def specificGroup(id):
if not es.isAuthorized("usermgmt"):
return "ERR_ACCESS_DENIED", 403
dbconn = db.database()
lg = ldap.groups()
if request.method == "GET":
dbconn.execute("SELECT name, info FROM groups WHERE id = %s LIMIT 1",
(id, ))
group = dbconn.fetchone()
group["permissions"] = []
group["users"] = []
dbconn.execute(
"SELECT P.id FROM permission P INNER JOIN groups_has_permission GHP ON P.id = GHP.permission_id INNER JOIN groups G ON G.id = GHP.group_id WHERE G.id = %s",
(id, ))
for permission in dbconn.fetchall():
group["permissions"].append(permission["id"])
dbconn.execute(
"SELECT P.id FROM people P INNER JOIN people_has_groups PHG ON P.id = PHG.people_id INNER JOIN groups G ON G.id = PHG.group_id WHERE G.id = %s",
(id, ))
for user in dbconn.fetchall():
group["users"].append(user["id"])
return jsonify(group), 200
elif request.method == "DELETE":
if not lg.delete(id) == 0:
return "ERR_LDAP_ERROR", 500
dbconn.execute("DELETE FROM groups WHERE id = %s", (id, ))
if not dbconn.commit():
return "ERR_DATABASE_ERROR", 500
return "SUCCESS", 200
def fixFolder(id):
if not es.isAuthorized("usermgmt"):
return "ERR_ACCESS_DENIED", 403
dbconn = db.database()
dir = directory.directory()
dbconn.execute("SELECT username, unix_userid FROM people WHERE id = %s",
(id, ))
user = dbconn.fetchone()
check = checkers.checkHomeFolder(user)
if check == 1:
if dir.create(user["username"], "users") < 0:
return "ERR_CREATE_HOMEFOLDER", 500
if not dir.setMode(user["username"], "users", "511"):
return "ERR_FOLDER_ERROR", 500
if check >= 1:
if not dir.setOwner(user["username"], "users", user["unix_userid"]):
return "ERR_FOLDER_ERROR", 500
try:
removeError = requests.delete(
url="http://localhost:25252/removeError/" + id +
"/ERR_HOMEFOLDER_MISSING/1")
except:
return "ERR_CONNECTION_ERROR", 500
try:
removeError = requests.delete(
url="http://localhost:25252/removeError/" + id +
"/ERR_HOMEFOLDER_PERMISSIONS/1")
except:
return "ERR_CONNECTION_ERROR", 500
return "SUCCESS", 200
def listShares(id, gid):
if not es.isAuthorized(["usermgmt", "devimgmt"]):
return "ERR_ACCESS_DENIED", 403
dbconn = db.database()
if request.method == "POST":
permissions = 1
if request.form.get("permissions"):
permissions = int(request.form.get("permissions"))
dbconn.execute(
"INSERT INTO groups_has_shares (shares_id, group_id, permission) VALUES (%s, %s, %s)",
(id, gid, permissions))
if not dbconn.commit():
return "ERR_DATABASE_ERROR", 500
if not samba.update():
return "ERR_UPDATE_SAMBA", 500
return "SUCCESS", 201
elif request.method == "PUT":
dbconn.execute(
"UPDATE groups_has_shares SET permission = %s WHERE shares_id = %s AND group_id = %s",
(request.form.get("permission"), id, gid))
if not dbconn.commit():
return "ERR_DATABASE_ERROR", 500
if not samba.update():
return "ERR_UPDATE_SAMBA", 500
return "SUCCESS", 200
elif request.method == "DELETE":
dbconn.execute(
"DELETE FROM groups_has_shares WHERE shares_id = %s AND group_id = %s",
(id, gid))
if not dbconn.commit():
return "ERR_DATABASE_ERROR", 500
if not samba.update():
return "ERR_UPDATE_SAMBA", 500
return "SUCCESS", 200
def device(id):
if not es.isAuthorized("devimgmt"):
return "ERR_ACCESS_DENIED", 403
dbconn = db.database()
if request.method == "GET":
dbconn.execute(
"SELECT D.id, D.name, D.comment, D.devprofile_id AS devprofile, D.registered, D.networklock, D.lastknownIPv4 as ipv4, D.lastknownIPv6 as ipv6, D.requiresLogin, HW.address, HW.type as hardwareAddressType, D.people_id, D.room, D.teacher FROM device D INNER JOIN hardwareidentifier HW on HW.device_id = D.id WHERE D.id = %s",
(id, ))
device = dbconn.fetchone()
device["logins"] = []
dbconn.execute(
"SELECT info, timestamp, people_id, type, affected FROM localLoginLog WHERE device_id = %s",
(id, ))
for logEntry in dbconn.fetchall():
device["logins"].append(logEntry)
return jsonify(device), 200
elif request.method == "PUT":
dbconn.execute(
"UPDATE device SET name = %s, comment = %s, devprofile_id = %s, networklock = %s, requiresLogin = %s, teacher = %s, room = %s WHERE id = %s",
(request.form.get("name"), request.form.get("comment"),
request.form.get("devprofile"), request.form.get("networklock"),
request.form.get("requiresLogin"), request.form.get("teacher"),
request.form.get("room"), request.form.get("id")))
if not dbconn.commit():
return "ERR_DATABASE_ERROR", 500
return "SUCCESS", 200
elif request.method == "DELETE":
dbconn.execute("DELETE FROM device WHERE id = %s", (id, ))
if not dbconn.commit():
return "ERR_DATABASE_ERROR", 500
return "SUCCESS", 200
def fixUser(id):
if not es.isAuthorized("usermgmt"):
return "ERR_ACCESS_DENIED", 403
dbconn = db.database()
ldapUsers = ldap.users()
dbconn.execute(
"SELECT P.id, P.firstname, P.lastname, P.preferredname, P.username, P.smb_homedir, P.email, H.smb_hash, H.unix_hash, P.unix_userid FROM people P INNER JOIN userpassword H ON H.people_id = P.id WHERE P.id = %s",
(id, ))
user = dbconn.fetchone()
check = checkers.checkLdapUserEntry(user)
if check == False or isinstance(check, list):
ldapResult = ldapUsers.update(id)
if ldapResult == -1:
return "ERR_LDAP_ERROR", 500
if ldapResult == -2:
return "ERR_DATABASE_ERROR", 500
else:
return "ERR_ALL_DONE", 200
try:
removeError = requests.delete(
url="http://localhost:25252/removeError/" + id +
"/ERR_LDAP_ENTRY_MISSING/1")
except:
return "ERR_CONNECTION_ERROR", 500
try:
removeError = requests.delete(
url="http://localhost:25252/removeError/" + id +
"/ERR_LDAP_ENTRY_INCOMPLETE/1")
except:
return "ERR_CONNECTION_ERROR", 500
return "SUCCESS", 200
def getHost():
if not es.isAuthorized("usermgmt"):
return "ERR_ACCESS_DENIED", 403
host = os.environ.get("HOST_NETWORK_ADDRESS")
if host == None:
host = ""
return host, 200
def profile(id):
if not es.isAuthorized("devimgmt"):
return "ERR_ACCESS_DENIED", 403
dbconn = db.database()
if request.method == "GET":
dbconn.execute("SELECT name, comment, networklockDefault FROM devprofile WHERE id = %s", (id,))
profile = dbconn.fetchone()
profile["groups"] = []
profile["shares"] = []
dbconn.execute("SELECT group_id FROM devprofile_has_groups WHERE devprofile_id = %s", (id,))
for group in dbconn.fetchall():
profile["groups"].append(group["group_id"])
dbconn.execute("SELECT shares_id FROM devprofile_has_shares WHERE devprofile_id = %s", (id,))
for share in dbconn.fetchall():
profile["shares"].append(share["shares_id"])
return jsonify(profile), 200
elif request.method == "PUT":
dbconn.execute("UPDATE devprofile SET name = %s, comment = %s, networklockDefault = %s WHERE id = %s", (request.form.get("name"), request.form.get("comment"), request.form.get("networklockDefault"), id))
if not dbconn.commit():
return "ERR_DATABASE_ERROR", 500
return "SUCCESS", 200
elif request.method == "DELETE":
dbconn.execute("SELECT COUNT(*) AS count FROM device D INNER JOIN devprofile DP ON DP.id = D.devprofile_id WHERE DP.id = %s", (id,))
count = dbconn.fetchone()["count"]
if not count == 0:
return "ERR_PROFILE_IN_USE", 409
dbconn.execute("DELETE FROM devprofile WHERE id = %s", (id,))
if not dbconn.commit():
return "ERR_DATABASE_ERROR", 500
return "SUCCESS", 200
def userListExport():
if not es.isAuthorized("usermgmt"):
return "ERR_ACCESS_DENIED", 403
data = StringIO()
w = csv.writer(data,
delimiter=';',
quotechar='"',
quoting=csv.QUOTE_MINIMAL)
w.writerow(('lastname', 'firstname', 'short', 'username', 'groups'))
dbconn = db.database()
dbconn.execute(
"SELECT id, lastname, firstname, short, username FROM people")
for user in dbconn.fetchall():
groups = ''
dbconn2 = db.database()
dbconn2.execute(
"select name from groups where id in(select group_id from people_has_groups where people_id='"
+ user['id'] + "');")
first = True
for g in dbconn2.fetchall():
if first:
first = False
else:
groups = groups + ';'
groups = groups + g["name"]
w.writerow((user["lastname"], user["firstname"], user["short"],
user["username"], groups))
response = make_response(data.getvalue())
response.headers[
"Content-Disposition"] = "attachment; filename=userList.csv"
response.headers["Content-Type"] = "text/csv"
return response
def runIntegrityCheck():
if not es.isAuthorized("usermgmt"):
return "ERR_ACCESS_DENIED", 403
try:
run = requests.put(url="http://localhost:25252/run")
except:
return "ERR_CONNECTION_ERROR", 500
return "SUCCESS", 200
def listDevices():
if not es.isAuthorized("devimgmt"):
return "ERR_ACCESS_DENIED", 403
dbconn = db.database()
dbconn.execute("SELECT name, comment, devprofile_id AS devprofile, people_id, networklock, screenlock, requiresLogin, id, room, teacher FROM device")
devices = []
for device in dbconn.fetchall():
devices.append(device)
return jsonify(devices), 200
def listPermissions():
if not es.isAuthorized("usermgmt"):
return "ERR_ACCESS_DENIED", 403
dbconn = db.database()
permissions = []
dbconn.execute("SELECT id, name, info FROM permission")
for permission in dbconn.fetchall():
permissions.append(permission)
return jsonify(permissions), 200
def listProfiles():
if not es.isAuthorized("devimgmt"):
return "ERR_ACCESS_DENIED", 403
dbconn = db.database()
dbconn.execute(
"SELECT name, comment, networklockDefault, allowVNC, id FROM devprofile"
)
profiles = []
for profile in dbconn.fetchall():
profiles.append(profile)
return jsonify(profiles), 200
def listEmptyGroups():
if not es.isAuthorized("usermgmt"):
return "ERR_ACCESS_DENIED", 403
dbconn = db.database()
groups = []
dbconn.execute(
"SELECT id FROM groups WHERE type = 3 AND id NOT IN (SELECT group_id AS id FROM people_has_groups)"
)
for group in dbconn.fetchall():
groups.append(group["id"])
return jsonify(groups), 200
def getIntegrityResults():
if not es.isAuthorized("usermgmt"):
return "ERR_ACCESS_DENIED", 403
try:
response = requests.get(url="http://localhost:25252/results")
except:
return "ERR_CONNECTION_ERROR", 500
results = json.loads(response.text)["response"]
if results == None:
return "NO_RESULT_AVAILABLE", 200
return jsonify(results), 200
def manageGroupPermissions(id, gid):
if not es.isAuthorized("usermgmt"):
return "ERR_ACCESS_DENIED", 403
dbconn = db.database()
if request.method == "POST":
dbconn.execute("INSERT INTO groups_has_permission (group_id, permission_id) VALUES (%s, %s)", (gid, id))
if not dbconn.commit():
return "ERR_DATABASE_ERROR", 500
return "SUCCESS", 200
elif request.method == "DELETE":
dbconn.execute("DELETE FROM groups_has_permission WHERE group_id = %s AND permission_id = %s", (gid, id))
if not dbconn.commit():
return "ERR_DATABASE_ERROR", 500
return "SUCCESS", 200
def profileShares(id, sid):
if not es.isAuthorized("devimgmt"):
return "ERR_ACCESS_DENIED", 403
dbconn = db.database()
if request.method == "POST":
dbconn.execute("INSERT INTO devprofile_has_shares (devprofile_id, shares_id) VALUES (%s, %s)", (id, sid))
if not dbconn.commit():
return "ERR_DATABASE_ERROR", 500
return "SUCCESS", 200
elif request.method == "DELETE":
dbconn.execute("DELETE FROM devprofile_has_shares WHERE devprofile_id = %s AND shares_id = %s", (id, sid))
if not dbconn.commit():
return "ERR_DATABASE_ERROR", 500
return "SUCCESS", 200
def createGroup():
if not es.isAuthorized("usermgmt"):
return "ERR_ACCESS_DENIED", 403
dbconn = db.database()
lg = ldap.groups()
failed = False
if request.form.get("name") == "":
return "ERR_INPUT_ERROR", 500
dbconn.execute("INSERT INTO groups (name, info, type) VALUES (%s, %s, %s)",
(request.form.get("name"), request.form.get("info"),
request.form.get("type")))
if not dbconn.commit():
return "ERR_DATABASE_ERROR", 500
id = dbconn.getId()
if not lg.create(id) == 0:
return "ERR_LDAP_ERROR", 500
if request.form.get("permissions"):
permissions = []
for permission in json.loads(request.form.get("permissions")):
permissions.append((id, permission))
dbconn.execute(
"INSERT INTO groups_has_permission (group_id, permission_id) VALUES (%s, %s)",
permissions)
if not dbconn.commit():
return "ERR_DATABASE_ERROR", 500
usersToAdd = []
if request.form.get("fromgroup"):
for group in request.form.get("source"):
dbconn.execute(
"SELECT P.id FROM people P INNER JOIN people_has_groups PHG ON P.id = PHG.people_id INNER JOIN groups G ON G.id = PHG.group_id WHERE G.id = %s",
(group, ))
for user in dbconn.fetchall():
if not user in usersToAdd:
usersToAdd.append((id, user["id"]))
if request.form.get("users"):
for user in json.loads(request.form.get("users")):
usersToAdd.append((id, user))
for element in usersToAdd:
element = (id, element)
dbconn.execute(
"INSERT INTO people_has_groups (group_id, people_id) VALUES (%s, %s)",
usersToAdd)
if not dbconn.commit():
return "ERR_DATABASE_ERROR", 500
for (id, element) in usersToAdd:
if not lg.addUser(element, id) == 0:
failed = True
if failed:
return "ERR_LDAP_ERROR", 500
return str(id), 201
def listUsers():
if not es.isAuthorized("usermgmt"):
return "ERR_ACCESS_DENIED", 403
dbconn = db.database()
users = []
dbconn.execute("SELECT id, firstname, lastname, username, email, DATE_FORMAT(birthdate, '%Y-%m-%d') AS birthdate, persistant FROM people")
for user in dbconn.fetchall():
ids = []
dbconn.execute("SELECT G.id AS id FROM groups G INNER JOIN people_has_groups PHG ON PHG.group_id = G.id INNER JOIN people P ON P.id = PHG.people_id WHERE P.id = %s", (user["id"],))
for group in dbconn.fetchall():
ids.append(group["id"])
user["groups"] = ids
users.append(user)
return jsonify(users), 200
def listShares():
if not es.isAuthorized(["usermgmt", "devimgmt"]):
return "ERR_ACCESS_DENIED", 403
dbconn = db.database()
dbconn.execute("SELECT name, path, id FROM shares")
shares = []
for share in dbconn.fetchall():
groups = []
dbconn.execute(
"SELECT G.id, G.name, GHS.permission FROM groups G INNER JOIN groups_has_shares GHS ON GHS.group_id = G.id WHERE GHS.shares_id = %s",
(share["id"], ))
for group in dbconn.fetchall():
groups.append(group)
share["groups"] = groups
shares.append(share)
return jsonify(shares), 200
def listGroups():
if not es.isAuthorized("usermgmt"):
return "ERR_ACCESS_DENIED", 403
dbconn = db.database()
groups = []
dbconn.execute("SELECT id, name, info, type FROM groups")
for group in dbconn.fetchall():
permissions = []
dbconn.execute(
"SELECT P.name, P.id, P.info FROM permission P INNER JOIN groups_has_permission GHP ON P.id = GHP.permission_id INNER JOIN groups G ON G.id = GHP.group_id WHERE G.id = %s",
(group["id"], ))
for permission in dbconn.fetchall():
permissions.append(permission)
group["permissions"] = permissions
groups.append(group)
return jsonify(groups), 200
def servermanager():
if not es.isAuthorized("servmgmt"):
return "ERR_ACCESS_DENIED", 403
data = {}
if request.form.get("data"):
data = json.loads(request.form.get("data"))
with open(config.CONFIG_APIKEY_PATH) as f:
data["apikey"] = f.read()[:-1]
try:
r = requests.post(url="http://192.168.255.255:49100" +
request.form.get("url"),
data=data)
except:
return "ERR_CONNECTION_ERROR", 500
else:
return r.text, 200
def ipfire():
if not es.isAuthorized("servmgmt"):
return "ERR_ACCESS_DENIED", 403
config = cf.configfile()
if request.method == "GET":
data = {
"url": config.get("ipfire", "url"),
"port": config.get("ipfire", "port"),
"password": config.get("ipfire", "password"),
}
return jsonify(data), 200
elif request.method == "PUT":
config.set("ipfire", "url", request.form.get("url"))
config.set("ipfire", "port", request.form.get("port"))
config.set("ipfire", "password", request.form.get("password"))
return "SUCCESS", 200
def deviceUser(id, uid):
if not es.isAuthorized("devimgmt"):
return "ERR_ACCESS_DENIED", 403
dbconn = db.database()
if request.method == "POST":
dbconn.execute("UPDATE device SET people_id = %s WHERE id = %s",
(uid, id))
if not dbconn.commit():
return "ERR_DATABASE_ERROR", 500
return "SUCCESS", 200
elif request.method == "DELETE":
dbconn.execute("UPDATE device SET people_id = NULL WHERE id = %s",
(id))
if not dbconn.commit():
return "ERR_DATABASE_ERROR", 500
return "SUCCESS", 200
def getIntegrityStatus():
if not es.isAuthorized("usermgmt"):
return "ERR_ACCESS_DENIED", 403
try:
status = requests.get(url="http://localhost:25252/status")
except:
return "ERR_CONNECTION_ERROR", 500
try:
lastRun = requests.get(url="http://localhost:25252/lastRun")
except:
return "ERR_CONNECTION_ERROR", 500
response = {
"status": json.loads(status.text)["response"],
"lastRun": json.loads(lastRun.text)["response"],
}
return jsonify(response), 200
def fixGroup(id):
if not es.isAuthorized("usermgmt"):
return "ERR_ACCESS_DENIED", 403
dbconn = db.database()
ldapGroups = ldap.groups()
dbconn.execute("SELECT name FROM groups WHERE id = %s", (id, ))
name = dbconn.fetchone()["name"]
check = checkers.checkLdapGroupEntry({"name": name})
if not check and request.form.get("missing"):
ldapResult = ldapGroups.create(int(id))
if ldapResult == -1:
return "ERR_LDAP_ERROR", 500
if ldapResult == -2:
return "ERR_DATABASE_ERROR", 500
dbconn.execute(
"SELECT P.id FROM people P INNER JOIN people_has_groups PHG ON PHG.people_id = P.ID INNER JOIN groups G ON G.id = PHG.group_id WHERE G.id = %s",
(id, ))
addFailed = False
for user in dbconn.fetchall():
memberResult = ldapGroups.addUser(user["id"], id)
if memberResult < 0:
addFailed = True
if addFailed:
return "ERR_LDAP_ERROR", 500
else:
return "ERR_ALL_DONE", 200
try:
removeError = requests.delete(
url="http://localhost:25252/removeError/" + id +
"/ERR_LDAP_ENTRY_MISSING/0")
except:
return "ERR_CONNECTION_ERROR", 500
try:
removeError = requests.delete(
url="http://localhost:25252/removeError/" + id +
"/ERR_LDAP_ENTRY_INCOMPLETE/0")
except:
return "ERR_CONNECTION_ERROR", 500
return "SUCCESS", 200
def createProfile():
if not es.isAuthorized("devimgmt"):
return "ERR_ACCESS_DENIED", 403
dbconn = db.database()
dbconn.execute("INSERT INTO devprofile (name, comment, networklockDefault) VALUES (%s, %s, %s)", (request.form.get("name"), request.form.get("comment"), request.form.get("networklockDefault")))
if not dbconn.commit():
return "ERR_DATABASE_ERROR", 500
id = dbconn.getId()
failed = False
if request.form.get("groups"):
for group in json.loads(request.form.get("groups")):
dbconn.execute("INSERT INTO devprofile_has_groups (devprofile_id, group_id) VALUES (%s, %s)", (id, group))
if not dbconn.commit():
failed = True
if request.form.get("shares"):
for share in json.loads(request.form.get("shares")):
dbconn.execute("INSERT INTO devprofile_has_shares (devprofile_id, shares_id) VALUES (%s, %s)", (id, share))
if not dbconn.commit():
failed = True
if failed:
return "ERR_DATABASE_ERROR", 500
return str(id), 201
def groupOperation(id, uid):
if not es.isAuthorized("usermgmt"):
return "ERR_ACCESS_DENIED", 403
dbconn = db.database()
lg = ldap.groups()
if request.method == "POST":
dbconn.execute(
"INSERT INTO people_has_groups (people_id, group_id) VALUES (%s, %s)",
(uid, id))
if not dbconn.commit():
return "ERR_DATABASE_ERROR", 500
if not lg.addUser(uid, id) == 0:
return "ERR_LDAP_ERROR", 500
return "SUCCESS", 201
elif request.method == "DELETE":
dbconn.execute(
"DELETE FROM people_has_groups WHERE people_id = %s AND group_id = %s",
(uid, id))
if not dbconn.commit():
return "ERR_DATABASE_ERROR", 500
if not lg.deleteUser(uid, id) == 0:
return "ERR_LDAP_ERROR", 500
return "SUCCESS", 200
def fixGroupMembership(id):
if not es.isAuthorized("usermgmt"):
return "ERR_ACCESS_DENIED", 403
dbconn = db.database()
ldapGroups = ldap.groups()
dbconn.execute("SELECT username FROM people WHERE id = %s", (id, ))
username = dbconn.fetchone()["username"]
for target in json.loads(request.form.get("targets")):
dbconn.execute("SELECT id FROM groups WHERE name = %s", (target, ))
gid = dbconn.fetchone()["id"]
if not checkers.checkLdapGroupMembership(username, gid):
memberResult = ldapGroups.addUser(id, gid)
if memberResult == -1:
return "ERR_LDAP_ERROR", 500
if memberResult == -2:
return "ERR_DATABASE_ERROR", 500
try:
removeError = requests.delete(
url="http://localhost:25252/removeError/" + id +
"/ERR_LDAP_GROUP_MEMBERSHIP/1")
except:
return "ERR_CONNECTION_ERROR", 500
return "SUCCESS", 200
def newPassword(id):
if not es.isAuthorized("usermgmt"):
return "ERR_ACCESS_DENIED", 403
dbconn = db.database()
lu = ldap.users()
dbconn.execute(
"SELECT unix_hash FROM userpassword UP INNER JOIN people P ON UP.people_id = P.id WHERE P.id = %s",
(id, ))
result = dbconn.fetchone()
if not passlib.hash.ldap_salted_sha1.verify(request.form.get("old"),
result["unix_hash"]):
return "ERR_AUTH_PASSWORD", 500
if not request.form.get("new1") == request.form.get("new2"):
return "ERR_PASSWORDS_DIFFERENT", 500
dbconn.execute(
"UPDATE userpassword SET unix_hash = %s, smb_hash = %s, hint = %s, autogen = 0, cleartext = NULL WHERE people_id = %s",
(hash.unix(request.form.get("new1")),
hash.samba(request.form.get("new1")), request.form.get("pwhint"), id))
if not dbconn.commit():
return "ERR_DATABASE_ERROR", 500
if not lu.update(id) == 0:
return "ERR_LDAP_ERROR", 500
return "SUCCESS", 200
def userCount():
if not es.isAuthorized("usermgmt"):
return "ERR_ACCESS_DENIED", 403
dbconn = db.database()
dbconn.execute("SELECT COUNT(*) AS c FROM groups")
return jsonify({"count": dbconn.fetchone()["c"]}), 200
