1079
by William Grant
Merge setup-refactor branch. This completely breaks existing installations; |
1 |
# IVLE - Informatics Virtual Learning Environment
|
1240
by William Grant
Remove a couple of unused functions from ivle.makeuser, and clean up docstrings |
2 |
# Copyright (C) 2007-2009 The University of Melbourne
|
1079
by William Grant
Merge setup-refactor branch. This completely breaks existing installations; |
3 |
#
|
4 |
# This program is free software; you can redistribute it and/or modify
|
|
5 |
# it under the terms of the GNU General Public License as published by
|
|
6 |
# the Free Software Foundation; either version 2 of the License, or
|
|
7 |
# (at your option) any later version.
|
|
8 |
#
|
|
9 |
# This program is distributed in the hope that it will be useful,
|
|
10 |
# but WITHOUT ANY WARRANTY; without even the implied warranty of
|
|
11 |
# MERCHANTABILITY or FITNESS FOR A PARTICULAR PURPOSE. See the
|
|
12 |
# GNU General Public License for more details.
|
|
13 |
#
|
|
14 |
# You should have received a copy of the GNU General Public License
|
|
15 |
# along with this program; if not, write to the Free Software
|
|
16 |
# Foundation, Inc., 51 Franklin St, Fifth Floor, Boston, MA 02110-1301 USA
|
|
17 |
||
1240
by William Grant
Remove a couple of unused functions from ivle.makeuser, and clean up docstrings |
18 |
"""User and group filesystem management helpers."""
|
1079
by William Grant
Merge setup-refactor branch. This completely breaks existing installations; |
19 |
|
1197
by Matt Giuca
ivle.chat, ivle.database, ivle.makeuser: Replaced use of md5 library with |
20 |
import hashlib |
1079
by William Grant
Merge setup-refactor branch. This completely breaks existing installations; |
21 |
import os |
22 |
import stat |
|
23 |
import shutil |
|
24 |
import time |
|
25 |
import uuid |
|
26 |
import warnings |
|
27 |
import logging |
|
1239
by William Grant
Replace some of ivle.makeuser's os.system calls with subprocess.call. |
28 |
import subprocess |
1079
by William Grant
Merge setup-refactor branch. This completely breaks existing installations; |
29 |
|
1165.5.2
by William Grant
Give tutors and lecturers access to individual submissions in their offerings. |
30 |
from storm.expr import Select, Max |
31 |
||
1242
by William Grant
Use some multiline strings to make ivle.makeuser prettier. |
32 |
import ivle.config |
1165.5.2
by William Grant
Give tutors and lecturers access to individual submissions in their offerings. |
33 |
from ivle.database import (User, ProjectGroup, Assessed, ProjectSubmission, |
1165.5.5
by William Grant
Implement group submission ACLs. |
34 |
Project, ProjectSet, Offering, Enrolment, Subject, Semester) |
1080.1.44
by William Grant
ivle.makeuser: Port rebuild_svn_group_config() to Storm. |
35 |
|
1079
by William Grant
Merge setup-refactor branch. This completely breaks existing installations; |
36 |
def chown_to_webserver(filename): |
1239
by William Grant
Replace some of ivle.makeuser's os.system calls with subprocess.call. |
37 |
"""chown a directory and its contents to the web server.
|
38 |
||
39 |
Recursively chowns a file or directory so the web server user owns it.
|
|
1079
by William Grant
Merge setup-refactor branch. This completely breaks existing installations; |
40 |
Assumes root.
|
41 |
"""
|
|
1239
by William Grant
Replace some of ivle.makeuser's os.system calls with subprocess.call. |
42 |
subprocess.call(['chown', '-R', 'www-data:www-data', filename]) |
1079
by William Grant
Merge setup-refactor branch. This completely breaks existing installations; |
43 |
|
44 |
def make_svn_repo(path, throw_on_error=True): |
|
1239
by William Grant
Replace some of ivle.makeuser's os.system calls with subprocess.call. |
45 |
"""Create a Subversion repository at the given path."""
|
1079
by William Grant
Merge setup-refactor branch. This completely breaks existing installations; |
46 |
try: |
1239
by William Grant
Replace some of ivle.makeuser's os.system calls with subprocess.call. |
47 |
res = subprocess.call(['svnadmin', 'create', path]) |
1079
by William Grant
Merge setup-refactor branch. This completely breaks existing installations; |
48 |
if res != 0 and throw_on_error: |
49 |
raise Exception("Cannot create repository: %s" % path) |
|
50 |
except Exception, exc: |
|
51 |
print repr(exc) |
|
52 |
if throw_on_error: |
|
53 |
raise
|
|
54 |
||
55 |
chown_to_webserver(path) |
|
56 |
||
1229
by Matt Giuca
ivle.makeuser: rebuild_svn_config and rebuild_svn_group_config now require a |
57 |
def rebuild_svn_config(store, config): |
1079
by William Grant
Merge setup-refactor branch. This completely breaks existing installations; |
58 |
"""Build the complete SVN configuration file.
|
1240
by William Grant
Remove a couple of unused functions from ivle.makeuser, and clean up docstrings |
59 |
|
1229
by Matt Giuca
ivle.makeuser: rebuild_svn_config and rebuild_svn_group_config now require a |
60 |
@param config: An ivle.config.Config object.
|
1079
by William Grant
Merge setup-refactor branch. This completely breaks existing installations; |
61 |
"""
|
1242
by William Grant
Use some multiline strings to make ivle.makeuser prettier. |
62 |
users = store.find(User) |
1229
by Matt Giuca
ivle.makeuser: rebuild_svn_config and rebuild_svn_group_config now require a |
63 |
conf_name = config['paths']['svn']['conf'] |
64 |
temp_name = conf_name + ".new" |
|
65 |
f = open(temp_name, "w") |
|
1242
by William Grant
Use some multiline strings to make ivle.makeuser prettier. |
66 |
f.write("""\ |
67 |
# IVLE SVN repository authorisation configuration
|
|
68 |
# Generated: %(time)s |
|
69 |
""" % {'time': time.asctime()}) |
|
70 |
||
1079
by William Grant
Merge setup-refactor branch. This completely breaks existing installations; |
71 |
for u in users: |
1242
by William Grant
Use some multiline strings to make ivle.makeuser prettier. |
72 |
f.write(""" |
73 |
[%(login)s:/] |
|
74 |
%(login)s = rw |
|
1659
by Matt Giuca
ivle.makeuser: In rebuild_svn_[group_]config, encode strings being written out as UTF-8 so they don't fail explosively on non-ASCII characters. This allows submissions with non-ASCII filenames. Fixes Launchpad bug #524172. |
75 |
""" % {'login': u.login.encode('utf-8')}) |
1242
by William Grant
Use some multiline strings to make ivle.makeuser prettier. |
76 |
|
1165.5.2
by William Grant
Give tutors and lecturers access to individual submissions in their offerings. |
77 |
# Now we need to grant offering tutors and lecturers access to the latest
|
78 |
# submissions in their offerings. There are much prettier ways to do this,
|
|
79 |
# but a lot of browser requests call this function, so it needs to be
|
|
80 |
# fast. We can grab all of the paths needing authorisation directives with
|
|
81 |
# a single query, and we cache the list of viewers for each offering.
|
|
82 |
offering_viewers_cache = {} |
|
83 |
for (login, psid, pspath, offeringid) in store.find( |
|
84 |
(User.login, ProjectSubmission.id, ProjectSubmission.path, |
|
85 |
Offering.id), |
|
86 |
Assessed.id == ProjectSubmission.assessed_id, |
|
87 |
User.id == Assessed.user_id, |
|
88 |
Project.id == Assessed.project_id, |
|
89 |
ProjectSet.id == Project.project_set_id, |
|
1798
by David Coles
Fix typo in rebuild_svn_config that caused Storm query to return limited or no |
90 |
Offering.id == ProjectSet.offering_id, |
1165.5.2
by William Grant
Give tutors and lecturers access to individual submissions in their offerings. |
91 |
ProjectSubmission.date_submitted == Select( |
92 |
Max(ProjectSubmission.date_submitted), |
|
93 |
ProjectSubmission.assessed_id == Assessed.id, |
|
94 |
tables=ProjectSubmission |
|
95 |
)
|
|
96 |
):
|
|
97 |
||
98 |
# Do we already have the list of logins authorised for this offering
|
|
99 |
# cached? If not, get it.
|
|
100 |
if offeringid not in offering_viewers_cache: |
|
101 |
offering_viewers_cache[offeringid] = list(store.find( |
|
102 |
User.login, |
|
103 |
User.id == Enrolment.user_id, |
|
104 |
Enrolment.offering_id == offeringid, |
|
1564
by William Grant
Restrict some queries to active enrolments. |
105 |
Enrolment.role.is_in((u'tutor', u'lecturer')), |
106 |
Enrolment.active == True, |
|
1165.5.2
by William Grant
Give tutors and lecturers access to individual submissions in their offerings. |
107 |
)
|
108 |
)
|
|
109 |
||
110 |
f.write(""" |
|
111 |
# Submission %(id)d |
|
112 |
[%(login)s:%(path)s] |
|
1659
by Matt Giuca
ivle.makeuser: In rebuild_svn_[group_]config, encode strings being written out as UTF-8 so they don't fail explosively on non-ASCII characters. This allows submissions with non-ASCII filenames. Fixes Launchpad bug #524172. |
113 |
""" % {'login': login.encode('utf-8'), 'id': psid, |
114 |
'path': pspath.encode('utf-8')}) |
|
1165.5.2
by William Grant
Give tutors and lecturers access to individual submissions in their offerings. |
115 |
|
116 |
for viewer_login in offering_viewers_cache[offeringid]: |
|
1165.5.3
by William Grant
Avoid clobbering the submission owner's privileges if they have offering privs. |
117 |
# We don't want to override the owner's write privilege,
|
118 |
# so we don't add them to the read-only ACL.
|
|
119 |
if login != viewer_login: |
|
1659
by Matt Giuca
ivle.makeuser: In rebuild_svn_[group_]config, encode strings being written out as UTF-8 so they don't fail explosively on non-ASCII characters. This allows submissions with non-ASCII filenames. Fixes Launchpad bug #524172. |
120 |
f.write("%s = r\n" % viewer_login.encode('utf-8')) |
1165.5.2
by William Grant
Give tutors and lecturers access to individual submissions in their offerings. |
121 |
|
1079
by William Grant
Merge setup-refactor branch. This completely breaks existing installations; |
122 |
f.close() |
1229
by Matt Giuca
ivle.makeuser: rebuild_svn_config and rebuild_svn_group_config now require a |
123 |
os.rename(temp_name, conf_name) |
124 |
chown_to_webserver(conf_name) |
|
1079
by William Grant
Merge setup-refactor branch. This completely breaks existing installations; |
125 |
|
1229
by Matt Giuca
ivle.makeuser: rebuild_svn_config and rebuild_svn_group_config now require a |
126 |
def rebuild_svn_group_config(store, config): |
1079
by William Grant
Merge setup-refactor branch. This completely breaks existing installations; |
127 |
"""Build the complete SVN configuration file for groups
|
1240
by William Grant
Remove a couple of unused functions from ivle.makeuser, and clean up docstrings |
128 |
|
1229
by Matt Giuca
ivle.makeuser: rebuild_svn_config and rebuild_svn_group_config now require a |
129 |
@param config: An ivle.config.Config object.
|
1079
by William Grant
Merge setup-refactor branch. This completely breaks existing installations; |
130 |
"""
|
1229
by Matt Giuca
ivle.makeuser: rebuild_svn_config and rebuild_svn_group_config now require a |
131 |
conf_name = config['paths']['svn']['group_conf'] |
132 |
temp_name = conf_name + ".new" |
|
133 |
f = open(temp_name, "w") |
|
1242
by William Grant
Use some multiline strings to make ivle.makeuser prettier. |
134 |
|
135 |
f.write("""\ |
|
136 |
# IVLE SVN group repository authorisation configuration
|
|
137 |
# Generated: %(time)s |
|
138 |
||
139 |
""" % {'time': time.asctime()}) |
|
140 |
||
1165.5.6
by William Grant
Exclude group members from the SVN submission grants, to avoid revoking write access. |
141 |
group_members_cache = {} |
1080.1.44
by William Grant
ivle.makeuser: Port rebuild_svn_group_config() to Storm. |
142 |
for group in store.find(ProjectGroup): |
143 |
offering = group.project_set.offering |
|
144 |
reponame = "_".join([offering.subject.short_name, |
|
145 |
offering.semester.year, |
|
146 |
offering.semester.semester, |
|
147 |
group.name]) |
|
1242
by William Grant
Use some multiline strings to make ivle.makeuser prettier. |
148 |
|
1659
by Matt Giuca
ivle.makeuser: In rebuild_svn_[group_]config, encode strings being written out as UTF-8 so they don't fail explosively on non-ASCII characters. This allows submissions with non-ASCII filenames. Fixes Launchpad bug #524172. |
149 |
f.write("[%s:/]\n" % reponame.encode('utf-8')) |
1165.5.6
by William Grant
Exclude group members from the SVN submission grants, to avoid revoking write access. |
150 |
if group.id not in group_members_cache: |
151 |
group_members_cache[group.id] = set() |
|
1080.1.44
by William Grant
ivle.makeuser: Port rebuild_svn_group_config() to Storm. |
152 |
for user in group.members: |
1165.5.6
by William Grant
Exclude group members from the SVN submission grants, to avoid revoking write access. |
153 |
group_members_cache[group.id].add(user.login) |
1659
by Matt Giuca
ivle.makeuser: In rebuild_svn_[group_]config, encode strings being written out as UTF-8 so they don't fail explosively on non-ASCII characters. This allows submissions with non-ASCII filenames. Fixes Launchpad bug #524172. |
154 |
f.write("%s = rw\n" % user.login.encode('utf-8')) |
1079
by William Grant
Merge setup-refactor branch. This completely breaks existing installations; |
155 |
f.write("\n") |
1242
by William Grant
Use some multiline strings to make ivle.makeuser prettier. |
156 |
|
1165.5.5
by William Grant
Implement group submission ACLs. |
157 |
# Now we need to grant offering tutors and lecturers access to the latest
|
158 |
# submissions in their offerings. There are much prettier ways to do this,
|
|
159 |
# but a lot of browser requests call this function, so it needs to be
|
|
160 |
# fast. We can grab all of the paths needing authorisation directives with
|
|
161 |
# a single query, and we cache the list of viewers for each offering.
|
|
162 |
offering_viewers_cache = {} |
|
1165.5.6
by William Grant
Exclude group members from the SVN submission grants, to avoid revoking write access. |
163 |
for (ssn, year, sem, name, psid, pspath, gid, offeringid) in store.find( |
1165.5.5
by William Grant
Implement group submission ACLs. |
164 |
(Subject.short_name, Semester.year, Semester.semester, |
165 |
ProjectGroup.name, ProjectSubmission.id, ProjectSubmission.path, |
|
1165.5.6
by William Grant
Exclude group members from the SVN submission grants, to avoid revoking write access. |
166 |
ProjectGroup.id, Offering.id), |
1165.5.5
by William Grant
Implement group submission ACLs. |
167 |
Assessed.id == ProjectSubmission.assessed_id, |
168 |
ProjectGroup.id == Assessed.project_group_id, |
|
169 |
Project.id == Assessed.project_id, |
|
170 |
ProjectSet.id == Project.project_set_id, |
|
171 |
Offering.id == ProjectSet.offering_id, |
|
172 |
Subject.id == Offering.subject_id, |
|
173 |
Semester.id == Offering.semester_id, |
|
174 |
ProjectSubmission.date_submitted == Select( |
|
175 |
Max(ProjectSubmission.date_submitted), |
|
176 |
ProjectSubmission.assessed_id == Assessed.id, |
|
177 |
tables=ProjectSubmission |
|
178 |
)
|
|
179 |
):
|
|
180 |
||
181 |
reponame = "_".join([ssn, year, sem, name]) |
|
182 |
||
183 |
# Do we already have the list of logins authorised for this offering
|
|
184 |
# cached? If not, get it.
|
|
185 |
if offeringid not in offering_viewers_cache: |
|
186 |
offering_viewers_cache[offeringid] = list(store.find( |
|
187 |
User.login, |
|
188 |
User.id == Enrolment.user_id, |
|
189 |
Enrolment.offering_id == offeringid, |
|
1564
by William Grant
Restrict some queries to active enrolments. |
190 |
Enrolment.role.is_in((u'tutor', u'lecturer')), |
191 |
Enrolment.active == True, |
|
1165.5.5
by William Grant
Implement group submission ACLs. |
192 |
)
|
193 |
)
|
|
194 |
||
195 |
f.write(""" |
|
196 |
# Submission %(id)d |
|
197 |
[%(repo)s:%(path)s] |
|
1659
by Matt Giuca
ivle.makeuser: In rebuild_svn_[group_]config, encode strings being written out as UTF-8 so they don't fail explosively on non-ASCII characters. This allows submissions with non-ASCII filenames. Fixes Launchpad bug #524172. |
198 |
""" % {'repo': reponame.encode('utf-8'), 'id': psid, |
199 |
'path': pspath.encode('utf-8')}) |
|
1165.5.5
by William Grant
Implement group submission ACLs. |
200 |
|
201 |
for viewer_login in offering_viewers_cache[offeringid]: |
|
1165.5.6
by William Grant
Exclude group members from the SVN submission grants, to avoid revoking write access. |
202 |
# Skip existing group members, or they can't write to it any more.
|
203 |
if viewer_login not in group_members_cache[gid]: |
|
204 |
f.write("%s = r\n" % viewer_login) |
|
1165.5.5
by William Grant
Implement group submission ACLs. |
205 |
|
1079
by William Grant
Merge setup-refactor branch. This completely breaks existing installations; |
206 |
f.close() |
1229
by Matt Giuca
ivle.makeuser: rebuild_svn_config and rebuild_svn_group_config now require a |
207 |
os.rename(temp_name, conf_name) |
208 |
chown_to_webserver(conf_name) |
|
1079
by William Grant
Merge setup-refactor branch. This completely breaks existing installations; |
209 |
|
1230
by Matt Giuca
ivle.makeuser: make_svn_auth now requires a config argument. |
210 |
def make_svn_auth(store, login, config, throw_on_error=True): |
1240
by William Grant
Remove a couple of unused functions from ivle.makeuser, and clean up docstrings |
211 |
"""Create a Subversion password for a user.
|
212 |
||
213 |
Generates a new random Subversion password, and assigns it to the user.
|
|
214 |
The password is added to Apache's Subversion authentication file.
|
|
1079
by William Grant
Merge setup-refactor branch. This completely breaks existing installations; |
215 |
"""
|
1230
by Matt Giuca
ivle.makeuser: make_svn_auth now requires a config argument. |
216 |
# filename is, eg, /var/lib/ivle/svn/ivle.auth
|
217 |
filename = config['paths']['svn']['auth_ivle'] |
|
218 |
if os.path.exists(filename): |
|
1079
by William Grant
Merge setup-refactor branch. This completely breaks existing installations; |
219 |
create = "" |
220 |
else: |
|
221 |
create = "c" |
|
222 |
||
1242
by William Grant
Use some multiline strings to make ivle.makeuser prettier. |
223 |
user = User.get_by_login(store, login) |
1352
by William Grant
make_svn_auth now only generates a new password if none is already known by the DB. |
224 |
|
225 |
if user.svn_pass is None: |
|
226 |
passwd = hashlib.md5(uuid.uuid4().bytes).hexdigest() |
|
227 |
user.svn_pass = unicode(passwd) |
|
1079
by William Grant
Merge setup-refactor branch. This completely breaks existing installations; |
228 |
|
1240
by William Grant
Remove a couple of unused functions from ivle.makeuser, and clean up docstrings |
229 |
res = subprocess.call(['htpasswd', '-%smb' % create, |
1352
by William Grant
make_svn_auth now only generates a new password if none is already known by the DB. |
230 |
filename, login, user.svn_pass]) |
1079
by William Grant
Merge setup-refactor branch. This completely breaks existing installations; |
231 |
if res != 0 and throw_on_error: |
232 |
raise Exception("Unable to create ivle-auth for %s" % login) |
|
233 |
||
234 |
# Make sure the file is owned by the web server
|
|
235 |
if create == "c": |
|
1230
by Matt Giuca
ivle.makeuser: make_svn_auth now requires a config argument. |
236 |
chown_to_webserver(filename) |
1079
by William Grant
Merge setup-refactor branch. This completely breaks existing installations; |
237 |
|
1352
by William Grant
make_svn_auth now only generates a new password if none is already known by the DB. |
238 |
return user.svn_pass |
1079
by William Grant
Merge setup-refactor branch. This completely breaks existing installations; |
239 |
|
1231
by Matt Giuca
ivle.makeuser: make_jail now requires a config argument. |
240 |
def make_jail(user, config, force=True): |
1240
by William Grant
Remove a couple of unused functions from ivle.makeuser, and clean up docstrings |
241 |
"""Create or update a user's jail.
|
1079
by William Grant
Merge setup-refactor branch. This completely breaks existing installations; |
242 |
|
1240
by William Grant
Remove a couple of unused functions from ivle.makeuser, and clean up docstrings |
243 |
Only the user-specific parts of the jail are created here - everything
|
244 |
else is expected to be part of another aufs branch.
|
|
1079
by William Grant
Merge setup-refactor branch. This completely breaks existing installations; |
245 |
|
246 |
Returns the path to the user's home directory.
|
|
247 |
||
248 |
Chowns the user's directory within the jail to the given UID.
|
|
249 |
||
1240
by William Grant
Remove a couple of unused functions from ivle.makeuser, and clean up docstrings |
250 |
@param force: If False, raise an exception if the user already has a jail.
|
251 |
If True (default), rebuild the jail preserving /home.
|
|
1079
by William Grant
Merge setup-refactor branch. This completely breaks existing installations; |
252 |
"""
|
253 |
# MUST run as root or some of this may fail
|
|
254 |
if os.getuid() != 0: |
|
255 |
raise Exception("Must run make_jail as root") |
|
256 |
||
257 |
# tempdir is for putting backup homes in
|
|
1231
by Matt Giuca
ivle.makeuser: make_jail now requires a config argument. |
258 |
jail_src_base = config['paths']['jails']['src'] |
259 |
tempdir = os.path.join(jail_src_base, '__temp__') |
|
1079
by William Grant
Merge setup-refactor branch. This completely breaks existing installations; |
260 |
if not os.path.exists(tempdir): |
261 |
os.makedirs(tempdir) |
|
262 |
elif not os.path.isdir(tempdir): |
|
263 |
os.unlink(tempdir) |
|
264 |
os.mkdir(tempdir) |
|
1231
by Matt Giuca
ivle.makeuser: make_jail now requires a config argument. |
265 |
userdir = os.path.join(jail_src_base, user.login) |
1079
by William Grant
Merge setup-refactor branch. This completely breaks existing installations; |
266 |
homedir = os.path.join(userdir, 'home') |
1281.1.4
by William Grant
ivle.makeuser.make_jail creates an appropriate /tmp. |
267 |
tmpdir = os.path.join(userdir, 'tmp') |
1080.1.19
by me at id
ivle.makeuser.make_jail: Just take an ivle.database.User, rather than some |
268 |
userhomedir = os.path.join(homedir, user.login) # Return value |
1079
by William Grant
Merge setup-refactor branch. This completely breaks existing installations; |
269 |
|
270 |
if os.path.exists(userdir): |
|
271 |
if not force: |
|
272 |
raise Exception("User's jail already exists") |
|
273 |
# User jail already exists. Blow it away but preserve their home
|
|
274 |
# directory. It should be all that is there anyway, but you never
|
|
275 |
# know!
|
|
1421
by Matt Giuca
Minor comment fix. |
276 |
# Ignore warnings about the use of tempnam
|
1079
by William Grant
Merge setup-refactor branch. This completely breaks existing installations; |
277 |
warnings.simplefilter('ignore') |
278 |
homebackup = os.tempnam(tempdir) |
|
279 |
warnings.resetwarnings() |
|
1186
by Matt Giuca
ivle.makeuser: Fixed odd code which would create the home directory, then |
280 |
# Back up the /home directory, delete the entire jail, recreate the
|
281 |
# jail directory tree, then copy the /home back
|
|
282 |
# NOTE that shutil.move changed in Python 2.6, it now moves a
|
|
283 |
# directory INTO the target (like `mv`), which it didn't use to do.
|
|
284 |
# This code works regardless.
|
|
1281.1.3
by William Grant
ivle.makeuser.make_jail now builds a new-style jail. |
285 |
shutil.move(userhomedir, homebackup) |
1079
by William Grant
Merge setup-refactor branch. This completely breaks existing installations; |
286 |
shutil.rmtree(userdir) |
1281.1.3
by William Grant
ivle.makeuser.make_jail now builds a new-style jail. |
287 |
os.makedirs(homedir) |
288 |
shutil.move(homebackup, userhomedir) |
|
1079
by William Grant
Merge setup-refactor branch. This completely breaks existing installations; |
289 |
# Change the ownership of all the files to the right unixid
|
290 |
logging.debug("chown %s's home directory files to uid %d" |
|
1080.1.19
by me at id
ivle.makeuser.make_jail: Just take an ivle.database.User, rather than some |
291 |
%(user.login, user.unixid)) |
1114
by William Grant
ivle.makeuser.make_jail() no longer uses os.walk() to recursively set |
292 |
os.spawnvp(os.P_WAIT, 'chown', ['chown', '-R', '%d:%d' % (user.unixid, |
293 |
user.unixid), userhomedir]) |
|
1079
by William Grant
Merge setup-refactor branch. This completely breaks existing installations; |
294 |
else: |
295 |
# No user jail exists
|
|
296 |
# Set up the user's home directory
|
|
297 |
os.makedirs(userhomedir) |
|
298 |
# Chown (and set the GID to the same as the UID).
|
|
1080.1.19
by me at id
ivle.makeuser.make_jail: Just take an ivle.database.User, rather than some |
299 |
os.chown(userhomedir, user.unixid, user.unixid) |
1079
by William Grant
Merge setup-refactor branch. This completely breaks existing installations; |
300 |
# Chmod to rwxr-xr-x (755)
|
301 |
os.chmod(userhomedir, 0755) |
|
302 |
||
1232
by Matt Giuca
ivle.makeuser: make_ivle_conf now requires a config argument. |
303 |
make_ivle_conf(user.login, userdir, user.svn_pass, config) |
1231
by Matt Giuca
ivle.makeuser: make_jail now requires a config argument. |
304 |
make_etc_passwd(user.login, userdir, config['paths']['jails']['template'], |
305 |
user.unixid) |
|
1281.1.4
by William Grant
ivle.makeuser.make_jail creates an appropriate /tmp. |
306 |
os.makedirs(tmpdir) |
307 |
os.chmod(tmpdir, 01777) |
|
1079
by William Grant
Merge setup-refactor branch. This completely breaks existing installations; |
308 |
|
309 |
return userhomedir |
|
310 |
||
1232
by Matt Giuca
ivle.makeuser: make_ivle_conf now requires a config argument. |
311 |
def make_ivle_conf(username, user_jail_dir, svn_pass, sys_config): |
1240
by William Grant
Remove a couple of unused functions from ivle.makeuser, and clean up docstrings |
312 |
"""Generate an ivle.conf for a user's jail.
|
313 |
||
1079
by William Grant
Merge setup-refactor branch. This completely breaks existing installations; |
314 |
Creates (overwriting any existing file, and creating directories) a
|
1187
by Matt Giuca
Stopped clobbering conf.py within the jail, using a proper ivle.conf instead. |
315 |
file /etc/ivle/ivle.conf in a given user's jail.
|
1240
by William Grant
Remove a couple of unused functions from ivle.makeuser, and clean up docstrings |
316 |
|
1232
by Matt Giuca
ivle.makeuser: make_ivle_conf now requires a config argument. |
317 |
@param username: Username.
|
1236
by Matt Giuca
Fixed docstring in makeuser (don't refer to ivle.conf). |
318 |
@param user_jail_dir: User's jail dir, ie. ['jails']['src'] + username
|
1232
by Matt Giuca
ivle.makeuser: make_ivle_conf now requires a config argument. |
319 |
@param svn_pass: User's SVN password.
|
320 |
@param sys_config: An ivle.config.Config object (the system-wide config).
|
|
1079
by William Grant
Merge setup-refactor branch. This completely breaks existing installations; |
321 |
"""
|
1281.1.3
by William Grant
ivle.makeuser.make_jail now builds a new-style jail. |
322 |
conf_path = os.path.join(user_jail_dir, "home/.ivle.conf") |
323 |
if not os.path.exists(os.path.dirname(conf_path)): |
|
324 |
os.makedirs(os.path.dirname(conf_path)) |
|
1079
by William Grant
Merge setup-refactor branch. This completely breaks existing installations; |
325 |
|
1092.1.1
by William Grant
[Uber-commit of holiday work because I lacked a local copy of the branch.] |
326 |
# In the "in-jail" version of conf, we don't need MOST of the details
|
327 |
# (it would be a security risk to have them here).
|
|
1187
by Matt Giuca
Stopped clobbering conf.py within the jail, using a proper ivle.conf instead. |
328 |
# So we just write root_dir.
|
329 |
conf_obj = ivle.config.Config(blank=True) |
|
330 |
conf_obj.filename = conf_path |
|
1624
by William Grant
Manually initialise the sections when creating an in-jail ivle.conf, since configobj 4.7.0 doesn't do it for us. |
331 |
conf_obj['urls'] = {} |
1232
by Matt Giuca
ivle.makeuser: make_ivle_conf now requires a config argument. |
332 |
conf_obj['urls']['root'] = sys_config['urls']['root'] |
333 |
conf_obj['urls']['public_host'] = sys_config['urls']['public_host'] |
|
334 |
conf_obj['urls']['svn_addr'] = sys_config['urls']['svn_addr'] |
|
1624
by William Grant
Manually initialise the sections when creating an in-jail ivle.conf, since configobj 4.7.0 doesn't do it for us. |
335 |
conf_obj['user_info'] = {} |
1187
by Matt Giuca
Stopped clobbering conf.py within the jail, using a proper ivle.conf instead. |
336 |
conf_obj['user_info']['login'] = username |
337 |
conf_obj['user_info']['svn_pass'] = svn_pass |
|
338 |
conf_obj.write() |
|
1079
by William Grant
Merge setup-refactor branch. This completely breaks existing installations; |
339 |
|
340 |
# Make this file world-readable
|
|
341 |
# (chmod 644 conf_path)
|
|
342 |
os.chmod(conf_path, stat.S_IRUSR | stat.S_IWUSR | stat.S_IRGRP |
|
343 |
| stat.S_IROTH) |
|
344 |
||
345 |
def make_etc_passwd(username, user_jail_dir, template_dir, unixid): |
|
1240
by William Grant
Remove a couple of unused functions from ivle.makeuser, and clean up docstrings |
346 |
"""Create a passwd file for a user's jail.
|
347 |
||
1079
by William Grant
Merge setup-refactor branch. This completely breaks existing installations; |
348 |
Creates /etc/passwd in the given user's jail. This will be identical to
|
349 |
that in the template jail, except for the added entry for this user.
|
|
350 |
"""
|
|
1281.1.3
by William Grant
ivle.makeuser.make_jail now builds a new-style jail. |
351 |
template_passwd_path = os.path.join(template_dir, "home/.passwd") |
352 |
passwd_path = os.path.join(user_jail_dir, "home/.passwd") |
|
1079
by William Grant
Merge setup-refactor branch. This completely breaks existing installations; |
353 |
passwd_dir = os.path.dirname(passwd_path) |
354 |
if not os.path.exists(passwd_dir): |
|
355 |
os.makedirs(passwd_dir) |
|
356 |
shutil.copy(template_passwd_path, passwd_path) |
|
357 |
passwd_file = open(passwd_path, 'a') |
|
358 |
passwd_file.write('%s:x:%d:%d::/home/%s:/bin/bash' |
|
359 |
% (username, unixid, unixid, username)) |
|
360 |
passwd_file.close() |