~azzar1/unity/add-show-desktop-key : contents of ivle/makeuser.py at revision 1099.1.184

~azzar1/unity/add-show-desktop-key : (revision 1099.1.184)

# IVLE - Informatics Virtual Learning Environment
# Copyright (C) 2007-2008 The University of Melbourne
#
# This program is free software; you can redistribute it and/or modify
# it under the terms of the GNU General Public License as published by
# the Free Software Foundation; either version 2 of the License, or
# (at your option) any later version.
#
# This program is distributed in the hope that it will be useful,
# but WITHOUT ANY WARRANTY; without even the implied warranty of
# MERCHANTABILITY or FITNESS FOR A PARTICULAR PURPOSE.  See the
# GNU General Public License for more details.
#
# You should have received a copy of the GNU General Public License
# along with this program; if not, write to the Free Software
# Foundation, Inc., 51 Franklin St, Fifth Floor, Boston, MA  02110-1301  USA

# Module: MakeUser
# Author: Matt Giuca
# Date:   1/2/2008

# Allows creation of users. This sets up the following:
# * User's jail and home directory within the jail.
# * Subversion repository (TODO)
# * Check out Subversion workspace into jail (TODO)
# * Database details for user
# * Unix user account

# TODO: Sanitize login name and other fields.
# Users must not be called "temp" or "template".

# TODO: When creating a new home directory, chown it to its owner

# TODO: In chown_to_webserver:
# Do not call os.system("chown www-data") - use Python lib
# and use the web server uid given in conf. (Several places).

import md5
import os
import stat
import shutil
import time
import uuid
import warnings
import filecmp
import logging
import ivle.conf
import ivle.pulldown_subj

from ivle.database import ProjectGroup

def chown_to_webserver(filename):
    """
    Chowns a file so the web server user owns it.
    (This is useful in setting up Subversion conf files).
    Assumes root.
    """
    try:
        os.system("chown -R www-data:www-data %s" % filename)
    except:
        pass

def make_svn_repo(path, throw_on_error=True):
    """Create a Subversion repository at the given path.
    """
    try:
        res = os.system("svnadmin create '%s'" % path)
        if res != 0 and throw_on_error:
            raise Exception("Cannot create repository: %s" % path)
    except Exception, exc:
        print repr(exc)
        if throw_on_error:
            raise

    chown_to_webserver(path)

def rebuild_svn_config(store):
    """Build the complete SVN configuration file.
    """
    users = store.find(ivle.database.User)
    groups = {}
    for u in users:
        role = str(u.role)
        if role not in groups:
            groups[role] = []
        groups[role].append(u.login)
    f = open(ivle.conf.svn_conf + ".new", "w")
    f.write("# IVLE SVN Repositories Configuration\n")
    f.write("# Auto-generated on %s\n" % time.asctime())
    f.write("\n")
    f.write("[groups]\n")
    for (g,ls) in groups.iteritems():
        f.write("%s = %s\n" % (g, ",".join(ls)))
    f.write("\n")
    for u in users:
        f.write("[%s:/]\n" % u.login)
        f.write("%s = rw\n" % u.login)
        #f.write("@tutor = r\n")
        #f.write("@lecturer = rw\n")
        #f.write("@admin = rw\n")
        f.write("\n")
    f.close()
    os.rename(ivle.conf.svn_conf + ".new", ivle.conf.svn_conf)
    chown_to_webserver(ivle.conf.svn_conf)

def rebuild_svn_group_config(store):
    """Build the complete SVN configuration file for groups
    """
    f = open(ivle.conf.svn_group_conf + ".new", "w")
    f.write("# IVLE SVN Group Repositories Configuration\n")
    f.write("# Auto-generated on %s\n" % time.asctime())
    f.write("\n")
    for group in store.find(ProjectGroup):
        offering = group.project_set.offering
        reponame = "_".join([offering.subject.short_name,
                             offering.semester.year,
                             offering.semester.semester,
                             group.name])
        f.write("[%s:/]\n"%reponame)
        for user in group.members:
            f.write("%s = rw\n" % user.login)
        f.write("\n")
    f.close()
    os.rename(ivle.conf.svn_group_conf + ".new", ivle.conf.svn_group_conf)
    chown_to_webserver(ivle.conf.svn_group_conf)

def make_svn_auth(store, login, throw_on_error=True):
    """Setup svn authentication for the given user.
       Uses the given DB store object. Does not commit to the db.
    """
    passwd = md5.new(uuid.uuid4().bytes).digest().encode('hex')
    if os.path.exists(ivle.conf.svn_auth_ivle):
        create = ""
    else:
        create = "c"

    user = ivle.database.User.get_by_login(store, login)
    user.svn_pass = unicode(passwd)

    res = os.system("htpasswd -%smb %s %s %s" % (create,
                                              ivle.conf.svn_auth_ivle,
                                              login, passwd))
    if res != 0 and throw_on_error:
        raise Exception("Unable to create ivle-auth for %s" % login)

    # Make sure the file is owned by the web server
    if create == "c":
        chown_to_webserver(ivle.conf.svn_auth_ivle)

    return passwd

def generate_manifest(basedir, targetdir, parent=''):
    """ From a basedir and a targetdir work out which files are missing or out 
    of date and need to be added/updated and which files are redundant and need 
    to be removed.
    
    parent: This is used for the recursive call to track the relative paths 
    that we have decended.
    """
    
    cmp = filecmp.dircmp(basedir, targetdir)

    # Add all new files and files that have changed
    to_add = [os.path.join(parent,x) for x in (cmp.left_only + cmp.diff_files)]

    # Remove files that are redundant
    to_remove = [os.path.join(parent,x) for x in cmp.right_only]
    
    # Recurse
    for d in cmp.common_dirs:
        newbasedir = os.path.join(basedir, d)
        newtargetdir = os.path.join(targetdir, d)
        newparent = os.path.join(parent, d)
        (sadd,sremove) = generate_manifest(newbasedir, newtargetdir, newparent)
        to_add += sadd
        to_remove += sremove

    return (to_add, to_remove)


def make_jail(user, force=True):
    """Creates a new user's jail space, in the jail directory as configured in
    conf.py.

    This only creates things within /home - everything else is expected to be
    part of another UnionFS branch.

    Returns the path to the user's home directory.

    Chowns the user's directory within the jail to the given UID.

    force: If false, exception if jail already exists for this user.
    If true (default), overwrites it, but preserves home directory.
    """
    # MUST run as root or some of this may fail
    if os.getuid() != 0:
        raise Exception("Must run make_jail as root")
    
    # tempdir is for putting backup homes in
    tempdir = os.path.join(ivle.conf.jail_base, '__temp__')
    if not os.path.exists(tempdir):
        os.makedirs(tempdir)
    elif not os.path.isdir(tempdir):
        os.unlink(tempdir)
        os.mkdir(tempdir)
    userdir = os.path.join(ivle.conf.jail_src_base, user.login)
    homedir = os.path.join(userdir, 'home')
    userhomedir = os.path.join(homedir, user.login)   # Return value

    if os.path.exists(userdir):
        if not force:
            raise Exception("User's jail already exists")
        # User jail already exists. Blow it away but preserve their home
        # directory. It should be all that is there anyway, but you never
        # know!
        # Ignore warnings about the use of tmpnam
        warnings.simplefilter('ignore')
        homebackup = os.tempnam(tempdir)
        warnings.resetwarnings()
        # Note: shutil.move does not behave like "mv" - it does not put a file
        # into a directory if it already exists, just fails. Therefore it is
        # not susceptible to tmpnam symlink attack.
        shutil.move(homedir, homebackup)
        shutil.rmtree(userdir)
        os.makedirs(homedir)
        shutil.move(homebackup, homedir)
        # Change the ownership of all the files to the right unixid
        logging.debug("chown %s's home directory files to uid %d"
            %(user.login, user.unixid))
        os.chown(userhomedir, user.unixid, user.unixid)
        for root, dirs, files in os.walk(userhomedir):
            for fsobj in dirs + files:
                os.chown(os.path.join(root, fsobj), user.unixid, user.unixid)
    else:
        # No user jail exists
        # Set up the user's home directory
        os.makedirs(userhomedir)
        # Chown (and set the GID to the same as the UID).
        os.chown(userhomedir, user.unixid, user.unixid)
        # Chmod to rwxr-xr-x (755)
        os.chmod(userhomedir, 0755)

    make_conf_py(user.login, userdir, user.svn_pass)
    make_etc_passwd(user.login, userdir, ivle.conf.jail_system, user.unixid)

    return userhomedir

def make_conf_py(username, user_jail_dir, svn_pass):
    """
    Creates (overwriting any existing file, and creating directories) a
    file ${python_site_packages}/ivle/conf/conf.py in a given user's jail.
    username: Username.
    user_jail_dir: User's jail dir, ie. ivle.conf.jail_base + username
    svn_pass: User's SVN password.
    """
    conf_path = os.path.join(user_jail_dir,
            ivle.conf.python_site_packages[1:], "ivle/conf/conf.py")
    os.makedirs(os.path.dirname(conf_path))

    # In the "in-jail" version of conf, we don't need MOST of the details
    # (it would be a security risk to have them here).
    # So we just write root_dir, and jail_base is "/".
    # (jail_base being "/" means "jail-relative" paths are relative to "/"
    # when inside the jail.)

    # XXX: jail_base is wrong and shouldn't be here. Unfortunately, jail code
    #      uses ivle.studpath.url_to_{local,jailpaths}, both of which use
    #      jail_base. Note that they don't use the bits of the return value
    #      that depend on jail_base, so it can be any string.
    conf_file = open(conf_path, "w")
    conf_file.write("""# IVLE jail configuration

# In URL space, where in the site is IVLE located. (All URLs will be prefixed
# with this).
# eg. "/" or "/ivle".
root_dir = %(root_dir)r

# This value is not relevant inside the jail, but must remain for now. See
# the XXX in ivle.makeuser.make_conf_py.
jail_base = '/'

# The hostname for serving publicly accessible pages
public_host = %(public_host)r

# The URL under which the Subversion repositories are located.
svn_addr = %(svn_addr)r

# The login name for the owner of the jail
login = %(username)r

# The subversion-only password for the owner of the jail
svn_pass = %(svn_pass)r
""" % {'root_dir': ivle.conf.root_dir,
       'public_host': ivle.conf.public_host,
       'svn_addr': ivle.conf.svn_addr,
       'username': username,
       'svn_pass': svn_pass,
      })
    conf_file.close()

    # Make this file world-readable
    # (chmod 644 conf_path)
    os.chmod(conf_path, stat.S_IRUSR | stat.S_IWUSR | stat.S_IRGRP
                        | stat.S_IROTH)

def make_etc_passwd(username, user_jail_dir, template_dir, unixid):
    """
    Creates /etc/passwd in the given user's jail. This will be identical to
    that in the template jail, except for the added entry for this user.
    """
    template_passwd_path = os.path.join(template_dir, "etc/passwd")
    passwd_path = os.path.join(user_jail_dir, "etc/passwd")
    passwd_dir = os.path.dirname(passwd_path)
    if not os.path.exists(passwd_dir):
        os.makedirs(passwd_dir)
    shutil.copy(template_passwd_path, passwd_path)
    passwd_file = open(passwd_path, 'a')
    passwd_file.write('%s:x:%d:%d::/home/%s:/bin/bash'
                      % (username, unixid, unixid, username))
    passwd_file.close()

def mount_jail(login):
    # This is where we'll mount to...
    destdir = os.path.join(ivle.conf.jail_base, login)
    # ... and this is where we'll get the user bits.
    srcdir = os.path.join(ivle.conf.jail_src_base, login)
    try:
        if not os.path.exists(destdir):
            os.mkdir(destdir)
        if os.system('/bin/mount -t aufs -o dirs=%s:%s=ro none %s'
                     % (srcdir, ivle.conf.jail_system, destdir)) == 0:
            logging.info("mounted user %s's jail." % login)
        else:
            logging.error("failed to mount user %s's jail!" % login)
    except Exception, message:
        logging.warning(str(message))

1079 by William Grant Merge setup-refactor branch. This completely breaks existing installations;	1	# IVLE - Informatics Virtual Learning Environment
	2	# Copyright (C) 2007-2008 The University of Melbourne
	3	#
	4	# This program is free software; you can redistribute it and/or modify
	5	# it under the terms of the GNU General Public License as published by
	6	# the Free Software Foundation; either version 2 of the License, or
	7	# (at your option) any later version.
	8	#
	9	# This program is distributed in the hope that it will be useful,
	10	# but WITHOUT ANY WARRANTY; without even the implied warranty of
	11	# MERCHANTABILITY or FITNESS FOR A PARTICULAR PURPOSE. See the
	12	# GNU General Public License for more details.
	13	#
	14	# You should have received a copy of the GNU General Public License
	15	# along with this program; if not, write to the Free Software
	16	# Foundation, Inc., 51 Franklin St, Fifth Floor, Boston, MA 02110-1301 USA
	17
	18	# Module: MakeUser
	19	# Author: Matt Giuca
	20	# Date: 1/2/2008
	21
	22	# Allows creation of users. This sets up the following:
	23	# * User's jail and home directory within the jail.
	24	# * Subversion repository (TODO)
	25	# * Check out Subversion workspace into jail (TODO)
	26	# * Database details for user
	27	# * Unix user account
	28
	29	# TODO: Sanitize login name and other fields.
	30	# Users must not be called "temp" or "template".
	31
	32	# TODO: When creating a new home directory, chown it to its owner
	33
	34	# TODO: In chown_to_webserver:
	35	# Do not call os.system("chown www-data") - use Python lib
	36	# and use the web server uid given in conf. (Several places).
	37
	38	import md5
	39	import os
	40	import stat
	41	import shutil
	42	import time
	43	import uuid
	44	import warnings
	45	import filecmp
	46	import logging
	47	import ivle.conf
	48	import ivle.pulldown_subj
	49
1080.1.44 by William Grant ivle.makeuser: Port rebuild_svn_group_config() to Storm.	50	from ivle.database import ProjectGroup
	51
1079 by William Grant Merge setup-refactor branch. This completely breaks existing installations;	52	def chown_to_webserver(filename):
	53	"""
	54	Chowns a file so the web server user owns it.
	55	(This is useful in setting up Subversion conf files).
	56	Assumes root.
	57	"""
	58	try:
	59	os.system("chown -R www-data:www-data %s" % filename)
	60	except:
	61	pass
	62
	63	def make_svn_repo(path, throw_on_error=True):
	64	"""Create a Subversion repository at the given path.
	65	"""
	66	try:
	67	res = os.system("svnadmin create '%s'" % path)
	68	if res != 0 and throw_on_error:
	69	raise Exception("Cannot create repository: %s" % path)
	70	except Exception, exc:
	71	print repr(exc)
	72	if throw_on_error:
	73	raise
	74
	75	chown_to_webserver(path)
	76
1080.1.17 by me at id ivle.makeuser: svn auth manipulation functions now use storm as much as	77	def rebuild_svn_config(store):
1079 by William Grant Merge setup-refactor branch. This completely breaks existing installations;	78	"""Build the complete SVN configuration file.
	79	"""
1080.1.17 by me at id ivle.makeuser: svn auth manipulation functions now use storm as much as	80	users = store.find(ivle.database.User)
1079 by William Grant Merge setup-refactor branch. This completely breaks existing installations;	81	groups = {}
	82	for u in users:
	83	role = str(u.role)
	84	if role not in groups:
	85	groups[role] = []
	86	groups[role].append(u.login)
	87	f = open(ivle.conf.svn_conf + ".new", "w")
	88	f.write("# IVLE SVN Repositories Configuration\n")
	89	f.write("# Auto-generated on %s\n" % time.asctime())
	90	f.write("\n")
	91	f.write("[groups]\n")
	92	for (g,ls) in groups.iteritems():
	93	f.write("%s = %s\n" % (g, ",".join(ls)))
	94	f.write("\n")
	95	for u in users:
	96	f.write("[%s:/]\n" % u.login)
	97	f.write("%s = rw\n" % u.login)
	98	#f.write("@tutor = r\n")
	99	#f.write("@lecturer = rw\n")
	100	#f.write("@admin = rw\n")
	101	f.write("\n")
	102	f.close()
	103	os.rename(ivle.conf.svn_conf + ".new", ivle.conf.svn_conf)
	104	chown_to_webserver(ivle.conf.svn_conf)
	105
1080.1.17 by me at id ivle.makeuser: svn auth manipulation functions now use storm as much as	106	def rebuild_svn_group_config(store):
1079 by William Grant Merge setup-refactor branch. This completely breaks existing installations;	107	"""Build the complete SVN configuration file for groups
	108	"""
	109	f = open(ivle.conf.svn_group_conf + ".new", "w")
	110	f.write("# IVLE SVN Group Repositories Configuration\n")
	111	f.write("# Auto-generated on %s\n" % time.asctime())
	112	f.write("\n")
1080.1.44 by William Grant ivle.makeuser: Port rebuild_svn_group_config() to Storm.	113	for group in store.find(ProjectGroup):
	114	offering = group.project_set.offering
	115	reponame = "_".join([offering.subject.short_name,
	116	offering.semester.year,
	117	offering.semester.semester,
	118	group.name])
1079 by William Grant Merge setup-refactor branch. This completely breaks existing installations;	119	f.write("[%s:/]\n"%reponame)
1080.1.44 by William Grant ivle.makeuser: Port rebuild_svn_group_config() to Storm.	120	for user in group.members:
	121	f.write("%s = rw\n" % user.login)
1079 by William Grant Merge setup-refactor branch. This completely breaks existing installations;	122	f.write("\n")
	123	f.close()
	124	os.rename(ivle.conf.svn_group_conf + ".new", ivle.conf.svn_group_conf)
	125	chown_to_webserver(ivle.conf.svn_group_conf)
	126
1080.1.7 by matt.giuca The new ivle.database.User class is now used in Request and usrmgt, which	127	def make_svn_auth(store, login, throw_on_error=True):
1079 by William Grant Merge setup-refactor branch. This completely breaks existing installations;	128	"""Setup svn authentication for the given user.
1080.1.7 by matt.giuca The new ivle.database.User class is now used in Request and usrmgt, which	129	Uses the given DB store object. Does not commit to the db.
1079 by William Grant Merge setup-refactor branch. This completely breaks existing installations;	130	"""
	131	passwd = md5.new(uuid.uuid4().bytes).digest().encode('hex')
	132	if os.path.exists(ivle.conf.svn_auth_ivle):
	133	create = ""
	134	else:
	135	create = "c"
	136
1080.1.7 by matt.giuca The new ivle.database.User class is now used in Request and usrmgt, which	137	user = ivle.database.User.get_by_login(store, login)
	138	user.svn_pass = unicode(passwd)
1079 by William Grant Merge setup-refactor branch. This completely breaks existing installations;	139
	140	res = os.system("htpasswd -%smb %s %s %s" % (create,
	141	ivle.conf.svn_auth_ivle,
	142	login, passwd))
	143	if res != 0 and throw_on_error:
	144	raise Exception("Unable to create ivle-auth for %s" % login)
	145
	146	# Make sure the file is owned by the web server
	147	if create == "c":
	148	chown_to_webserver(ivle.conf.svn_auth_ivle)
	149
	150	return passwd
	151
	152	def generate_manifest(basedir, targetdir, parent=''):
	153	""" From a basedir and a targetdir work out which files are missing or out
	154	of date and need to be added/updated and which files are redundant and need
	155	to be removed.
	156
	157	parent: This is used for the recursive call to track the relative paths
	158	that we have decended.
	159	"""
	160
	161	cmp = filecmp.dircmp(basedir, targetdir)
	162
	163	# Add all new files and files that have changed
	164	to_add = [os.path.join(parent,x) for x in (cmp.left_only + cmp.diff_files)]
	165
	166	# Remove files that are redundant
	167	to_remove = [os.path.join(parent,x) for x in cmp.right_only]
	168
	169	# Recurse
	170	for d in cmp.common_dirs:
	171	newbasedir = os.path.join(basedir, d)
	172	newtargetdir = os.path.join(targetdir, d)
	173	newparent = os.path.join(parent, d)
	174	(sadd,sremove) = generate_manifest(newbasedir, newtargetdir, newparent)
	175	to_add += sadd
	176	to_remove += sremove
	177
	178	return (to_add, to_remove)
	179
	180
1080.1.19 by me at id ivle.makeuser.make_jail: Just take an ivle.database.User, rather than some	181	def make_jail(user, force=True):
1079 by William Grant Merge setup-refactor branch. This completely breaks existing installations;	182	"""Creates a new user's jail space, in the jail directory as configured in
	183	conf.py.
	184
	185	This only creates things within /home - everything else is expected to be
	186	part of another UnionFS branch.
	187
	188	Returns the path to the user's home directory.
	189
	190	Chowns the user's directory within the jail to the given UID.
	191
	192	force: If false, exception if jail already exists for this user.
	193	If true (default), overwrites it, but preserves home directory.
	194	"""
	195	# MUST run as root or some of this may fail
	196	if os.getuid() != 0:
	197	raise Exception("Must run make_jail as root")
	198
	199	# tempdir is for putting backup homes in
	200	tempdir = os.path.join(ivle.conf.jail_base, '__temp__')
	201	if not os.path.exists(tempdir):
	202	os.makedirs(tempdir)
	203	elif not os.path.isdir(tempdir):
	204	os.unlink(tempdir)
	205	os.mkdir(tempdir)
1080.1.19 by me at id ivle.makeuser.make_jail: Just take an ivle.database.User, rather than some	206	userdir = os.path.join(ivle.conf.jail_src_base, user.login)
1079 by William Grant Merge setup-refactor branch. This completely breaks existing installations;	207	homedir = os.path.join(userdir, 'home')
1080.1.19 by me at id ivle.makeuser.make_jail: Just take an ivle.database.User, rather than some	208	userhomedir = os.path.join(homedir, user.login) # Return value
1079 by William Grant Merge setup-refactor branch. This completely breaks existing installations;	209
	210	if os.path.exists(userdir):
	211	if not force:
	212	raise Exception("User's jail already exists")
	213	# User jail already exists. Blow it away but preserve their home
	214	# directory. It should be all that is there anyway, but you never
	215	# know!
	216	# Ignore warnings about the use of tmpnam
	217	warnings.simplefilter('ignore')
	218	homebackup = os.tempnam(tempdir)
	219	warnings.resetwarnings()
	220	# Note: shutil.move does not behave like "mv" - it does not put a file
	221	# into a directory if it already exists, just fails. Therefore it is
	222	# not susceptible to tmpnam symlink attack.
	223	shutil.move(homedir, homebackup)
	224	shutil.rmtree(userdir)
	225	os.makedirs(homedir)
	226	shutil.move(homebackup, homedir)
	227	# Change the ownership of all the files to the right unixid
	228	logging.debug("chown %s's home directory files to uid %d"
1080.1.19 by me at id ivle.makeuser.make_jail: Just take an ivle.database.User, rather than some	229	%(user.login, user.unixid))
	230	os.chown(userhomedir, user.unixid, user.unixid)
1079 by William Grant Merge setup-refactor branch. This completely breaks existing installations;	231	for root, dirs, files in os.walk(userhomedir):
	232	for fsobj in dirs + files:
1080.1.19 by me at id ivle.makeuser.make_jail: Just take an ivle.database.User, rather than some	233	os.chown(os.path.join(root, fsobj), user.unixid, user.unixid)
1079 by William Grant Merge setup-refactor branch. This completely breaks existing installations;	234	else:
	235	# No user jail exists
	236	# Set up the user's home directory
	237	os.makedirs(userhomedir)
	238	# Chown (and set the GID to the same as the UID).
1080.1.19 by me at id ivle.makeuser.make_jail: Just take an ivle.database.User, rather than some	239	os.chown(userhomedir, user.unixid, user.unixid)
1079 by William Grant Merge setup-refactor branch. This completely breaks existing installations;	240	# Chmod to rwxr-xr-x (755)
	241	os.chmod(userhomedir, 0755)
	242
1092.1.1 by William Grant [Uber-commit of holiday work because I lacked a local copy of the branch.]	243	make_conf_py(user.login, userdir, user.svn_pass)
1080.1.19 by me at id ivle.makeuser.make_jail: Just take an ivle.database.User, rather than some	244	make_etc_passwd(user.login, userdir, ivle.conf.jail_system, user.unixid)
1079 by William Grant Merge setup-refactor branch. This completely breaks existing installations;	245
	246	return userhomedir
	247
1092.1.1 by William Grant [Uber-commit of holiday work because I lacked a local copy of the branch.]	248	def make_conf_py(username, user_jail_dir, svn_pass):
1079 by William Grant Merge setup-refactor branch. This completely breaks existing installations;	249	"""
	250	Creates (overwriting any existing file, and creating directories) a
	251	file ${python_site_packages}/ivle/conf/conf.py in a given user's jail.
	252	username: Username.
	253	user_jail_dir: User's jail dir, ie. ivle.conf.jail_base + username
1092.1.1 by William Grant [Uber-commit of holiday work because I lacked a local copy of the branch.]	254	svn_pass: User's SVN password.
1079 by William Grant Merge setup-refactor branch. This completely breaks existing installations;	255	"""
	256	conf_path = os.path.join(user_jail_dir,
	257	ivle.conf.python_site_packages[1:], "ivle/conf/conf.py")
	258	os.makedirs(os.path.dirname(conf_path))
	259
1092.1.1 by William Grant [Uber-commit of holiday work because I lacked a local copy of the branch.]	260	# In the "in-jail" version of conf, we don't need MOST of the details
	261	# (it would be a security risk to have them here).
	262	# So we just write root_dir, and jail_base is "/".
	263	# (jail_base being "/" means "jail-relative" paths are relative to "/"
	264	# when inside the jail.)
1079 by William Grant Merge setup-refactor branch. This completely breaks existing installations;	265
1092.1.1 by William Grant [Uber-commit of holiday work because I lacked a local copy of the branch.]	266	# XXX: jail_base is wrong and shouldn't be here. Unfortunately, jail code
	267	# uses ivle.studpath.url_to_{local,jailpaths}, both of which use
	268	# jail_base. Note that they don't use the bits of the return value
	269	# that depend on jail_base, so it can be any string.
1079 by William Grant Merge setup-refactor branch. This completely breaks existing installations;	270	conf_file = open(conf_path, "w")
1092.1.1 by William Grant [Uber-commit of holiday work because I lacked a local copy of the branch.]	271	conf_file.write("""# IVLE jail configuration
	272
	273	# In URL space, where in the site is IVLE located. (All URLs will be prefixed
	274	# with this).
	275	# eg. "/" or "/ivle".
	276	root_dir = %(root_dir)r
	277
	278	# This value is not relevant inside the jail, but must remain for now. See
	279	# the XXX in ivle.makeuser.make_conf_py.
	280	jail_base = '/'
	281
	282	# The hostname for serving publicly accessible pages
	283	public_host = %(public_host)r
	284
	285	# The URL under which the Subversion repositories are located.
	286	svn_addr = %(svn_addr)r
	287
	288	# The login name for the owner of the jail
	289	login = %(username)r
	290
	291	# The subversion-only password for the owner of the jail
	292	svn_pass = %(svn_pass)r
	293	""" % {'root_dir': ivle.conf.root_dir,
	294	'public_host': ivle.conf.public_host,
	295	'svn_addr': ivle.conf.svn_addr,
	296	'username': username,
	297	'svn_pass': svn_pass,
	298	})
1079 by William Grant Merge setup-refactor branch. This completely breaks existing installations;	299	conf_file.close()
	300
	301	# Make this file world-readable
	302	# (chmod 644 conf_path)
	303	os.chmod(conf_path, stat.S_IRUSR \| stat.S_IWUSR \| stat.S_IRGRP
	304	\| stat.S_IROTH)
	305
	306	def make_etc_passwd(username, user_jail_dir, template_dir, unixid):
	307	"""
	308	Creates /etc/passwd in the given user's jail. This will be identical to
	309	that in the template jail, except for the added entry for this user.
	310	"""
	311	template_passwd_path = os.path.join(template_dir, "etc/passwd")
	312	passwd_path = os.path.join(user_jail_dir, "etc/passwd")
	313	passwd_dir = os.path.dirname(passwd_path)
	314	if not os.path.exists(passwd_dir):
	315	os.makedirs(passwd_dir)
	316	shutil.copy(template_passwd_path, passwd_path)
	317	passwd_file = open(passwd_path, 'a')
	318	passwd_file.write('%s:x:%d:%d::/home/%s:/bin/bash'
	319	% (username, unixid, unixid, username))
	320	passwd_file.close()
	321
	322	def mount_jail(login):
	323	# This is where we'll mount to...
	324	destdir = os.path.join(ivle.conf.jail_base, login)
	325	# ... and this is where we'll get the user bits.
	326	srcdir = os.path.join(ivle.conf.jail_src_base, login)
	327	try:
	328	if not os.path.exists(destdir):
	329	os.mkdir(destdir)
	330	if os.system('/bin/mount -t aufs -o dirs=%s:%s=ro none %s'
	331	% (srcdir, ivle.conf.jail_system, destdir)) == 0:
	332	logging.info("mounted user %s's jail." % login)
	333	else:
	334	logging.error("failed to mount user %s's jail!" % login)
	335	except Exception, message:
	336	logging.warning(str(message))