440
by drtomc
usrmgt: move the usrmgt sever to a better place. |
1 |
#!/usr/bin/python
|
2 |
||
522
by drtomc
Add quite a lot of stuff to get usrmgt happening. |
3 |
import os |
4 |
import pysvn |
|
5 |
import subprocess |
|
440
by drtomc
usrmgt: move the usrmgt sever to a better place. |
6 |
import sys |
522
by drtomc
Add quite a lot of stuff to get usrmgt happening. |
7 |
import urllib |
8 |
from functools import partial |
|
440
by drtomc
usrmgt: move the usrmgt sever to a better place. |
9 |
|
522
by drtomc
Add quite a lot of stuff to get usrmgt happening. |
10 |
import conf |
473
by drtomc
usrmgt: progress the skeleton a bit further. |
11 |
import common.db |
440
by drtomc
usrmgt: move the usrmgt sever to a better place. |
12 |
import common.chat |
13 |
import common.makeuser |
|
522
by drtomc
Add quite a lot of stuff to get usrmgt happening. |
14 |
import common.studpath |
440
by drtomc
usrmgt: move the usrmgt sever to a better place. |
15 |
|
16 |
# usage:
|
|
17 |
# usrmgt-server <port> <magic>
|
|
18 |
||
452
by drtomc
usrmgt: checkpoint work on the usrmgt server. |
19 |
# User management operations:
|
20 |
# - Create local user
|
|
21 |
# - [Re]Create jail for a user
|
|
22 |
# - Create a svn repository for a user
|
|
23 |
# - create repository
|
|
24 |
# - svn config
|
|
25 |
# - svn auth
|
|
26 |
# - Checkout repository as home directory
|
|
27 |
# - /etc/passwd entry
|
|
28 |
# - Disable a user's account
|
|
29 |
# - Enable a user's account
|
|
30 |
# - Remove a user
|
|
31 |
# - Rebuild svn config
|
|
32 |
# - Rebuild svn auth file
|
|
33 |
# - Rebuild passwd + push to nodes.
|
|
34 |
||
35 |
||
440
by drtomc
usrmgt: move the usrmgt sever to a better place. |
36 |
def create_user(props): |
452
by drtomc
usrmgt: checkpoint work on the usrmgt server. |
37 |
"""Create the database record for the given user.
|
38 |
Expected properties:
|
|
39 |
username - used as a unix login name and svn repository name.
|
|
40 |
STRING REQUIRED
|
|
41 |
uid - the unix uid under which execution will take place
|
|
454
by drtomc
usrmgt-server: more work. |
42 |
on the behalf of the user. Don't use 0! If not specified
|
43 |
or None, one will be allocated from the configured
|
|
44 |
numeric range.
|
|
45 |
INT OPTIONAL
|
|
46 |
password - the clear-text password for the user. If this property is
|
|
47 |
absent or None, this is an indication that external
|
|
48 |
authentication should be used (i.e. LDAP).
|
|
452
by drtomc
usrmgt: checkpoint work on the usrmgt server. |
49 |
STRING OPTIONAL
|
464
by mattgiuca
usermgt-server: Added email. |
50 |
email - the user's email address.
|
51 |
STRING OPTIONAL
|
|
452
by drtomc
usrmgt: checkpoint work on the usrmgt server. |
52 |
nick - the display name to use.
|
53 |
STRING REQUIRED
|
|
54 |
fullname - The name of the user for results and/or other official
|
|
55 |
purposes.
|
|
56 |
STRING REQUIRED
|
|
57 |
rolenm - The user's role. Must be one of "anyone", "student",
|
|
58 |
"tutor", "lecturer", "admin".
|
|
59 |
STRING/ENUM REQUIRED
|
|
454
by drtomc
usrmgt-server: more work. |
60 |
studentid - If supplied and not None, the student id of the user for
|
452
by drtomc
usrmgt: checkpoint work on the usrmgt server. |
61 |
results and/or other official purposes.
|
62 |
STRING OPTIONAL
|
|
454
by drtomc
usrmgt-server: more work. |
63 |
Return Value: the uid associated with the user. INT
|
452
by drtomc
usrmgt: checkpoint work on the usrmgt server. |
64 |
"""
|
440
by drtomc
usrmgt: move the usrmgt sever to a better place. |
65 |
|
473
by drtomc
usrmgt: progress the skeleton a bit further. |
66 |
# FIXME: the IVLE server must check that an admin is doing this!
|
67 |
||
456
by drtomc
usrmgt-server: a bit more work. |
68 |
if 'uid' not in props or props['uid'] is None: |
464
by mattgiuca
usermgt-server: Added email. |
69 |
raise NotImplementedError, "No algorithm for creating uids yet!" |
454
by drtomc
usrmgt-server: more work. |
70 |
# uid = invent-uid
|
71 |
# props['uid'] = uid
|
|
440
by drtomc
usrmgt: move the usrmgt sever to a better place. |
72 |
|
464
by mattgiuca
usermgt-server: Added email. |
73 |
username = props['username'] |
74 |
uid = props['uid'] |
|
75 |
try: |
|
76 |
password = props['password'] |
|
77 |
except KeyError: |
|
78 |
password = None |
|
79 |
try: |
|
80 |
email = props['email'] |
|
81 |
except KeyError: |
|
82 |
email = None |
|
83 |
nick = props['nick'] |
|
84 |
fullname = props['fullname'] |
|
85 |
rolenm = props['rolenm'] |
|
86 |
try: |
|
87 |
studentid = props['studentid'] |
|
88 |
except KeyError: |
|
89 |
studentid = None |
|
90 |
common.makeuser.make_user_db(username, uid, password, email, nick, |
|
91 |
fullname, rolenm, studentid) |
|
440
by drtomc
usrmgt: move the usrmgt sever to a better place. |
92 |
|
464
by mattgiuca
usermgt-server: Added email. |
93 |
return uid |
454
by drtomc
usrmgt-server: more work. |
94 |
|
522
by drtomc
Add quite a lot of stuff to get usrmgt happening. |
95 |
def get_login(login, passwd, _realm, _login, _may_save): |
96 |
"""Callback function used by pysvn for authentication.
|
|
97 |
"""
|
|
98 |
# print >> sys.stderr, "Getting password for %s (realm %s)" % (login, _realm)
|
|
99 |
return (True, login, passwd, False) |
|
100 |
||
473
by drtomc
usrmgt: progress the skeleton a bit further. |
101 |
def activate_user(props): |
102 |
"""Create the on-disk stuff for the given user.
|
|
103 |
Sets the state of the user in the db from pending to enabled.
|
|
454
by drtomc
usrmgt-server: more work. |
104 |
Expected properties:
|
473
by drtomc
usrmgt: progress the skeleton a bit further. |
105 |
login - the user name for the jail
|
454
by drtomc
usrmgt-server: more work. |
106 |
STRING REQUIRED
|
456
by drtomc
usrmgt-server: a bit more work. |
107 |
Return Value: None
|
454
by drtomc
usrmgt-server: more work. |
108 |
"""
|
456
by drtomc
usrmgt-server: a bit more work. |
109 |
|
473
by drtomc
usrmgt: progress the skeleton a bit further. |
110 |
login = props['login'] |
111 |
||
112 |
db = common.db.DB() |
|
113 |
||
114 |
try: |
|
115 |
||
116 |
# FIXME: check we're pending
|
|
117 |
||
118 |
details = db.get_user(login) |
|
119 |
||
522
by drtomc
Add quite a lot of stuff to get usrmgt happening. |
120 |
# make svn config/auth
|
121 |
||
122 |
# print >> sys.stderr, "Creating repo"
|
|
123 |
common.makeuser.make_svn_repo(login, throw_on_error=False) |
|
124 |
# print >> sys.stderr, "Creating svn config"
|
|
125 |
common.makeuser.make_svn_config(login, throw_on_error=False) |
|
126 |
# print >> sys.stderr, "Creating svn auth"
|
|
127 |
passwd = common.makeuser.make_svn_auth(login, throw_on_error=False) |
|
128 |
# print >> sys.stderr, "passwd: %s" % passwd
|
|
129 |
||
130 |
svn = pysvn.Client() |
|
131 |
svn.callback_get_login = partial(get_login, login, passwd) |
|
132 |
||
133 |
# FIXME: This should be a loop over enrolements.
|
|
134 |
# We're not going to fix this now because it requires
|
|
135 |
# a large amount of admin console work to manage subject
|
|
136 |
# offerings.
|
|
137 |
# Instead, we're just going to use a single offering with
|
|
138 |
# a "short" name of "info1".
|
|
139 |
# print >> sys.stderr, "Creating /info1"
|
|
140 |
try: |
|
141 |
svn.mkdir(conf.svn_addr + login + "/info1", |
|
142 |
"Initial creation of work directory for Informatics 1") |
|
143 |
except Exception, exc: |
|
144 |
pass
|
|
145 |
# print >> sys.stderr, "Creating /submissions"
|
|
146 |
try: |
|
147 |
svn.mkdir(conf.svn_addr + login + "/submissions", |
|
148 |
"Initial creation of submissions directory") |
|
149 |
except Exception, exc: |
|
150 |
pass
|
|
151 |
# print >> sys.stderr, "Creating /stuff"
|
|
152 |
try: |
|
153 |
svn.mkdir(conf.svn_addr + login + "/stuff", |
|
154 |
"Initial creation of directory for miscellania") |
|
155 |
except Exception, exc: |
|
156 |
pass
|
|
157 |
||
158 |
# print >> sys.stderr, "Creating jail"
|
|
159 |
common.makeuser.make_jail(login, details.unixid) |
|
160 |
||
161 |
# FIXME: <hack>
|
|
162 |
||
163 |
tcf_path = os.path.join(conf.jail_base, 'template/opt/ivle/lib/conf/conf.py') |
|
164 |
cf_path = os.path.join(conf.jail_base, login, 'opt/ivle/lib/conf/conf.py') |
|
165 |
||
166 |
os.remove(cf_path) |
|
167 |
cf = open(cf_path, "w") |
|
168 |
cf.write(open(tcf_path, "r").read()) |
|
169 |
cf.write("# The login name for the owner of the jail\n") |
|
170 |
cf.write("login = %s\n" % repr(login)) |
|
171 |
cf.write("\n") |
|
172 |
cf.write("# The subversion-only password for the owner of the jail\n") |
|
173 |
cf.write("svn_pass = %s\n" % repr(passwd)) |
|
174 |
cf.close() |
|
175 |
||
176 |
# FIXME: </hack>
|
|
177 |
||
178 |
# print >> sys.stderr, "Checking out directories in the jail"
|
|
179 |
try: |
|
180 |
svn.checkout(conf.svn_addr + "/" + login + "/stuff", |
|
181 |
common.studpath.url_to_local(login + "/stuff")[1]) |
|
182 |
except Exception, exc: |
|
183 |
pass
|
|
184 |
try: |
|
185 |
svn.checkout(conf.svn_addr + "/" + login + "/submissions", |
|
186 |
common.studpath.url_to_local(login + "/submissions")[1]) |
|
187 |
except Exception, exc: |
|
188 |
pass
|
|
189 |
try: |
|
190 |
svn.checkout(conf.svn_addr + "/" + login + "/info1", |
|
191 |
common.studpath.url_to_local(login + "/info1")[1]) |
|
192 |
except Exception, exc: |
|
193 |
pass
|
|
194 |
||
195 |
# FIXME: should this be nicer?
|
|
196 |
os.system("chown -R %d:%d %s" \ |
|
197 |
% (details.unixid, details.unixid, |
|
198 |
common.studpath.url_to_local(login)[1])) |
|
199 |
||
200 |
||
201 |
# print >> sys.stderr, "Enabling user"
|
|
473
by drtomc
usrmgt: progress the skeleton a bit further. |
202 |
db.update_user(login, state='enabled') |
203 |
||
478
by mattgiuca
scripts/usrmgr-server: Renamed actions from dashes to underscores. |
204 |
return {"response": "okay"} |
522
by drtomc
Add quite a lot of stuff to get usrmgt happening. |
205 |
|
206 |
except Exception, exc: |
|
207 |
print >> sys.stderr, exc |
|
473
by drtomc
usrmgt: progress the skeleton a bit further. |
208 |
|
209 |
finally: |
|
210 |
db.close() |
|
440
by drtomc
usrmgt: move the usrmgt sever to a better place. |
211 |
|
452
by drtomc
usrmgt: checkpoint work on the usrmgt server. |
212 |
actions = { |
478
by mattgiuca
scripts/usrmgr-server: Renamed actions from dashes to underscores. |
213 |
'create_user':create_user, |
214 |
'activate_user':activate_user |
|
452
by drtomc
usrmgt: checkpoint work on the usrmgt server. |
215 |
}
|
216 |
||
217 |
def dispatch(props): |
|
522
by drtomc
Add quite a lot of stuff to get usrmgt happening. |
218 |
# print >> sys.stderr, repr(props)
|
452
by drtomc
usrmgt: checkpoint work on the usrmgt server. |
219 |
action = props.keys()[0] |
220 |
return actions[action](props[action]) |
|
221 |
||
440
by drtomc
usrmgt: move the usrmgt sever to a better place. |
222 |
if __name__ == "__main__": |
223 |
port = int(sys.argv[1]) |
|
224 |
magic = sys.argv[2] |
|
225 |
||
452
by drtomc
usrmgt: checkpoint work on the usrmgt server. |
226 |
common.chat.start_server(port, magic, False, dispatch) |