1
# IVLE - Informatics Virtual Learning Environment
2
# Copyright (C) 2007-2008 The University of Melbourne
4
# This program is free software; you can redistribute it and/or modify
5
# it under the terms of the GNU General Public License as published by
6
# the Free Software Foundation; either version 2 of the License, or
7
# (at your option) any later version.
9
# This program is distributed in the hope that it will be useful,
10
# but WITHOUT ANY WARRANTY; without even the implied warranty of
11
# MERCHANTABILITY or FITNESS FOR A PARTICULAR PURPOSE. See the
12
# GNU General Public License for more details.
14
# You should have received a copy of the GNU General Public License
15
# along with this program; if not, write to the Free Software
16
# Foundation, Inc., 51 Franklin St, Fifth Floor, Boston, MA 02110-1301 USA
22
# Allows creation of users. This sets up the following:
23
# * User's jail and home directory within the jail.
24
# * Subversion repository (TODO)
25
# * Check out Subversion workspace into jail (TODO)
26
# * Database details for user
29
# TODO: Sanitize login name and other fields.
30
# Users must not be called "temp" or "template".
32
# TODO: When creating a new home directory, chown it to its owner
34
# TODO: In chown_to_webserver:
35
# Do not call os.system("chown www-data") - use Python lib
36
# and use the web server uid given in conf. (Several places).
48
import ivle.pulldown_subj
50
from ivle.database import ProjectGroup
52
def chown_to_webserver(filename):
54
Chowns a file so the web server user owns it.
55
(This is useful in setting up Subversion conf files).
59
os.system("chown -R www-data:www-data %s" % filename)
63
def make_svn_repo(path, throw_on_error=True):
64
"""Create a Subversion repository at the given path.
67
res = os.system("svnadmin create '%s'" % path)
68
if res != 0 and throw_on_error:
69
raise Exception("Cannot create repository: %s" % path)
70
except Exception, exc:
75
chown_to_webserver(path)
77
def rebuild_svn_config(store):
78
"""Build the complete SVN configuration file.
80
users = store.find(ivle.database.User)
82
# TODO: Populate groups with per-offering tutors/lecturers/etc.
83
f = open(ivle.conf.svn_conf + ".new", "w")
84
f.write("# IVLE SVN Repositories Configuration\n")
85
f.write("# Auto-generated on %s\n" % time.asctime())
88
for (g,ls) in groups.iteritems():
89
f.write("%s = %s\n" % (g, ",".join(ls)))
92
f.write("[%s:/]\n" % u.login)
93
f.write("%s = rw\n" % u.login)
94
#f.write("@tutor = r\n")
95
#f.write("@lecturer = rw\n")
96
#f.write("@admin = rw\n")
99
os.rename(ivle.conf.svn_conf + ".new", ivle.conf.svn_conf)
100
chown_to_webserver(ivle.conf.svn_conf)
102
def rebuild_svn_group_config(store):
103
"""Build the complete SVN configuration file for groups
105
f = open(ivle.conf.svn_group_conf + ".new", "w")
106
f.write("# IVLE SVN Group Repositories Configuration\n")
107
f.write("# Auto-generated on %s\n" % time.asctime())
109
for group in store.find(ProjectGroup):
110
offering = group.project_set.offering
111
reponame = "_".join([offering.subject.short_name,
112
offering.semester.year,
113
offering.semester.semester,
115
f.write("[%s:/]\n"%reponame)
116
for user in group.members:
117
f.write("%s = rw\n" % user.login)
120
os.rename(ivle.conf.svn_group_conf + ".new", ivle.conf.svn_group_conf)
121
chown_to_webserver(ivle.conf.svn_group_conf)
123
def make_svn_auth(store, login, throw_on_error=True):
124
"""Setup svn authentication for the given user.
125
Uses the given DB store object. Does not commit to the db.
127
passwd = hashlib.md5(uuid.uuid4().bytes).hexdigest()
128
if os.path.exists(ivle.conf.svn_auth_ivle):
133
user = ivle.database.User.get_by_login(store, login)
134
user.svn_pass = unicode(passwd)
136
res = os.system("htpasswd -%smb %s %s %s" % (create,
137
ivle.conf.svn_auth_ivle,
139
if res != 0 and throw_on_error:
140
raise Exception("Unable to create ivle-auth for %s" % login)
142
# Make sure the file is owned by the web server
144
chown_to_webserver(ivle.conf.svn_auth_ivle)
148
def generate_manifest(basedir, targetdir, parent=''):
149
""" From a basedir and a targetdir work out which files are missing or out
150
of date and need to be added/updated and which files are redundant and need
153
parent: This is used for the recursive call to track the relative paths
154
that we have decended.
157
cmp = filecmp.dircmp(basedir, targetdir)
159
# Add all new files and files that have changed
160
to_add = [os.path.join(parent,x) for x in (cmp.left_only + cmp.diff_files)]
162
# Remove files that are redundant
163
to_remove = [os.path.join(parent,x) for x in cmp.right_only]
166
for d in cmp.common_dirs:
167
newbasedir = os.path.join(basedir, d)
168
newtargetdir = os.path.join(targetdir, d)
169
newparent = os.path.join(parent, d)
170
(sadd,sremove) = generate_manifest(newbasedir, newtargetdir, newparent)
174
return (to_add, to_remove)
177
def make_jail(user, force=True):
178
"""Creates a new user's jail space, in the jail directory as configured in
181
This only creates things within /home - everything else is expected to be
182
part of another UnionFS branch.
184
Returns the path to the user's home directory.
186
Chowns the user's directory within the jail to the given UID.
188
force: If false, exception if jail already exists for this user.
189
If true (default), overwrites it, but preserves home directory.
191
# MUST run as root or some of this may fail
193
raise Exception("Must run make_jail as root")
195
# tempdir is for putting backup homes in
196
tempdir = os.path.join(ivle.conf.jail_src_base, '__temp__')
197
if not os.path.exists(tempdir):
199
elif not os.path.isdir(tempdir):
202
userdir = os.path.join(ivle.conf.jail_src_base, user.login)
203
homedir = os.path.join(userdir, 'home')
204
userhomedir = os.path.join(homedir, user.login) # Return value
206
if os.path.exists(userdir):
208
raise Exception("User's jail already exists")
209
# User jail already exists. Blow it away but preserve their home
210
# directory. It should be all that is there anyway, but you never
212
# Ignore warnings about the use of tmpnam
213
warnings.simplefilter('ignore')
214
homebackup = os.tempnam(tempdir)
215
warnings.resetwarnings()
216
# Back up the /home directory, delete the entire jail, recreate the
217
# jail directory tree, then copy the /home back
218
# NOTE that shutil.move changed in Python 2.6, it now moves a
219
# directory INTO the target (like `mv`), which it didn't use to do.
220
# This code works regardless.
221
shutil.move(homedir, homebackup)
222
shutil.rmtree(userdir)
224
shutil.move(homebackup, homedir)
225
# Change the ownership of all the files to the right unixid
226
logging.debug("chown %s's home directory files to uid %d"
227
%(user.login, user.unixid))
228
os.spawnvp(os.P_WAIT, 'chown', ['chown', '-R', '%d:%d' % (user.unixid,
229
user.unixid), userhomedir])
231
# No user jail exists
232
# Set up the user's home directory
233
os.makedirs(userhomedir)
234
# Chown (and set the GID to the same as the UID).
235
os.chown(userhomedir, user.unixid, user.unixid)
236
# Chmod to rwxr-xr-x (755)
237
os.chmod(userhomedir, 0755)
239
make_ivle_conf(user.login, userdir, user.svn_pass)
240
make_etc_passwd(user.login, userdir, ivle.conf.jail_system, user.unixid)
244
def make_ivle_conf(username, user_jail_dir, svn_pass):
246
Creates (overwriting any existing file, and creating directories) a
247
file /etc/ivle/ivle.conf in a given user's jail.
249
user_jail_dir: User's jail dir, ie. ivle.conf.jail_base + username
250
svn_pass: User's SVN password.
252
conf_path = os.path.join(user_jail_dir, "etc/ivle/ivle.conf")
253
os.makedirs(os.path.dirname(conf_path))
255
# In the "in-jail" version of conf, we don't need MOST of the details
256
# (it would be a security risk to have them here).
257
# So we just write root_dir.
258
conf_obj = ivle.config.Config(blank=True)
259
conf_obj.filename = conf_path
260
conf_obj['urls']['root'] = ivle.conf.root_dir
261
conf_obj['urls']['public_host'] = ivle.conf.public_host
262
conf_obj['urls']['svn_addr'] = ivle.conf.svn_addr
263
conf_obj['user_info']['login'] = username
264
conf_obj['user_info']['svn_pass'] = svn_pass
267
# Make this file world-readable
268
# (chmod 644 conf_path)
269
os.chmod(conf_path, stat.S_IRUSR | stat.S_IWUSR | stat.S_IRGRP
272
def make_etc_passwd(username, user_jail_dir, template_dir, unixid):
274
Creates /etc/passwd in the given user's jail. This will be identical to
275
that in the template jail, except for the added entry for this user.
277
template_passwd_path = os.path.join(template_dir, "etc/passwd")
278
passwd_path = os.path.join(user_jail_dir, "etc/passwd")
279
passwd_dir = os.path.dirname(passwd_path)
280
if not os.path.exists(passwd_dir):
281
os.makedirs(passwd_dir)
282
shutil.copy(template_passwd_path, passwd_path)
283
passwd_file = open(passwd_path, 'a')
284
passwd_file.write('%s:x:%d:%d::/home/%s:/bin/bash'
285
% (username, unixid, unixid, username))
288
def mount_jail(login):
289
# This is where we'll mount to...
290
destdir = os.path.join(ivle.conf.jail_base, login)
291
# ... and this is where we'll get the user bits.
292
srcdir = os.path.join(ivle.conf.jail_src_base, login)
294
if not os.path.exists(destdir):
296
if os.system('/bin/mount -t aufs -o dirs=%s:%s=ro none %s'
297
% (srcdir, ivle.conf.jail_system, destdir)) == 0:
298
logging.info("mounted user %s's jail." % login)
300
logging.error("failed to mount user %s's jail!" % login)
301
except Exception, message:
302
logging.warning(str(message))
added
removed
ivle/makeuser.py
