority': <int>, # optional 'wlan': <bool>, # optional 'domains': [<str>, ...], # optional }, 'options': { 'name': <str> # the original name of the object } }, ... ] """ # try to create all specified projects result = [] for ientry in request.options: try: # get properties and options from entry iprops = ientry['object'] iname = None ioptions = ientry.get('options') if ioptions: iname = ioptions.get('name') if not iname: raise ValueError( _('No "name" attribute has been specified in the options.' )) # make sure that the rule already exists irule = rules.load(iname) if not irule: raise ValueError( _('The rule does not exist and cannot be modified: %s') % iprops.get('name', '')) # parse the properties self._parseRule(iprops) if iprops.get('name', iname) != iname: # name has been changed -> remove old rule and create a new one rules.remove(iname) irule.name = iprops['name'] if 'type' in iprops: # set rule type, move all domains from the previous type oldDomains = irule.domains irule.domains = [] irule.type = _filterTypes[iprops['type']] irule.domains = oldDomains if 'priority' in iprops: # set priority irule.priority = iprops['priority'] if 'wlan' in iprops: # set wlan irule.wlan = iprops['wlan'] if 'domains' in iprops: # set domains irule.domains = iprops['domains'] # try to save filter rule irule.save() MODULE.info('Saved rule: %s' % irule) # everything ok result.append(dict(name=iname, success=True)) except ValueError as e: # data not valid... create error info MODULE.info( 'data for internet filter rule "%s" is not valid: %s' % (iprops.get('name'), e)) result.append( dict(name=iprops.get('name'), success=False, details=str(e))) # return the results self.finished(request.id, result) @sanitize(school=SchoolSanitizer(required=True), pattern=StringSanitizer(default='')) @LDAP_Connection() def groups_query(self, request, ldap_user_read=None, ldap_position=None): """List all groups (classes, workgroups) and their assigned internet rule""" pattern = LDAP_Filter.forAll(request.options.get('pattern', ''), ['name', 'description']) school = request.options['school'] groups = [ x for x in Group.get_all(ldap_user_read, school, pattern) if not x.self_is_computerroom() ] internet_rules = rules.getGroupRuleName([i.name for i in groups]) name = re.compile('-%s$' % (re.escape(school)), flags=re.I) result = [{ 'name': i.get_relative_name() if hasattr(i, 'get_relative_name') else name.sub('', i.name), '$dn$': i.dn, 'rule': internet_rules.get(i.name, 'default') or _('-- Default (unrestricted) --') } for i in groups] result.sort(cmp=lambda x, y: cmp(x.lower(), y.lower()), key=lambda x: x['name']) self.finished(request.id, result) @sanitize( DictSanitizer( dict( group=StringSanitizer(required=True), rule=StringSanitizer(required=True), ))) @LDAP_Connection() def groups_assign(self, request, ldap_user_read=None, ldap_position=None): """Assigns default rules to groups: request.options = [ { 'group': <groupDN>, 'rule': <ruleName> }, ... ] """ MODULE.info('internetrules.groups_assign: options: %s' % str(request.options)) # try to load all group rules newRules = {} rmRules = [] for ientry in request.options: # make sure the group exists igrp = udm_objects.get(udm_modules.get('groups/group'), None, ldap_user_read, ldap_position, ientry['group']) if not igrp: raise UMC_Error('unknown group object') igrp.open() # check the rule name irule = ientry['rule'] if irule == '$default$': # remove the rule rmRules.append(igrp['name']) else: try: # make sure the rule name is valid self._parseRule(dict(name=irule)) except ValueError as exc: raise UMC_Error(str(exc)) # add new rule newRules[igrp['name']] = irule # assign default filter rules to groups rules.setGroupRuleName(newRules) rules.unsetGroupRuleName(rmRules) MODULE.info('internetrules.groups_assign: finished') self.finished(request.id, True)
class Instance(SchoolBaseModule): def __init__(self): SchoolBaseModule.__init__(self) self._tmpDir = None def init(self): SchoolBaseModule.init(self) # initiate paths for data distribution util.initPaths() def destroy(self): self._cleanTmpDir() def _cleanTmpDir(self): # clean up the temporary upload directory if self._tmpDir: MODULE.info('Clean up temporary directory: %s' % self._tmpDir) shutil.rmtree(self._tmpDir, ignore_errors=True) self._tmpDir = None @file_upload @sanitize(DictSanitizer(dict( filename=StringSanitizer(required=True), tmpfile=StringSanitizer(required=True), ), required=True)) def upload(self, request): # create a temporary upload directory, if it does not already exist if not self._tmpDir: self._tmpDir = tempfile.mkdtemp(prefix='ucsschool-distribution-upload-') MODULE.info('Created temporary directory: %s' % self._tmpDir) for file in request.options: filename = self.__workaround_filename_bug(file) destPath = os.path.join(self._tmpDir, filename) MODULE.info('Received file %r, saving it to %r' % (file['tmpfile'], destPath)) shutil.move(file['tmpfile'], destPath) self.finished(request.id, None) def __workaround_filename_bug(self, file): # the following code block is a heuristic to support both: fixed and unfixed Bug #37716 filename = file['filename'] try: # The UMC-Webserver decodes filename in latin-1, need to revert filename = filename.encode('ISO8859-1') except UnicodeEncodeError: # we got non-latin characters, Bug #37716 is fixed and string contains e.g. '→' filename = file['filename'].encode('UTF-8') else: # the string contains at least no non-latin1 characters try: # try if the bytes could be UTF-8 # can't fail if Bug #37716 is fixed filename.decode('UTF-8') except UnicodeDecodeError: filename = file['filename'].encode('UTF-8') # Bug #37716 was fixed MODULE.info('Detected filename %r as %r' % (file['filename'], filename)) # the code block can be removed and replaced by filename = file['filename'].encode('UTF-8') after Bug #37716 return filename @sanitize( filenames=ListSanitizer(min_elements=1), # project=StringSanitizer(allow_none=True) ) @simple_response def checkfiles(self, project, filenames): '''Checks whether the given filename has already been uploaded: request.options: { 'filenames': [ '...', ... ], project: '...' } returns: { 'filename': '...', 'sessionDuplicate': True|False, 'projectDuplicate': True|False, 'distributed': True|False } ''' # load project if project: project = util.Project.load(project) result = [] for ifile in filenames: ifile = ifile.encode('UTF-8') # check whether file has already been upload in this session iresult = dict(sessionDuplicate=False, projectDuplicate=False, distributed=False) iresult['filename'] = ifile iresult['sessionDuplicate'] = self._tmpDir is not None and os.path.exists(os.path.join(self._tmpDir, ifile)) # check whether the file exists in the specified project and whether # it has already been distributed if project: iresult['projectDuplicate'] = ifile in project.files iresult['distributed'] = ifile in project.files and not os.path.exists(os.path.join(project.cachedir, ifile)) result.append(iresult) return result @sanitize( pattern=PatternSanitizer(required=False, default='.*'), filter=ChoicesSanitizer(['all', 'private'], default='private') ) @simple_response def query(self, pattern, filter): result = [dict( # only show necessary information description=i.description, name=i.name, sender=i.sender.username, recipients=len(i.recipients), files=len(i.files), isDistributed=i.isDistributed ) for i in util.Project.list() if (pattern.match(i.name) or pattern.match(i.description)) and (filter == 'all' or compare_dn(i.sender.dn, self.user_dn)) ] return result @LDAP_Connection() def _get_sender(self, ldap_user_read=None, ldap_position=None): '''Return a User instance of the currently logged in user.''' try: user = User.from_dn(self.user_dn, None, ldap_user_read) obj = user.get_udm_object(ldap_user_read) return util.User(obj.info, dn=obj.dn) except udm_exceptions.base as exc: raise UMC_Error(_('Failed to load user information: %s') % exc) @sanitize(DictSanitizer(dict(object=DictSanitizer({}, required=True)), required=True)) def put(self, request): """Modify an existing project""" result = [self._save(entry['object'], True) for entry in request.options] self.finished(request.id, result) @sanitize(DictSanitizer(dict(object=DictSanitizer({}, required=True)), required=True)) def add(self, request): """Add a new project""" result = [self._save(entry['object'], False) for entry in request.options] self.finished(request.id, result) @LDAP_Connection() def _save(self, iprops, doUpdate=True, ldap_user_read=None, ldap_position=None): # try to open the UDM user object of the current user sender = self._get_sender() try: # remove keys that may not be set from outside for k in ('atJobNumCollect', 'atJobNumDistribute'): iprops.pop(k, None) # transform filenames into bytestrings iprops['files'] = [f.encode('UTF-8') for f in iprops.get('files', [])] # load the project or create a new one project = None orgProject = None if doUpdate: # try to load the given project orgProject = util.Project.load(iprops.get('name', '')) if not orgProject: raise UMC_Error(_('The specified project does not exist: %s') % iprops['name']) # create a new project with the updated values project = util.Project(orgProject.dict) project.update(iprops) else: # create a new project project = util.Project(iprops) # make sure that the project owner himself is modifying the project if doUpdate and not compare_dn(project.sender.dn, self.user_dn): raise UMC_Error(_('The project can only be modified by the owner himself')) # handle time settings for distribution/collection of project files for jsuffix, jprop, jname in (('distribute', 'starttime', _('Project distribution')), ('collect', 'deadline', _('Project collection'))): if '%sType' % jsuffix in iprops: # check the distribution/collection type: manual/automat jtype = (iprops['%sType' % jsuffix]).lower() if jtype == 'automatic': try: # try to parse the given time parameters strtime = '%s %s' % (iprops['%sDate' % jsuffix], iprops['%sTime' % jsuffix]) jdate = datetime.strptime(strtime, '%Y-%m-%d %H:%M') setattr(project, jprop, jdate) except ValueError: raise UMC_Error(_('Could not set date for: %s') % jname) # make sure the execution time lies sufficiently in the future if getattr(project, jprop) - datetime.now() < timedelta(minutes=1): raise UMC_Error(_('The specified time needs to lie in the future for: %s') % jname) else: # manual distribution/collection setattr(project, jprop, None) if project.starttime and project.deadline: # make sure distributing happens before collecting if project.deadline - project.starttime < timedelta(minutes=3): raise UMC_Error(_('Distributing the data needs to happen sufficiently long enough before collecting them')) if 'recipients' in iprops: # lookup the users in LDAP and save them to the project project.recipients = [util.openRecipients(idn, ldap_user_read) for idn in iprops.get('recipients', [])] project.recipients = [x for x in project.recipients if x] MODULE.info('recipients: %s' % (project.recipients,)) if not doUpdate: # set the sender (i.e., owner) of the project project.sender = sender # initiate project and validate its values project.validate() # make sure that there is no other project with the same directory name # if we add new projects if not doUpdate and project.isNameInUse(): MODULE.error('The project name is already in use: %s' % (project.name)) raise UMC_Error(_('The specified project directory name "%s" is already in use by a different project.') % (project.name)) # try to save project to disk project.save() # move new files into project directory if self._tmpDir: for ifile in project.files: isrc = os.path.join(self._tmpDir, ifile) itarget = os.path.join(project.cachedir, ifile) if os.path.exists(isrc): # mv file to cachedir shutil.move(isrc, itarget) os.chown(itarget, 0, 0) # remove files that have been marked for removal if doUpdate: for ifile in set(orgProject.files) - set(project.files): itarget = os.path.join(project.cachedir, ifile) try: os.remove(itarget) except OSError: pass # re-distribute the project in case it has already been distributed if doUpdate and project.isDistributed: usersFailed = [] project.distribute(usersFailed) if usersFailed: # not all files could be distributed MODULE.info('Failed processing the following users: %s' % usersFailed) usersStr = ', '.join([Display.user(i) for i in usersFailed]) raise UMC_Error(_('The project could not distributed to the following users: %s') % usersStr) except (IOError, OSError, UMC_Error): # TODO: catch only UMC_Error etype, exc, etraceback = sys.exc_info() # data not valid... create error info MODULE.info('data for project "%s" is not valid: %s' % (iprops.get('name'), exc)) if not doUpdate: # remove eventually created project file and cache dir for ipath in (project.projectfile, project.cachedir): if os.path.basename(ipath) not in os.listdir(util.DISTRIBUTION_DATA_PATH): # no file / directory has been created yet continue try: MODULE.info('cleaning up... removing: %s' % ipath) shutil.rmtree(ipath) except (IOError, OSError): pass raise UMC_Error, exc, etraceback self._cleanTmpDir() return {'success': True, 'name': iprops.get('name')} @sanitize(StringSanitizer(required=True)) @LDAP_Connection() def get(self, request, ldap_user_read=None, ldap_position=None): """Returns the objects for the given IDs requests.options = [ <ID>, ... ] return: [ { ... }, ... ] """ # try to load all given projects result = [] # list of all project properties (dicts) or None if project is not valid for iproject in [util.Project.load(iid) for iid in request.options]: # make sure that project could be loaded if not iproject: result.append(None) continue # make sure that only the project owner himself (or an admin) is able # to see the content of a project if request.flavor == 'teacher' and not compare_dn(iproject.sender.dn, self.user_dn): raise UMC_Error(_('Project details are only visible to the project owner himself or an administrator.'), status=403) # prepare date and time properties for distribution/collection of project files props = iproject.dict for jjob, jsuffix in ((iproject.atJobDistribute, 'distribute'), (iproject.atJobCollect, 'collect')): MODULE.info('check job: %s' % jsuffix) if not jjob: # no job is registered -> manual job distribution/collection MODULE.info('no existing job -> manual execution') props['%sType' % jsuffix] = 'manual' continue # job is registered -> prepare date and time fields MODULE.info('job nr #%d scheduled for %s -> automatic execution' % (jjob.nr, jjob.execTime)) props['%sType' % jsuffix] = 'automatic' props['%sDate' % jsuffix] = datetime.strftime(jjob.execTime, '%Y-%m-%d') props['%sTime' % jsuffix] = datetime.strftime(jjob.execTime, '%H:%M') # adjust sender / recipients properties props['sender'] = props['sender'].username recipients = [] for recip in props['recipients']: recipients.append({ 'id': recip.dn, 'label': recip.type == util.TYPE_USER and Display.user(recip.dict) or recip.name }) props['recipients'] = recipients # append final dict to result list MODULE.info('final project dict: %s' % props) result.append(props) self.finished(request.id, result) @sanitize(StringSanitizer(required=True)) def distribute(self, request): # update the sender information of the selected projects result = [] for iid in request.options: MODULE.info('Distribute project: %s' % iid) try: # make sure that project could be loaded iproject = util.Project.load(iid) if not iproject: raise IOError(_('Project "%s" could not be loaded') % iid) # make sure that only the project owner himself (or an admin) is able # to distribute a project if request.flavor == 'teacher' and not compare_dn(iproject.sender.dn, self.user_dn): raise ValueError(_('Only the owner himself or an administrator may distribute a project.')) # project was loaded successfully... try to distribute it usersFailed = [] iproject.distribute(usersFailed) # raise an error in case distribution failed for some users if usersFailed: MODULE.info('Failed processing the following users: %s' % usersFailed) usersStr = ', '.join([Display.user(i) for i in usersFailed]) raise IOError(_('The project could not distributed to the following users: %s') % usersStr) # save result result.append(dict( name=iid, success=True )) except (ValueError, IOError) as exc: result.append(dict( name=iid, success=False, details=str(exc) )) # return the results self.finished(request.id, result) @sanitize(StringSanitizer(required=True)) def collect(self, request): # try to open the UDM user object of the current user sender = self._get_sender() # update the sender information of the selected projects result = [] for iid in request.options: MODULE.info('Collect project: %s' % iid) try: # make sure that project could be loaded iproject = util.Project.load(iid) if not iproject: raise IOError(_('Project "%s" could not be loaded') % iid) # replace the projects sender with the current logged in user iproject.sender = sender # project was loaded successfully... try to distribute it dirsFailed = [] iproject.collect(dirsFailed) # raise an error in case distribution failed for some users if dirsFailed: dirsStr = ', '.join(dirsFailed) MODULE.info('Failed collecting the following dirs: %s' % dirsStr) raise IOError(_('The following user directories could not been collected: %s') % dirsStr) # save result result.append(dict( name=iid, success=True )) except (ValueError, IOError) as exc: result.append(dict( name=iid, success=False, details=str(exc) )) # return the results self.finished(request.id, result) @sanitize(StringSanitizer(required=True)) def adopt(self, request): # try to open the UDM user object of the current user sender = self._get_sender() # update the sender information of the selected projects result = [] for iid in request.options: try: # make sure that project could be loaded iproject = util.Project.load(iid) if not iproject: raise IOError(_('Project "%s" could not be loaded') % iid) # project was loaded successfully iproject.sender = sender iproject.save() except (ValueError, IOError) as exc: result.append(dict( name=iid, success=False, details=str(exc) )) # return the results self.finished(request.id, result) @sanitize(DictSanitizer(dict(object=StringSanitizer(required=True)), required=True)) def remove(self, request): """Removes the specified projects""" for iproject in [util.Project.load(ientry.get('object')) for ientry in request.options]: if not iproject: continue # make sure that only the project owner himself (or an admin) is able # to see the content of a project if request.flavor == 'teacher' and not compare_dn(iproject.sender.dn, self.user_dn): raise UMC_Error(_('Only the owner himself or an administrator may delete a project.'), status=403) # purge the project iproject.purge() self.finished(request.id, None)
class Instance(SchoolBaseModule): _pre_create_hooks = None def __init__(self): SchoolBaseModule.__init__(self) self._examUserPrefix = ucr.get( 'ucsschool/ldap/default/userprefix/exam', 'exam-') self._examGroupExcludeRegEx = None try: value = ucr.get('ucsschool/exam/group/ldap/blacklist/regex', '') if value.strip(): self._examGroupExcludeRegEx = re.compile(value, re.I) except Exception as ex: MODULE.error( 'Failed to get/compile regexp provided by ucsschool/exam/group/ldap/blacklist/regex: %s' % (ex, )) # cache objects self._udm_modules = dict() self._examGroup = None self._examUserContainerDN = None def examGroup(self, ldap_admin_write, ldap_position, school): '''fetch the examGroup object, create it if missing''' if not self._examGroup: search_base = School.get_search_base(school) examGroup = search_base.examGroup examGroupName = search_base.examGroupName if 'groups/group' in self._udm_modules: module_groups_group = self._udm_modules['groups/group'] else: module_groups_group = univention.admin.modules.get( 'groups/group') univention.admin.modules.init(ldap_admin_write, ldap_position, module_groups_group) self._udm_modules['groups/group'] = module_groups_group # Determine exam_group_dn try: ldap_filter = '(objectClass=univentionGroup)' ldap_admin_write.searchDn(ldap_filter, examGroup, scope='base') self._examGroup = module_groups_group.object( None, ldap_admin_write, ldap_position, examGroup) # self._examGroup.create() # currently not necessary except univention.admin.uexceptions.noObject: try: position = univention.admin.uldap.position( ldap_position.getBase()) position.setDn(ldap_admin_write.parentDn(examGroup)) self._examGroup = module_groups_group.object( None, ldap_admin_write, position) self._examGroup.open() self._examGroup['name'] = examGroupName self._examGroup[ 'sambaGroupType'] = self._examGroup.descriptions[ 'sambaGroupType'].base_default[0] self._examGroup.create() except univention.admin.uexceptions.base: raise UMC_Error( _('Failed to create exam group\n%s') % traceback.format_exc()) return self._examGroup def examUserContainerDN(self, ldap_admin_write, ldap_position, school): '''lookup examUserContainerDN, create it if missing''' if not self._examUserContainerDN: search_base = School.get_search_base(school) examUsers = search_base.examUsers examUserContainerName = search_base._examUserContainerName try: ldap_admin_write.searchDn('(objectClass=organizationalRole)', examUsers, scope='base') except univention.admin.uexceptions.noObject: try: module_containers_cn = univention.admin.modules.get( 'container/cn') univention.admin.modules.init(ldap_admin_write, ldap_position, module_containers_cn) position = univention.admin.uldap.position( ldap_position.getBase()) position.setDn(ldap_admin_write.parentDn(examUsers)) exam_user_container = module_containers_cn.object( None, ldap_admin_write, position) exam_user_container.open() exam_user_container['name'] = examUserContainerName exam_user_container.create() except univention.admin.uexceptions.base: raise UMC_Error( _('Failed to create exam container\n%s') % traceback.format_exc()) self._examUserContainerDN = examUsers return self._examUserContainerDN @sanitize(userdn=StringSanitizer(required=True), description=StringSanitizer(default=''), school=StringSanitizer(default='')) @LDAP_Connection(USER_READ, ADMIN_WRITE) def create_exam_user(self, request, ldap_user_read=None, ldap_admin_write=None, ldap_position=None): '''Create an exam account cloned from a given user account. The exam account is added to a special exam group to allow GPOs and other restrictions to be enforced via the name of this group. The group has to be created earlier, e.g. by create_ou (ucs-school-import). ''' school = request.options['school'] userdn = request.options['userdn'] try: user = Student.from_dn(userdn, None, ldap_admin_write) except univention.admin.uexceptions.noObject: raise UMC_Error(_('Student %r not found.') % (userdn, )) except univention.admin.uexceptions.ldapError: raise user_orig = user.get_udm_object(ldap_admin_write) # uid and DN of exam_user exam_user_uid = "".join((self._examUserPrefix, user_orig['username'])) exam_user_dn = "uid=%s,%s" % (exam_user_uid, self.examUserContainerDN( ldap_admin_write, ldap_position, user.school or school)) try: exam_user = ExamStudent.get_only_udm_obj( ldap_admin_write, filter_format('uid=%s', (exam_user_uid, ))) if exam_user is None: raise univention.admin.uexceptions.noObject(exam_user_uid) exam_user = ExamStudent.from_udm_obj(exam_user, None, ldap_admin_write) except (univention.admin.uexceptions.noObject, MultipleObjectsError): pass # we need to create the exam user else: if school not in exam_user.schools: exam_user.schools.append(school) exam_user.modify(ldap_admin_write) MODULE.warn( _('The exam account does already exist for: %s') % exam_user_uid) self.finished( request.id, dict( success=True, userdn=userdn, examuserdn=exam_user.dn, )) return # Check if it's blacklisted for prohibited_object in univention.admin.handlers.settings.prohibited_username.lookup( None, ldap_admin_write, ''): if exam_user_uid in prohibited_object['usernames']: raise UMC_Error( _('Requested exam username %s is not allowed according to settings/prohibited_username object %s' ) % (exam_user_uid, prohibited_object['name'])) # Allocate new uid alloc = [] try: uid = univention.admin.allocators.request(ldap_admin_write, ldap_position, 'uid', value=exam_user_uid) alloc.append(('uid', uid)) except univention.admin.uexceptions.noLock: univention.admin.allocators.release(ldap_admin_write, ldap_position, 'uid', exam_user_uid) MODULE.warn( _('The exam account does already exist for: %s') % exam_user_uid) self.finished(request.id, dict( success=True, userdn=userdn, examuserdn=exam_user_dn, ), success=True) return # Ok, we have a valid target uid, so start cloning the user # deepcopy(user_orig) does not help much, as we cannot use users.user.object.create() # because it currently cannot be convinced to preserve the password. So we do it manually: try: # Allocate new uidNumber if 'posix' in user_orig.options: uidNum = univention.admin.allocators.request( ldap_admin_write, ldap_position, 'uidNumber') alloc.append(('uidNumber', uidNum)) # Allocate new sambaSID if 'samba' in user_orig.options: # code copied from users.user.object.__generate_user_sid: userSid = None if user_orig.s4connector_present: # In this case Samba 4 must create the SID, the s4 connector will sync the # new sambaSID back from Samba 4. userSid = 'S-1-4-%s' % uidNum else: try: userSid = univention.admin.allocators.requestUserSid( ldap_admin_write, ldap_position, uidNum) except: pass if not userSid or userSid == 'None': num = uidNum while not userSid or userSid == 'None': num = str(int(num) + 1) try: userSid = univention.admin.allocators.requestUserSid( ldap_admin_write, ldap_position, num) except univention.admin.uexceptions.noLock: num = str(int(num) + 1) alloc.append(('sid', userSid)) # Determine description attribute for exam_user exam_user_description = request.options.get('description') if not exam_user_description: exam_user_description = _( 'Exam for user %s') % user_orig['username'] def getBlacklistSet(ucrvar): """ >>> set([ x.replace('||','|') for x in re.split('(?<![|])[|](?![|])', '|My|new|Value|with|Pipe||symbol') if x ]) set(['with', 'new', 'My', 'Value', 'Pipe|symbol']) """ return set([ x.replace('||', '|') for x in re.split( '(?<![|])[|](?![|])', ucr.get(ucrvar, '')) if x ]) blacklisted_attributes = getBlacklistSet( 'ucsschool/exam/user/ldap/blacklist') # Now create the addlist, fixing up attributes as we go al = [] foundUniventionObjectFlag = False for (key, value) in user_orig.oldattr.items(): # ignore blacklisted attributes if key in blacklisted_attributes: continue # ignore blacklisted attribute values keyBlacklist = getBlacklistSet( 'ucsschool/exam/user/ldap/blacklist/%s' % key) value = [x for x in value if x not in keyBlacklist] if not value: continue # handle special cases if key == 'uid': value = [exam_user_uid] elif key == 'objectClass': value += ['ucsschoolExam'] elif key == 'ucsschoolSchool' and school: # for backwards compatibility with UCS@school < 4.1R2 school might not be set value = [school] elif key == 'homeDirectory': user_orig_homeDirectory = value[0] _tmp_split_path = user_orig_homeDirectory.rsplit( os.path.sep, 1) if len(_tmp_split_path) != 2: english_error_detail = "Failed parsing homeDirectory of original user: %s" % ( user_orig_homeDirectory, ) message = _( 'ERROR: Creation of exam user account failed\n%s' ) % (english_error_detail, ) raise UMC_Error(message) exam_user_unixhome = '%s.%s' % ( exam_user_uid, datetime.datetime.now().strftime('%Y%m%d-%H%M%S')) value = [ os.path.join(_tmp_split_path[0], 'exam-homes', exam_user_unixhome) ] elif key == 'sambaHomePath': user_orig_sambaHomePath = value[0] value = [ user_orig_sambaHomePath.replace( user_orig['username'], exam_user_uid) ] elif key == 'krb5PrincipalName': user_orig_krb5PrincipalName = value[0] value = [ "%s%s" % (exam_user_uid, user_orig_krb5PrincipalName[ user_orig_krb5PrincipalName.find("@"):]) ] elif key == 'uidNumber': value = [uidNum] elif key == 'sambaSID': value = [userSid] elif key == 'description': value = [exam_user_description] exam_user_description = None # that's done elif key == 'univentionObjectFlag': foundUniventionObjectFlag = True if 'temporary' not in value: value += ['temporary'] al.append((key, value)) if not foundUniventionObjectFlag and 'univentionObjectFlag' not in blacklisted_attributes: al.append(('univentionObjectFlag', ['temporary'])) if exam_user_description and 'description' not in blacklisted_attributes: al.append(('description', [exam_user_description])) # call hook scripts al = self.run_pre_create_hooks(exam_user_dn, al, ldap_admin_write) # And create the exam_user ldap_admin_write.add(exam_user_dn, al) except BaseException: # noqa for i, j in alloc: univention.admin.allocators.release(ldap_admin_write, ldap_position, i, j) MODULE.error('Creation of exam user account failed: %s' % (traceback.format_exc(), )) raise # finally confirm allocated IDs univention.admin.allocators.confirm(ldap_admin_write, ldap_position, 'uid', exam_user_uid) if 'samba' in user_orig.options: univention.admin.allocators.confirm(ldap_admin_write, ldap_position, 'sid', userSid) if 'posix' in user_orig.options: univention.admin.allocators.confirm(ldap_admin_write, ldap_position, 'uidNumber', uidNum) self.finished( request.id, dict( success=True, userdn=userdn, examuserdn=exam_user_dn, )) @sanitize(users=ListSanitizer(DNSanitizer(required=True), required=True), school=StringSanitizer(required=True)) @LDAP_Connection(USER_READ, ADMIN_WRITE) def add_exam_users_to_groups(self, request, ldap_user_read=None, ldap_admin_write=None, ldap_position=None): """ Add previously created exam users to groups. """ groups = defaultdict(dict) exam_group = self.examGroup(ldap_admin_write, ldap_position, request.options['school']) for user_dn in request.options['users']: try: ori_student = Student.from_dn(user_dn, None, ldap_admin_write) exam_user_uid = ''.join( (self._examUserPrefix, ori_student.name)) exam_student = ExamStudent.get_only_udm_obj( ldap_admin_write, filter_format('uid=%s', (exam_user_uid, ))) except univention.admin.uexceptions.noObject as exc: raise UMC_Error( _('Student %(user_dn)r or exam user not found: %(exc)r.') % { 'user_dn': user_dn, 'exc': exc }) except univention.admin.uexceptions.ldapError: raise udm_ori_student = ori_student.get_udm_object(ldap_admin_write) if 'posix' in udm_ori_student.options: # why only if posix? groups[udm_ori_student['primaryGroup']].setdefault( 'dns', set()).add(exam_student.dn) groups[udm_ori_student['primaryGroup']].setdefault( 'uids', set()).add(exam_student['username']) for grp in udm_ori_student.info.get('groups', []): groups[grp].setdefault('dns', set()).add(exam_student.dn) groups[grp].setdefault('uids', set()).add(exam_student['username']) groups[exam_group.dn].setdefault('dns', set()).add(exam_student.dn) groups[exam_group.dn].setdefault('uids', set()).add( exam_student['username']) if 'groups/group' not in self._udm_modules: self._udm_modules[ 'groups/group'] = univention.admin.modules.get( 'groups/group') univention.admin.modules.init( ldap_admin_write, ldap_position, self._udm_modules['groups/group']) module_groups_group = self._udm_modules['groups/group'] for group_dn, users in groups.items(): if self._examGroupExcludeRegEx and self._examGroupExcludeRegEx.search( group_dn): MODULE.info( 'create_exam_user(): ignoring group %r as requested via regexp' % (group_dn, )) continue grpobj = module_groups_group.object(None, ldap_admin_write, ldap_position, group_dn) MODULE.info('Adding users %r to group %r...' % (users['uids'], group_dn)) grpobj.fast_member_add(users['dns'], users['uids']) self.finished(request.id, None) @sanitize( userdn=StringSanitizer(required=True), school=StringSanitizer(default=''), ) @LDAP_Connection(USER_READ, ADMIN_WRITE) def remove_exam_user(self, request, ldap_user_read=None, ldap_admin_write=None): '''Remove an exam account cloned from a given user account. The exam account is removed from the special exam group.''' userdn = request.options['userdn'] school = request.options['school'] try: user = ExamStudent.from_dn(userdn, None, ldap_user_read) except univention.admin.uexceptions.noObject: raise UMC_Error(_('Exam student %r not found.') % (userdn, )) except univention.admin.uexceptions.ldapError: raise try: schools = None if school: schools = list(set(user.schools) - set([school])) if schools: MODULE.warn( 'User %s will not be removed as he currently participates in another exam.' % (user.dn, )) user.schools = schools user.modify(ldap_admin_write) else: user.remove(ldap_admin_write) except univention.admin.uexceptions.ldapError as exc: raise UMC_Error( _('Could not remove exam user %r: %s') % ( userdn, exc, )) self.finished(request.id, {}, success=True) @sanitize( roomdn=StringSanitizer(required=True), school=StringSanitizer(default=''), ) @LDAP_Connection(USER_READ, ADMIN_WRITE) def set_computerroom_exammode(self, request, ldap_user_read=None, ldap_admin_write=None, ldap_position=None): '''Add all member hosts of a given computer room to the special exam group.''' roomdn = request.options['roomdn'] try: room = ComputerRoom.from_dn(roomdn, None, ldap_user_read) except univention.admin.uexceptions.noObject: raise UMC_Error('Room %r not found.' % (roomdn, )) except univention.admin.uexceptions.ldapError: raise # Add all host members of room to examGroup host_uid_list = [ univention.admin.uldap.explodeDn(uniqueMember, 1)[0] + '$' for uniqueMember in room.hosts ] examGroup = self.examGroup(ldap_admin_write, ldap_position, room.school) examGroup.fast_member_add( room.hosts, host_uid_list ) # adds any uniqueMember and member listed if not already present self.finished(request.id, {}, success=True) @sanitize( roomdn=StringSanitizer(required=True), school=StringSanitizer(default=''), ) @LDAP_Connection(USER_READ, ADMIN_WRITE) def unset_computerroom_exammode(self, request, ldap_user_read=None, ldap_admin_write=None, ldap_position=None): '''Remove all member hosts of a given computer room from the special exam group.''' roomdn = request.options['roomdn'] try: room = ComputerRoom.from_dn(roomdn, None, ldap_user_read) except univention.admin.uexceptions.noObject: raise UMC_Error('Room %r not found.' % (roomdn, )) except univention.admin.uexceptions.ldapError: raise # Remove all host members of room from examGroup host_uid_list = [ univention.admin.uldap.explodeDn(uniqueMember, 1)[0] + '$' for uniqueMember in room.hosts ] examGroup = self.examGroup(ldap_admin_write, ldap_position, room.school) examGroup.fast_member_remove( room.hosts, host_uid_list ) # removes any uniqueMember and member listed if still present self.finished(request.id, {}, success=True) @classmethod def run_pre_create_hooks(cls, exam_user_dn, al, ldap_admin_write): if cls._pre_create_hooks is None: add_module_logger_to_schoollib() pyloader = PyHooksLoader(CREATE_USER_PRE_HOOK_DIR, ExamUserPyHook, lib_logger) cls._pre_create_hooks = pyloader.get_hook_objects( ldap_admin_write, lib_logger) for hook in cls._pre_create_hooks.get('pre_create', []): al = hook(exam_user_dn, al) return al
class Instance(Base): @sanitize( pattern=PatternSanitizer(default='.*'), category=ChoicesSanitizer(choices=['user', 'pid', 'command', 'all'], default='all') ) @simple_response def query(self, pattern, category='all'): processes = [] for process in psutil.process_iter(): try: cpu_time = process.cpu_times() proc = { 'timestamp': time.time(), 'cpu_time': cpu_time.user + cpu_time.system, 'user': process.username(), 'pid': process.pid, 'cpu': 0.0, 'mem': process.memory_percent(), 'command': ' '.join(process.cmdline() or []) or process.name(), } except psutil.NoSuchProcess: continue categories = [category] if category == 'all': categories = ['user', 'pid', 'command'] if any(pattern.match(str(proc[cat])) for cat in categories): processes.append(proc) # Calculate correct cpu percentage time.sleep(1) for process_entry in processes: try: process = psutil.Process(process_entry['pid']) cpu_time = process.cpu_times() except psutil.NoSuchProcess: continue elapsed_time = time.time() - process_entry.pop('timestamp') elapsed_cpu_time = cpu_time.user + cpu_time.system - process_entry.pop('cpu_time') cpu_percent = (elapsed_cpu_time / elapsed_time) * 100 process_entry['cpu'] = cpu_percent return processes @sanitize( signal=ChoicesSanitizer(choices=['SIGTERM', 'SIGKILL']), pid=ListSanitizer(IntegerSanitizer()) ) @simple_response def kill(self, signal, pid): failed = [] for pid_ in pid: try: process = psutil.Process(pid_) if signal == 'SIGTERM': process.terminate() elif signal == 'SIGKILL': process.kill() except psutil.NoSuchProcess as exc: failed.append(str(pid_)) MODULE.error('Could not %s pid %s: %s' % (signal, pid_, exc)) if failed: failed = ', '.join(failed) raise UMC_Error(_('No process found with PID %s') % (failed))
def _sanitize_list(function, sanitizer, sanitizer_parameters): defaults = {'default': [], 'required': True, 'may_change_value': True} defaults.update(sanitizer_parameters) return _sanitize(function, ListSanitizer(sanitizer, **defaults))
class Instance(SchoolBaseModule): ATJOB_KEY = 'UMC-computerroom' def init(self): SchoolBaseModule.init(self) ComputerSanitizer.instance = self self._italc = ITALC_Manager() self._random = Random() self._random.seed() self._lessons = SchoolLessons() self._ruleEndAt = None self._load_plugins() def _load_plugins(self): self._plugins = {} for module in os.listdir( os.path.join(os.path.dirname(__file__), 'plugins')): if module.endswith('.py'): try: module = importlib.import_module( 'univention.management.console.modules.computerroom.plugins.%s' % (module[:-3], )) except ImportError: MODULE.error(traceback.format_exc()) for name, plugin in inspect.getmembers(module, inspect.isclass): MODULE.info('Loading plugin %r from module %r' % ( plugin, module, )) if not name.startswith( '_') and plugin is not Plugin and issubclass( plugin, Plugin): try: plugin = plugin(self, self._italc) except Exception: MODULE.error(traceback.format_exc()) else: self._plugins[plugin.name] = plugin def destroy(self): '''Remove lock file when UMC module exists''' MODULE.info('Cleaning up') if self._italc.room: # do not remove lock file during exam mode info = _readRoomInfo(self._italc.roomDN) MODULE.info('room info: %s' % info) if info and not info.get('exam'): MODULE.info('Removing lock file for room %s (%s)' % (self._italc.room, self._italc.roomDN)) _freeRoom(self._italc.roomDN, self.user_dn) _exit(0) def lessons(self, request): """Returns a list of school lessons. Lessons in the past are filtered out""" current = self._lessons.current if current is None: current = self._lessons.previous if current: lessons = [ x for x in self._lessons.lessons if x.begin >= current.begin ] else: lessons = self._lessons.lessons self.finished(request.id, [x.name for x in lessons]) def internetrules(self, request): """Returns a list of available internet rules""" self.finished(request.id, [x.name for x in internetrules.list()]) @sanitize(room=DNSanitizer(required=True)) @LDAP_Connection() def room_acquire(self, request, ldap_user_read=None): """Acquires the specified computerroom""" roomDN = request.options['room'] success = True message = 'OK' # match the corresponding school OU try: room = ComputerRoom.from_dn(roomDN, None, ldap_user_read) school = room.school except udm_exceptions.noObject: success = False message = 'UNKNOWN_ROOM' else: # set room and school if self._italc.school != school: self._italc.school = school if self._italc.room != roomDN: try: self._italc.room = roomDN except ITALC_Error: success = False message = 'EMPTY_ROOM' # update the room info file if success: _updateRoomInfo(roomDN, user=self.user_dn) if not compare_dn(_getRoomOwner(roomDN), self.user_dn): success = False message = 'ALREADY_LOCKED' info = dict() if success: info = _readRoomInfo(roomDN) self.finished( request.id, dict(success=success, message=message, info=dict( exam=info.get('exam'), examDescription=info.get('examDescription'), examEndTime=info.get('examEndTime'), room=info.get('room'), user=info.get('user'), ))) @sanitize(school=SchoolSanitizer(required=True)) @LDAP_Connection() def rooms(self, request, ldap_user_read=None): """Returns a list of all available rooms""" rooms = [] try: all_rooms = ComputerRoom.get_all(ldap_user_read, request.options['school']) except udm_exceptions.noObject: all_rooms = [] for room in all_rooms: room_info = _readRoomInfo(room.dn) user_dn = room_info.get('user') locked = user_dn and not compare_dn(user_dn, self.user_dn) and ( 'pid' in room_info or 'exam' in room_info) if locked: try: # open the corresponding UDM object to get a displayable user name user_dn = Display.user( User.from_dn( user_dn, None, ldap_user_read).get_udm_object(ldap_user_read)) except udm_exceptions.base as exc: MODULE.warn( 'Cannot open LDAP information for user %r: %s' % (user_dn, exc)) rooms.append({ 'id': room.dn, 'label': room.get_relative_name(), 'user': user_dn, 'locked': locked, 'exam': room_info.get('exam'), 'examDescription': room_info.get('examDescription'), 'examEndTime': room_info.get('examEndTime'), }) self.finished(request.id, rooms) @sanitize(ipaddress=ListSanitizer(required=True, sanitizer=IPAddressSanitizer(), min_elements=1, max_elements=10)) @LDAP_Connection() def guess_room(self, request, ldap_user_read=None): ipaddress = request.options['ipaddress'] host_filter = self._get_host_filter(ipaddress) computers = ldap_user_read.searchDn(host_filter) if computers: room_filter = self._get_room_filter(computers) for school in School.get_all(ldap_user_read): school = school.name for room in ComputerRoom.get_all(ldap_user_read, school, room_filter): self.finished(request.id, dict(school=school, room=room.dn)) return self.finished(request.id, dict(school=None, room=None)) def _get_room_filter(self, computers): return '(|(%s))' % ')('.join( filter_format('uniqueMember=%s', (computer, )) for computer in computers) def _get_host_filter(self, ipaddresses): records = {4: 'aRecord=%s', 6: 'aAAARecord=%s'} return '(|(%s))' % ')('.join( filter_format(records[ipaddress.version], (ipaddress.exploded, )) for ipaddress in ipaddresses) def _checkRoomAccess(self): if not self._italc.room: return # no room has been selected so far # make sure that we run the current room session userDN = _getRoomOwner(self._italc.roomDN) if userDN and not compare_dn(userDN, self.user_dn): raise UMC_Error( _('A different user is already running a computer room session.' )) @LDAP_Connection() def query(self, request, ldap_user_read=None): """Searches for entries. This is not allowed if the room could not be acquired.""" if not self._italc.school or not self._italc.room: raise UMC_Error('no room selected') if request.options.get('reload', False): self._italc.room = self._italc.room # believe me that makes sense :) result = [computer.dict for computer in self._italc.values()] result.sort(key=lambda c: c['id']) MODULE.info('computerroom.query: result: %s' % (result, )) self.finished(request.id, result) @LDAP_Connection() def update(self, request, ldap_user_read=None): """Returns an update for the computers in the selected room. Just attributes that have changed since the last call will be included in the result """ if not self._italc.school or not self._italc.room: raise UMC_Error('no room selected') computers = [ computer.dict for computer in self._italc.values() if computer.hasChanged ] info = _readRoomInfo(self._italc.roomDN) result = { 'computers': computers, 'room_info': info, 'locked': info.get('user', self.user_dn) != self.user_dn, 'user': self.user_dn, } if result['locked'] and 'pid' in info: result['user'] = info['user'] # somebody else acquired the room, the room is locked try: # open the corresponding UDM object to get a displayable user name result['user'] = Display.user( User.from_dn( result['user'], None, ldap_user_read).get_udm_object(ldap_user_read)) except udm_exceptions.base as exc: # could not oben the LDAP object, show the DN MODULE.warn('Cannot open LDAP information for user %r: %s' % (result['user'], exc)) # settings info if self._ruleEndAt is not None: diff = self._positiveTimeDiff() if diff is not None: result['settingEndsIn'] = diff.seconds / 60 MODULE.info('Update: result: %s' % str(result)) self.finished(request.id, result) def _positiveTimeDiff(self): now = datetime.datetime.now() end = datetime.datetime.now() end = end.replace(hour=self._ruleEndAt.hour, minute=self._ruleEndAt.minute) if now > end: return None return end - now @check_room_access @sanitize( computer=ComputerSanitizer(required=True), device=ChoicesSanitizer(['screen', 'input'], required=True), lock=BooleanSanitizer(required=True), ) @simple_response def lock(self, computer, device, lock): """Lock or Unlock the screen or input of a specific computer""" MODULE.warn('Locking device %s' % (device, )) if device == 'screen': computer.lockScreen(lock) else: computer.lockInput(lock) @allow_get_request @check_room_access @sanitize( computer=ComputerSanitizer(required=True), ) @prevent_ucc def screenshot(self, request): """Returns a JPEG image containing a screenshot of the given computer.""" computer = request.options['computer'] tmpfile = computer.screenshot if computer.hide_screenshot: filename = FN_SCREENSHOT_DENIED elif tmpfile is None: filename = FN_SCREENSHOT_NOTREADY else: filename = tmpfile.name MODULE.info('screenshot(%s): hide screenshot = %r' % (computer.name, computer.hide_screenshot)) try: with open(filename, 'rb') as fd: response = fd.read() except EnvironmentError as exc: MODULE.error('Unable to load screenshot file %r: %s' % (filename, exc)) try: if tmpfile: os.unlink(tmpfile.name) except EnvironmentError as exc: MODULE.error('Unable to remove temporary screenshot file %r: %s' % (tmpfile.name, exc)) self.finished(request.id, response, mimetype='image/jpeg') @check_room_access @sanitize( computer=ComputerSanitizer(required=True), ) def vnc(self, request): """Returns a ultraVNC file for the given computer.""" # check whether VNC is enabled if ucr.is_false('ucsschool/umc/computerroom/ultravnc/enabled', True): raise UMC_Error('VNC is disabled') try: with open('/usr/share/ucs-school-umc-computerroom/ultravnc.vnc', 'rb') as fd: content = fd.read() except (IOError, OSError): raise UMC_Error('VNC template file does not exists') port = ucr.get('ucsschool/umc/computerroom/vnc/port', '11100') hostname = request.options['computer'].ipAddress response = content.replace('@%@HOSTNAME@%@', hostname).replace('@%@PORT@%@', port) self.finished(request.id, response, mimetype='application/x-vnc') @simple_response def settings_get(self): """Return the current settings for a room""" if not self._italc.school or not self._italc.room: raise UMC_Error('no room selected') ucr.load() rule = ucr.get('proxy/filter/room/%s/rule' % self._italc.room, 'none') if rule == self._username: rule = 'custom' shareMode = ucr.get('samba/sharemode/room/%s' % self._italc.room, 'all') # load custom rule: key_prefix = 'proxy/filter/setting-user/%s/domain/whitelisted/' % self._username custom_rules = [] for key in ucr: if key.startswith(key_prefix): custom_rules.append(ucr[key]) printMode = ucr.get('samba/printmode/room/%s' % self._italc.room, 'default') # find AT jobs for the room and execute it to remove current settings jobs = atjobs.list(extended=True) for job in jobs: if job.comments.get(Instance.ATJOB_KEY, False) == self._italc.room: if job.execTime >= datetime.datetime.now(): self._ruleEndAt = job.execTime break else: self._ruleEndAt = None if rule == 'none' and shareMode == 'all' and printMode == 'default': self._ruleEndAt = None # find end of lesson period = self._lessons.current if period is None: if self._lessons.next: # between two lessons period = self._lessons.next.end else: # school is out ... 1 hour should be good (FIXME: configurable?) period = datetime.datetime.now() + datetime.timedelta(hours=1) period = period.time() else: period = period.end if self._ruleEndAt: time = self._ruleEndAt.time() for lesson in self._lessons.lessons: if time == lesson.begin: period = lesson break return { 'internetRule': rule, 'customRule': '\n'.join(custom_rules), 'shareMode': shareMode, 'printMode': printMode, 'period': str(period), } @check_room_access @simple_response def finish_exam(self): """Finish the exam in the current room""" self._settings_set(printMode='default', internetRule='none', shareMode='all', customRule='') _updateRoomInfo(self._italc.roomDN, exam=None, examDescription=None, examEndTime=None) @sanitize( room=DNSanitizer(required=True), exam=StringSanitizer(required=True), examDescription=StringSanitizer(required=True), examEndTime=StringSanitizer(required=True), ) @check_room_access @simple_response def start_exam(self, room, exam, examDescription, examEndTime): """Start an exam in the current room""" info = _readRoomInfo(room) if info.get('exam'): raise UMC_Error( _('In this room an exam is currently already written. Please select another room.' )) _updateRoomInfo(self._italc.roomDN, exam=exam, examDescription=examDescription, examEndTime=examEndTime) @sanitize( printMode=ChoicesSanitizer(['none', 'all', 'default'], required=True), internetRule=StringSanitizer(required=True), shareMode=ChoicesSanitizer(['home', 'all'], required=True), period=PeriodSanitizer(default='00:00', required=False), customRule=StringSanitizer(allow_none=True, required=False), ) @check_room_access @simple_response def settings_set(self, printMode, internetRule, shareMode, period=None, customRule=None): return self._settings_set(printMode, internetRule, shareMode, period, customRule) def _settings_set(self, printMode, internetRule, shareMode, period=None, customRule=None): """Defines settings for a room""" if not self._italc.school or not self._italc.room: raise UMC_Error('no room selected') # find AT jobs for the room and execute it to remove current settings jobs = atjobs.list(extended=True) for job in jobs: if job.comments.get(Instance.ATJOB_KEY, False) == self._italc.room: job.rm() subprocess.call(shlex.split(job.command)) roomInfo = _readRoomInfo(self._italc.roomDN) in_exam_mode = roomInfo.get('exam') # for the exam mode, remove current settings before setting new ones if in_exam_mode and roomInfo.get('cmd'): MODULE.info('unsetting room settings for exam (%s): %s' % (roomInfo['exam'], roomInfo['cmd'])) try: subprocess.call(shlex.split(roomInfo['cmd'])) except (OSError, IOError): MODULE.warn( 'Failed to reinitialize current room settings: %s' % roomInfo['cmd']) _updateRoomInfo(self._italc.roomDN, cmd=None) # reset to defaults. No atjob is necessary. if internetRule == 'none' and shareMode == 'all' and printMode == 'default': self._ruleEndAt = None self.reset_smb_connections() self.reload_cups() return # collect new settings vset = {} vappend = {} vunset = [] vunset_now = [] vextract = [] hosts = self._italc.ipAddresses(students_only=True) # print mode if printMode in ('none', 'all'): vextract.append('samba/printmode/hosts/%s' % printMode) vappend[vextract[-1]] = hosts vextract.append('cups/printmode/hosts/%s' % printMode) vappend[vextract[-1]] = hosts vunset.append('samba/printmode/room/%s' % self._italc.room) vset[vunset[-1]] = printMode else: vunset_now.append('samba/printmode/room/%s' % self._italc.room) # share mode if shareMode == 'home': vunset.append('samba/sharemode/room/%s' % self._italc.room) vset[vunset[-1]] = shareMode vextract.append('samba/othershares/hosts/deny') vappend[vextract[-1]] = hosts vextract.append('samba/share/Marktplatz/hosts/deny') vappend[vextract[-1]] = hosts else: vunset_now.append('samba/sharemode/room/%s' % self._italc.room) # internet rule if internetRule != 'none': vextract.append('proxy/filter/room/%s/ip' % self._italc.room) vappend[vextract[-1]] = hosts if internetRule == 'custom': # remove old rules i = 1 while True: var = 'proxy/filter/setting-user/%s/domain/whitelisted/%d' % ( self._username, i) if var in ucr: vunset_now.append(var) i += 1 else: break vunset.append('proxy/filter/room/%s/rule' % self._italc.room) vset[vunset[-1]] = self._username vset['proxy/filter/setting-user/%s/filtertype' % self._username] = 'whitelist-block' i = 1 for domain in (customRule or '').split('\n'): MODULE.info('Setting whitelist entry for domain %s' % domain) if not domain: continue parsed = urlparse.urlsplit(domain) MODULE.info('Setting whitelist entry for domain %s' % str(parsed)) if parsed.netloc: vset[ 'proxy/filter/setting-user/%s/domain/whitelisted/%d' % (self._username, i)] = parsed.netloc i += 1 elif parsed.path: vset[ 'proxy/filter/setting-user/%s/domain/whitelisted/%d' % (self._username, i)] = parsed.path i += 1 else: vunset.append('proxy/filter/room/%s/rule' % self._italc.room) vset[vunset[-1]] = internetRule else: vunset_now.append('proxy/filter/room/%s/ip' % self._italc.room) vunset_now.append('proxy/filter/room/%s/rule' % self._italc.room) # write configuration # remove old values handler_unset(vunset_now) # append values ucr.load() MODULE.info('Merging UCR variables') for key, value in vappend.items(): if ucr.get(key): old = set(ucr[key].split(' ')) MODULE.info('Old value: %s' % old) else: old = set() MODULE.info('Old value empty') new = set(value) MODULE.info('New value: %s' % new) new = old.union(new) MODULE.info('Merged value of %s: %s' % (key, new)) if not new: MODULE.info('Unset variable %s' % key) vunset.append(key) else: vset[key] = ' '.join(new) # Workaround for bug 30450: # if samba/printmode/hosts/none is not set but samba/printmode/hosts/all then all other hosts # are unable to print on samba shares. Solution: set empty value for .../none if no host is on deny list. varname = 'samba/printmode/hosts/none' if varname not in vset: ucr.load() if not ucr.get(varname): vset[varname] = '""' else: # remove empty items ('""') in list vset[varname] = ' '.join( [x for x in vset[varname].split(' ') if x != '""']) if varname in vunset: vunset.remove(varname) # set values ucr_vars = sorted('%s=%s' % x for x in vset.items()) MODULE.info('Writing room rules: %s' % '\n'.join(ucr_vars)) handler_set(ucr_vars) # create at job to remove settings unset_vars = ['-r %s' % quote(x) for x in vunset] MODULE.info('Will remove: %s' % ' '.join(unset_vars)) extract_vars = ['-e %s' % quote(x) for x in vextract] MODULE.info('Will extract: %s' % ' '.join(extract_vars)) cmd = '/usr/share/ucs-school-umc-computerroom/ucs-school-deactivate-rules %s %s %s' % ( ' '.join(unset_vars), ' '.join(extract_vars), ' '.join( quote(x) for x in hosts)) MODULE.info('command for reinitialization is: %s' % (cmd, )) if in_exam_mode: # Command for the exam mode to be executed manually when changing the settings again... _updateRoomInfo(self._italc.roomDN, cmd=cmd) else: starttime = datetime.datetime.now() MODULE.info('Now: %s' % starttime) MODULE.info('Endtime: %s' % period) starttime = starttime.replace(hour=period.hour, minute=period.minute, second=0, microsecond=0) while starttime < datetime.datetime.now( ): # prevent problems due to intra-day limit starttime += datetime.timedelta(days=1) # AT job for the normal case MODULE.info('Remove settings at %s' % (starttime, )) atjobs.add(cmd, starttime, {Instance.ATJOB_KEY: self._italc.room}) self._ruleEndAt = starttime self.reset_smb_connections() self.reload_cups() def reload_cups(self): if os.path.exists('/etc/init.d/cups'): MODULE.info('Reloading cups') if subprocess.call(['/etc/init.d/cups', 'reload']) != 0: MODULE.error( 'Failed to reload cups! Printer settings not applied.') def reset_smb_connections(self): smbstatus = SMB_Status() italc_users = [x.lower() for x in self._italc.users if x] MODULE.info('iTALC users: %s' % ', '.join(italc_users)) for process in smbstatus: MODULE.info('SMB process: %s' % str(process)) if process.username and process.username.lower() in italc_users: MODULE.info('Kill SMB process %s' % process.pid) os.kill(int(process.pid), signal.SIGTERM) @sanitize( server=StringSanitizer(required=True), ) @check_room_access def demo_start(self, request): """Starts a presentation mode""" self._italc.startDemo(request.options['server'], True) self.finished(request.id, True) @check_room_access def demo_stop(self, request): """Stops a presentation mode""" self._italc.stopDemo() self.finished(request.id, True) @sanitize( state=ChoicesSanitizer(['poweroff', 'poweron', 'restart']), computer=ComputerSanitizer(required=True), ) @check_room_access @prevent_ucc( condition=lambda request: request.options['state'] != 'poweron') @simple_response def computer_state(self, computer, state): """Stops, starts or restarts a computer""" if state == 'poweroff': computer.powerOff() elif state == 'poweron': computer.powerOn() elif state == 'restart': computer.restart() return True @check_room_access @sanitize( computer=ComputerSanitizer(required=True), ) @prevent_ucc @simple_response def user_logout(self, computer): """Log out the user at the given computer""" computer.logOut() return True @simple_response def plugins_load(self): plugins = {'buttons': []} for plugin in self._plugins.values(): plugins['buttons'].append(plugin.button()) return plugins @check_room_access @sanitize( plugin=StringSanitizer(required=True), computer=StringSanitizer(required=True), ) def plugins_execute(self, request): plugin = self._plugins.get(request.options['plugin']) if not plugin: raise UMC_Error('Plugin not found.') result = plugin.execute(request.options['computer']) self.finished(request.id, result)
class Instance(umcm.Base, ProgressMixin): def init(self): os.umask(0o022) # umc umask is too restrictive for app center as it creates a lot of files in docker containers self.ucr = ucr_instance() self.update_applications_done = False util.install_opener(self.ucr) self._remote_progress = {} try: self.package_manager = PackageManager( info_handler=MODULE.process, step_handler=None, error_handler=MODULE.warn, lock=False, ) except SystemError as exc: MODULE.error(str(exc)) raise umcm.UMC_Error(str(exc), status=500) self.package_manager.set_finished() # currently not working. accepting new tasks self.uu = UniventionUpdater(False) self.component_manager = util.ComponentManager(self.ucr, self.uu) get_package_manager._package_manager = self.package_manager # in order to set the correct locale for Application locale.setlocale(locale.LC_ALL, str(self.locale)) try: log_to_logfile() except IOError: pass # connect univention.appcenter.log to the progress-method handler = ProgressInfoHandler(self.package_manager) handler.setLevel(logging.INFO) get_base_logger().addHandler(handler) percentage = ProgressPercentageHandler(self.package_manager) percentage.setLevel(logging.DEBUG) get_base_logger().getChild('actions.install.progress').addHandler(percentage) get_base_logger().getChild('actions.upgrade.progress').addHandler(percentage) get_base_logger().getChild('actions.remove.progress').addHandler(percentage) def error_handling(self, etype, exc, etraceback): error_handling(etype, exc, etraceback) return super(Instance, self).error_handling(exc, etype, etraceback) @simple_response def version(self): info = get_action('info') return info.get_compatibility() @simple_response def query(self, quick=False): if not quick: self.update_applications() self.ucr.load() reload_package_manager() list_apps = get_action('list') domain = get_action('domain') apps = list_apps.get_apps() if self.ucr.is_true('appcenter/docker', True): if not self._test_for_docker_service(): raise umcm.UMC_Error(_('The docker service is not running! The App Center will not work properly.') + ' ' + _('Make sure docker.io is installed, try starting the service with "service docker start".')) info = domain.to_dict(apps) if quick: ret = [] for app in info: if app is None: ret.append(None) else: short_info = {} for attr in ['id', 'name', 'vendor', 'maintainer', 'description', 'long_description', 'categories', 'end_of_life', 'update_available', 'logo_name', 'is_installed_anywhere', 'is_installed', 'installations']: short_info[attr] = app[attr] ret.append(short_info) return ret else: return info def update_applications(self): if self.ucr.is_true('appcenter/umc/update/always', True): update = get_action('update') try: update.call() except NetworkError as err: raise umcm.UMC_Error(str(err)) except Abort: pass Application._all_applications = None self.update_applications_done = True def _test_for_docker_service(self): if docker_bridge_network_conflict(): msg = _('A conflict between the system network settings and the docker bridge default network has been detected.') + '\n\n' msg += _('Please either configure a different network for the docker bridge by setting the UCR variable docker/daemon/default/opts/bip to a different network and restart the system,') + ' ' msg += _('or disable the docker support in the AppCenter by setting appcenter/docker to false.') raise umcm.UMC_Error(msg) if not docker_is_running(): MODULE.warn('Docker is not running! Trying to start it now...') call_process(['invoke-rc.d', 'docker', 'start']) if not docker_is_running(): return False return True @simple_response def enable_docker(self): if self._test_for_docker_service(): ucr_save({'appcenter/docker': 'enabled'}) else: raise umcm.UMC_Error(_('Unable to start the docker service!') + ' ' + _('Make sure docker.io is installed, try starting the service with "service docker start".')) @require_apps_update @require_password @simple_response(with_progress=True) def sync_ldap(self): register = get_action('register') register.call(username=self.username, password=self.password) # used in updater-umc @simple_response def get_by_component_id(self, component_id): domain = get_action('domain') if isinstance(component_id, list): requested_apps = [Apps().find_by_component_id(cid) for cid in component_id] return domain.to_dict(requested_apps) else: app = Apps().find_by_component_id(component_id) if app: return domain.to_dict([app])[0] else: raise umcm.UMC_Error(_('Could not find an application for %s') % component_id) # used in updater-umc @simple_response def app_updates(self): upgrade = get_action('upgrade') domain = get_action('domain') return domain.to_dict(list(upgrade.iter_upgradable_apps())) @sanitize(application=StringSanitizer(minimum=1, required=True)) @simple_response def get(self, application): domain = get_action('domain') app = Apps().find(application) if app is None: raise umcm.UMC_Error(_('Could not find an application for %s') % (application,)) return domain.to_dict([app])[0] @sanitize(app=AppSanitizer(required=True), values=DictSanitizer({})) @simple_response def configure(self, app, autostart, values): configure = get_action('configure') configure.call(app=app, set_vars=values, autostart=autostart) @sanitize(app=AppSanitizer(required=True), mode=ChoicesSanitizer(['start', 'stop'])) @simple_response def app_service(self, app, mode): service = get_action(mode) service.call(app=app) @sanitize(app=AppSanitizer(required=False), action=ChoicesSanitizer(['get', 'buy', 'search']), value=StringSanitizer()) @simple_response def track(self, app, action, value): send_information(action, app=app, value=value) def invoke_dry_run(self, request): request.options['only_dry_run'] = True self.invoke(request) @require_password @sanitize( host=StringSanitizer(required=True), function=ChoicesSanitizer(['install', 'update', 'uninstall'], required=True), app=StringSanitizer(required=True), force=BooleanSanitizer(), values=DictSanitizer({}) ) @simple_response(with_progress=True) def invoke_remote_docker(self, host, function, app, force, values, progress): options = {'function': function, 'app': app, 'force': force, 'values': values} client = Client(host, self.username, self.password) result = client.umc_command('appcenter/docker/invoke', options).result self._remote_progress[progress.id] = client, result['id'] @simple_response def remote_progress(self, progress_id): try: client, remote_progress_id = self._remote_progress[progress_id] except KeyError: # actually happens: before invoke_remote_docker is finished, remote_progress is already called return {} else: return client.umc_command('appcenter/docker/progress', {'progress_id': remote_progress_id}).result @require_apps_update @require_password @sanitize( function=MappingSanitizer({ 'install': 'install', 'update': 'upgrade', 'uninstall': 'remove', }, required=True), app=AppSanitizer(required=True), force=BooleanSanitizer(), values=DictSanitizer({}) ) @simple_response(with_progress=True) def invoke_docker(self, function, app, force, values, progress): if function == 'upgrade': app = Apps().find_candidate(app) serious_problems = False progress.title = _('%s: Running tests') % (app.name,) errors, warnings = app.check(function) can_continue = force # "dry_run" if errors: MODULE.process('Cannot %s %s: %r' % (function, app.id, errors)) serious_problems = True can_continue = False if warnings: MODULE.process('Warning trying to %s %s: %r' % (function, app.id, warnings)) result = { 'serious_problems': serious_problems, 'invokation_forbidden_details': errors, 'invokation_warning_details': warnings, 'can_continue': can_continue, 'software_changes_computed': False, } if can_continue: with self.locked(): kwargs = {'noninteractive': True, 'skip_checks': ['shall_have_enough_ram', 'shall_only_be_installed_in_ad_env_with_password_service', 'must_not_have_concurrent_operation']} if function == 'install': progress.title = _('Installing %s') % (app.name,) kwargs['set_vars'] = values elif function == 'uninstall': progress.title = _('Uninstalling %s') % (app.name,) elif function == 'upgrade': progress.title = _('Upgrading %s') % (app.name,) action = get_action(function) handler = UMCProgressHandler(progress) handler.setLevel(logging.INFO) action.logger.addHandler(handler) try: result['success'] = action.call(app=app, username=self.username, password=self.password, **kwargs) except AppCenterError as exc: raise umcm.UMC_Error(str(exc), result=dict( display_feedback=True, title='%s %s' % (exc.title, exc.info))) finally: action.logger.removeHandler(handler) return result @contextmanager def locked(self): try: with self.package_manager.locked(reset_status=True, set_finished=True): yield except LockError: raise umcm.UMC_Error(_('Another package operation is in progress')) @require_apps_update @require_password @sanitize( function=ChoicesSanitizer(['install', 'uninstall', 'update', 'install-schema', 'update-schema'], required=True), application=StringSanitizer(minimum=1, required=True), force=BooleanSanitizer(), host=StringSanitizer(), only_dry_run=BooleanSanitizer(), dont_remote_install=BooleanSanitizer(), values=DictSanitizer({}) ) def invoke(self, request): # ATTENTION!!!!!!! # this function has to stay compatible with the very first App Center installations (Dec 2012) # if you add new arguments that change the behaviour # you should add a new method (see invoke_dry_run) or add a function name (e.g. install-schema) # this is necessary because newer app center may talk remotely with older one # that does not understand new arguments and behaves the old way (in case of # dry_run: install application although they were asked to dry_run) host = request.options.get('host') function = request.options.get('function') send_as = function if function.startswith('install'): function = 'install' if function.startswith('update'): function = 'update' application_id = request.options.get('application') Application.all(only_local=True) # if not yet cached, cache. but use only local inis application = Application.find(application_id) if application is None: raise umcm.UMC_Error(_('Could not find an application for %s') % (application_id,)) force = request.options.get('force') only_dry_run = request.options.get('only_dry_run') dont_remote_install = request.options.get('dont_remote_install') only_master_packages = send_as.endswith('schema') MODULE.process('Try to %s (%s) %s on %s. Force? %r. Only master packages? %r. Prevent installation on other systems? %r. Only dry run? %r.' % (function, send_as, application_id, host, force, only_master_packages, dont_remote_install, only_dry_run)) # REMOTE invocation! if host and host != self.ucr.get('hostname'): try: client = Client(host, self.username, self.password) result = client.umc_command('appcenter/invoke', request.options).result except (ConnectionError, HTTPError) as exc: MODULE.error('Error during remote appcenter/invoke: %s' % (exc,)) result = { 'unreachable': [host], 'master_unreachable': True, 'serious_problems': True, 'software_changes_computed': True, # not really... } else: if result['can_continue']: def _thread_remote(_client, _package_manager): with _package_manager.locked(reset_status=True, set_finished=True): _package_manager.unlock() # not really locked locally, but busy, so "with locked()" is appropriate Application._query_remote_progress(_client, _package_manager) def _finished_remote(thread, result): if isinstance(result, BaseException): MODULE.warn('Exception during %s %s: %s' % (function, application_id, str(result))) thread = notifier.threads.Simple('invoke', notifier.Callback(_thread_remote, client, self.package_manager), _finished_remote) thread.run() self.finished(request.id, result) return # make sure that the application can be installed/updated can_continue = True delayed_can_continue = True serious_problems = False result = { 'install': [], 'remove': [], 'broken': [], 'unreachable': [], 'master_unreachable': False, 'serious_problems': False, 'hosts_info': {}, 'problems_with_hosts': False, 'serious_problems_with_hosts': False, 'invokation_forbidden_details': {}, 'invokation_warning_details': {}, 'software_changes_computed': False, } if not application: MODULE.process('Application not found: %s' % application_id) can_continue = False if can_continue and not only_master_packages: forbidden, warnings = application.check_invokation(function, self.package_manager) if forbidden: MODULE.process('Cannot %s %s: %r' % (function, application_id, forbidden)) result['invokation_forbidden_details'] = forbidden can_continue = False serious_problems = True if warnings: MODULE.process('Warning trying to %s %s: %r' % (function, application_id, forbidden)) result['invokation_warning_details'] = warnings if not force: # dont stop "immediately". # compute the package changes! delayed_can_continue = False result['serious_problems'] = serious_problems result['can_continue'] = can_continue try: if can_continue: if self._working(): # make it multi-tab safe (same session many buttons to be clicked) raise LockError() with self.package_manager.locked(reset_status=True): previously_registered_by_dry_run = False if can_continue and function in ('install', 'update'): remove_component = only_dry_run dry_run_result, previously_registered_by_dry_run = application.install_dry_run(self.package_manager, self.component_manager, remove_component=remove_component, username=self._username, password=self.password, only_master_packages=only_master_packages, dont_remote_install=dont_remote_install, function=function, force=force) result.update(dry_run_result) result['software_changes_computed'] = True serious_problems = bool(result['broken'] or result['master_unreachable'] or result['serious_problems_with_hosts']) if serious_problems or (not force and (result['unreachable'] or result['install'] or result['remove'] or result['problems_with_hosts'])): MODULE.process('Problems encountered or confirmation required. Removing component %s' % application.component_id) if not remove_component: # component was not removed automatically after dry_run if application.candidate: # operation on candidate failed. re-register original application application.register(self.component_manager, self.package_manager) else: # operation on self failed. unregister all application.unregister_all_and_register(None, self.component_manager, self.package_manager) can_continue = False elif can_continue and function in ('uninstall',) and not force: result['remove'] = application.uninstall_dry_run(self.package_manager) result['software_changes_computed'] = True can_continue = False can_continue = can_continue and delayed_can_continue and not only_dry_run result['serious_problems'] = serious_problems result['can_continue'] = can_continue if can_continue and not only_dry_run: def _thread(module, application, function): with module.package_manager.locked(set_finished=True): with module.package_manager.no_umc_restart(exclude_apache=True): if function in ('install', 'update'): # dont have to add component: already added during dry_run return application.install(module.package_manager, module.component_manager, add_component=only_master_packages, send_as=send_as, username=self._username, password=self.password, only_master_packages=only_master_packages, dont_remote_install=dont_remote_install, previously_registered_by_dry_run=previously_registered_by_dry_run) else: return application.uninstall(module.package_manager, module.component_manager, self._username, self.password) def _finished(thread, result): if isinstance(result, BaseException): MODULE.warn('Exception during %s %s: %s' % (function, application_id, str(result))) thread = notifier.threads.Simple('invoke', notifier.Callback(_thread, self, application, function), _finished) thread.run() else: self.package_manager.set_finished() # nothing to do, ready to take new commands self.finished(request.id, result) except LockError: # make it thread safe: another process started a package manager # this module instance already has a running package manager raise umcm.UMC_Error(_('Another package operation is in progress')) def keep_alive(self, request): ''' Fix for Bug #30611: UMC kills appcenter module if no request is sent for $(ucr get umc/module/timeout). this happens if a user logs out during a very long installation. this function will be run by the frontend to always have one connection open to prevent killing the module. ''' def _thread(): while not self.package_manager.progress_state._finished: time.sleep(1) def _finished(thread, result): success = not isinstance(result, BaseException) if not success: MODULE.warn('Exception during keep_alive: %s' % result) self.finished(request.id, success) thread = notifier.threads.Simple('keep_alive', notifier.Callback(_thread), _finished) thread.run() @simple_response def ping(self): return True @simple_response def buy(self, application): app = Apps().find(application) if not app or not app.shop_url: return None ret = {} ret['key_id'] = LICENSE.uuid ret['ucs_version'] = self.ucr.get('version/version') ret['app_id'] = app.id ret['app_version'] = app.version # ret['locale'] = locale.getlocale()[0] # done by frontend ret['user_count'] = None # FIXME: get users and computers from license ret['computer_count'] = None return ret @simple_response def enable_disable_app(self, application, enable=True): app = Apps().find(application) if not app: return stall = get_action('stall') stall.call(app=app, undo=enable) @simple_response def packages_sections(self): """ fills the 'sections' combobox in the search form """ sections = set() cache = apt.Cache() for package in cache: sections.add(package.section) return sorted(sections) @sanitize(pattern=PatternSanitizer(required=True)) @simple_response def packages_query(self, pattern, section='all', key='package'): """ Query to fill the grid. Structure is fixed here. """ result = [] for package in self.package_manager.packages(reopen=True): if section == 'all' or package.section == section: toshow = False if pattern.pattern == '^.*$': toshow = True elif key == 'package' and pattern.search(package.name): toshow = True elif key == 'description' and package.candidate and pattern.search(package.candidate.raw_description): toshow = True if toshow: result.append(self._package_to_dict(package, full=False)) return result @simple_response def packages_get(self, package): """ retrieves full properties of one package """ package = self.package_manager.get_package(package) if package is not None: return self._package_to_dict(package, full=True) else: # TODO: 404? return {} @sanitize( function=MappingSanitizer({ 'install': 'install', 'upgrade': 'install', 'uninstall': 'remove', }, required=True), packages=ListSanitizer(StringSanitizer(minimum=1), required=True), update=BooleanSanitizer() ) @simple_response def packages_invoke_dry_run(self, packages, function, update): if update: self.package_manager.update() packages = self.package_manager.get_packages(packages) kwargs = {'install': [], 'remove': [], 'dry_run': True} if function == 'install': kwargs['install'] = packages else: kwargs['remove'] = packages return dict(zip(['install', 'remove', 'broken'], self.package_manager.mark(**kwargs))) @sanitize( function=MappingSanitizer({ 'install': 'install', 'upgrade': 'install', 'uninstall': 'remove', }, required=True), packages=ListSanitizer(StringSanitizer(minimum=1), required=True) ) def packages_invoke(self, request): """ executes an installer action """ packages = request.options.get('packages') function = request.options.get('function') try: if self._working(): # make it multi-tab safe (same session many buttons to be clicked) raise LockError() with self.package_manager.locked(reset_status=True): not_found = [pkg_name for pkg_name in packages if self.package_manager.get_package(pkg_name) is None] self.finished(request.id, {'not_found': not_found}) if not not_found: def _thread(package_manager, function, packages): with package_manager.locked(set_finished=True): with package_manager.no_umc_restart(exclude_apache=True): if function == 'install': package_manager.install(*packages) else: package_manager.uninstall(*packages) def _finished(thread, result): if isinstance(result, BaseException): MODULE.warn('Exception during %s %s: %r' % (function, packages, str(result))) thread = notifier.threads.Simple('invoke', notifier.Callback(_thread, self.package_manager, function, packages), _finished) thread.run() else: self.package_manager.set_finished() # nothing to do, ready to take new commands except LockError: # make it thread safe: another process started a package manager # this module instance already has a running package manager raise umcm.UMC_Error(_('Another package operation is in progress')) def _working(self): return not self.package_manager.progress_state._finished @simple_response def working(self): # TODO: PackageManager needs is_idle() or something # preferably the package_manager can tell what is currently executed: # package_manager.is_working() => False or _('Installing UCC') return self._working() @simple_response def custom_progress(self): timeout = 5 return self.package_manager.poll(timeout) def _package_to_dict(self, package, full): """ Helper that extracts properties from a 'apt_pkg.Package' object and stores them into a dictionary. Depending on the 'full' switch, stores only limited (for grid display) or full (for detail view) set of properties. """ installed = package.installed # may be None found = True candidate = package.candidate found = candidate is not None if not found: candidate = NoneCandidate() result = { 'package': package.name, 'installed': package.is_installed, 'upgradable': package.is_upgradable and found, 'summary': candidate.summary, } # add (and translate) a combined status field # *** NOTE *** we translate it here: if we would use the Custom Formatter # of the grid then clicking on the sort header would not work. if package.is_installed: if package.is_upgradable: result['status'] = _('upgradable') else: result['status'] = _('installed') else: result['status'] = _('not installed') # additional fields needed for detail view if full: # Some fields differ depending on whether the package is installed or not: if package.is_installed: result['section'] = installed.section result['priority'] = installed.priority or '' result['summary'] = installed.summary # take the current one result['description'] = installed.description result['installed_version'] = installed.version result['size'] = installed.installed_size if package.is_upgradable: result['candidate_version'] = candidate.version else: del result['upgradable'] # not installed: don't show 'upgradable' at all result['section'] = candidate.section result['priority'] = candidate.priority or '' result['description'] = candidate.description result['size'] = candidate.installed_size result['candidate_version'] = candidate.version # format size to handle bytes size = result['size'] byte_mods = ['B', 'kB', 'MB'] for byte_mod in byte_mods: if size < 10000: break size = float(size) / 1000 # MB, not MiB else: size = size * 1000 # once too often if size == int(size): format_string = '%d %s' else: format_string = '%.2f %s' result['size'] = format_string % (size, byte_mod) return result @simple_response def components_query(self): """ Returns components list for the grid in the ComponentsPage. """ # be as current as possible. self.uu.ucr_reinit() self.ucr.load() result = [] for comp in self.uu.get_all_components(): result.append(self.component_manager.component(comp)) return result @sanitize_list(StringSanitizer()) @multi_response(single_values=True) def components_get(self, iterator, component_id): # be as current as possible. self.uu.ucr_reinit() self.ucr.load() for component_id in iterator: yield self.component_manager.component(component_id) @sanitize_list(DictSanitizer({'object': advanced_components_sanitizer})) @multi_response def components_put(self, iterator, object): """Writes back one or more component definitions. """ # umc.widgets.Form wraps the real data into an array: # # [ # { # 'object' : { ... a dict with the real data .. }, # 'options': None # }, # ... more such entries ... # ] # # Current approach is to return a similarly structured array, # filled with elements, each one corresponding to one array # element of the request: # # [ # { # 'status' : a number where 0 stands for success, anything else # is an error code # 'message' : a result message # 'object' : a dict of field -> error message mapping, allows # the form to show detailed error information # }, # ... more such entries ... # ] with util.set_save_commit_load(self.ucr) as super_ucr: for object, in iterator: yield self.component_manager.put(object, super_ucr) self.package_manager.update() # do the same as components_put (update) # but dont allow adding an already existing entry components_add = sanitize_list(DictSanitizer({'object': add_components_sanitizer}))(components_put) components_add.__name__ = 'components_add' @sanitize_list(StringSanitizer()) @multi_response(single_values=True) def components_del(self, iterator, component_id): for component_id in iterator: yield self.component_manager.remove(component_id) self.package_manager.update() @multi_response def settings_get(self, iterator): # *** IMPORTANT *** Our UCR copy must always be current. This is not only # to catch up changes made via other channels (ucr command line etc), # but also to reflect the changes we have made ourselves! self.ucr.load() for _ in iterator: yield { 'unmaintained': self.ucr.is_true('repository/online/unmaintained', False), 'server': self.ucr.get('repository/online/server', ''), 'prefix': self.ucr.get('repository/online/prefix', ''), } @sanitize_list( DictSanitizer({'object': basic_components_sanitizer}), min_elements=1, max_elements=1 # moduleStore with one element... ) @multi_response def settings_put(self, iterator, object): # FIXME: returns values although it should yield (multi_response) changed = False # Set values into our UCR copy. try: with util.set_save_commit_load(self.ucr) as super_ucr: for object, in iterator: for key, value in object.iteritems(): MODULE.info(" ++ Setting new value for '%s' to '%s'" % (key, value)) super_ucr.set_registry_var('%s/%s' % (constants.ONLINE_BASE, key), value) changed = super_ucr.changed() except Exception as e: MODULE.warn(" !! Writing UCR failed: %s" % str(e)) return [{'message': str(e), 'status': constants.PUT_WRITE_ERROR}] self.package_manager.update() # Bug #24878: emit a warning if repository is not reachable try: updater = self.uu for line in updater.print_version_repositories().split('\n'): if line.strip(): break else: raise ConfigurationError() except ConfigurationError: msg = _("There is no repository at this server (or at least none for the current UCS version)") MODULE.warn(" !! Updater error: %s" % msg) response = {'message': msg, 'status': constants.PUT_UPDATER_ERROR} # if nothing was committed, we want a different type of error code, # just to appropriately inform the user if changed: response['status'] = constants.PUT_UPDATER_NOREPOS return [response] except: info = sys.exc_info() emsg = '%s: %s' % info[:2] MODULE.warn(" !! Updater error [%s]: %s" % (emsg)) return [{'message': str(info[1]), 'status': constants.PUT_UPDATER_ERROR}] return [{'status': constants.PUT_SUCCESS}]