~azzar1/unity/add-show-desktop-key

Viewing changes to scripts/usrmgt-server

Committer: mattgiuca
Date: 2008-07-15 09:18:02 UTC
Revision ID: svn-v3-trunk0:2b9c9e99-6f39-0410-b283-7f802c844ae2:trunk:877

pulldown_subj/__init__.py: Added "enrol_user" function which pulls down a user
and also enrols them in the database.
Added script enrolallusers.py which scriptulously performs automatic
enrolments of all users in the system, similar to remakeallusers.

files added:
file-tools

file-tools/cat-from.py

file-tools/cat-to.py

platform

platform/Makefile

platform/README

platform/TODO

platform/config

platform/config/lite.conf

platform/config/svn-apache.conf

platform/scripts

platform/scripts/mkJail.sh

platform/scripts/post-commit

platform/scripts/safe-python

remakeallusers.py

remakeuser.py

files removed:
doc/upgrade.txt

enrol.py

lib/common/date.py

lib/common/svn.py

remakeuser.py

scripts/interpretservice

showenrolment.py

userdb/migrations/20080707-01.sql

userdb/migrations/20080718-01.sql

userdb/migrations/20080721-01.sql

userdb/migrations/20080721-02.sql

userdb/migrations/20080721-03.sql

userdb/migrations/20080721-04.sql

userdb/migrations/20080723-01.sql

www/apps/groups

www/apps/groups/__init__.py

www/apps/groups/help.html

www/media/browser/specialhome.js

www/media/groups

www/media/groups/groups.css

www/media/groups/groups.js

www/media/images/apps/groups.png

www/media/images/apps/small/groups.png

www/media/images/interface/loading.gif

www/media/images/svn/conflicted.png

files modified:
buildjail.sh

doc/setup/install_proc.txt

doc/setup/ivle-both.conf

doc/setup/ivle-svn.conf

doc/setup/ivle.conf

lib/common/caps.py

lib/common/chat.py

lib/common/db.py

lib/common/forumutil.py

lib/common/interpret.py

lib/common/makeuser.py

lib/common/util.py

lib/conf/apps.py

lib/fileservice_lib/__init__.py

lib/fileservice_lib/action.py

lib/fileservice_lib/listing.py

makeuser.py

scripts/diffservice

scripts/python-console

scripts/svnlogservice

scripts/usrmgt-server

setup/build.py

setup/configure.py

setup/listmake.py

timount/timount.c

trampoline/trampoline.c

userdb/users.sql

www/apps/browser/__init__.py

www/apps/browser/help.html

www/apps/console/help.html

www/apps/consoleservice/__init__.py

www/apps/fileservice/__init__.py

www/apps/server/__init__.py

www/apps/subjects/__init__.py

www/apps/tutorial/__init__.py

www/apps/userservice/__init__.py

www/dispatch/__init__.py

www/dispatch/html.py

www/dispatch/request.py

www/media/browser/browser.css

www/media/browser/browser.js

www/media/browser/editor.js

www/media/browser/listing.css

www/media/browser/listing.js

www/media/common/codepress/codepress.css

www/media/common/codepress/codepress.js

www/media/common/codepress/engines/gecko.js

www/media/common/util.js

www/media/console/console.js

www/plugins/console/__init__.py

Show diffs side-by-side

added added

removed removed

scripts/usrmgt-server

#!/usr/bin/python

import os

import pysvn

import subprocess

import sys

import urllib

from functools import partial

import traceback

import logging

import errno

import conf

import common.db

# - create repository

# - svn config

# - svn auth

# - Checkout repository as home directory

# - /etc/passwd entry

# - Disable a user's account

# - Enable a user's account

# - Rebuild svn auth file

# - Rebuild passwd + push to nodes.

def create_user(props):

"""Create the database record for the given user.

Expected properties:

STRING REQUIRED

unixid - the unix uid under which execution will take place

on the behalf of the user. Don't use 0! If not specified

or None, one will be allocated from the configured

numeric range.

INT OPTIONAL

password - the clear-text password for the user. If this property is

absent or None, this is an indication that external

authentication should be used (i.e. LDAP).

STRING OPTIONAL

email - the user's email address.

STRING OPTIONAL

nick - the display name to use.

STRING REQUIRED

fullname - The name of the user for results and/or other official

purposes.

STRING REQUIRED

rolenm - The user's role. Must be one of "anyone", "student",

"tutor", "lecturer", "admin".

STRING/ENUM REQUIRED

studentid - If supplied and not None, the student id of the user for

results and/or other official purposes.

STRING OPTIONAL

Return Value: the uid associated with the user. INT

"""

if 'unixid' not in props or props['unixid'] is None:

# For the time being, just choose a random unixid.

# This may result in duplicates, but the unixid is essentially

# a monitoring/logging convenience only. Oh, and dups could kill

# each other. <sigh>

props['unixid'] = random.randrange(5000,10000)

# raise NotImplementedError, "No algorithm for creating uids yet!"

# unixid = invent-uid

# props['unixid'] = unixid

common.makeuser.make_user_db(**props)

return int(props['unixid'])

def update_user(props):

"""Create the database record for the given user.

Expected properties:

being updated).

update - dict of fields to be updated. The fields are all those

in the login table of the db.

'login' required.

Omitted fields will not be set.

"""

update = props['update']

# Note: "login" is special - it is not part of the kwargs to

# db.update_user, but the first arg - used to find the user to update.

# However it doesn't need any special treatment here.

db = common.db.DB()

db.update_user(**update)

db.close()

100

101

def get_login(login, passwd, realm, existing_login, _may_save):

102

"""Callback function used by pysvn for authentication.

103

104

passwd in clear (this should be the user's svn_pass, a

105

randomly-generated permanent password for this user, not their main

106

IVLE password).

107

realm, existing_login, _may_save: The 3 arguments passed by pysvn to

108

callback_get_login.

109

The following has been determined empirically, not from docs:

110

existing_login will be the name of the user who owns the process on

111

the first attempt, "" on subsequent attempts. We use this fact.

112

"""

113

logging.debug("Getting password for %s (realm %s)" % (login, realm))

114

# Only provide credentials on the _first_ attempt.

115

# If we're being asked again, then it means the credentials failed for

116

# some reason and we should just fail. (This is not desirable, but it's

117

# better than being asked an infinite number of times).

118

if existing_login == "":

119

logging.warning("Could not authenticate SVN for %s" % login)

120

return (False, login, passwd, False)

121

else:

122

return (True, login, passwd, False)

123

124

def activate_user(props):

125

"""Create the on-disk stuff for the given user.

126

Sets the state of the user in the db from pending to enabled.

144

145

# make svn config/auth

146

repopath = os.path.join(conf.svn_repo_path, 'users', login)

logging.debug("Creating user's Subversion repository")

common.makeuser.make_svn_repo(repopath, throw_on_error=False)

rebuild_svn_config(props)

logging.debug("Adding Subversion authentication")

147

logging.debug("Creating repo")

148

common.makeuser.make_svn_repo(login, throw_on_error=False)

149

logging.debug("Creating svn config")

150

common.makeuser.make_svn_config(login, throw_on_error=False)

151

logging.debug("Creating svn auth")

152

passwd = common.makeuser.make_svn_auth(login, throw_on_error=False)

153

logging.debug("passwd: %s" % passwd)

154

155

svn = pysvn.Client()

156

svn.callback_get_login = partial(get_login, login, passwd)

157

158

if conf.svn_addr[-1] != '/':

159

conf.svn_addr = conf.svn_addr + "/"

160

161

# FIXME: This should be a loop over enrolements.

162

# We're not going to fix this now because it requires

163

# a large amount of admin console work to manage subject

164

# offerings.

165

# Instead, we're just going to use a single offering with

166

# a "short" name of "info1".

167

logging.debug("Creating /info1")

168

try:

169

svn.mkdir(conf.svn_addr + login + "/info1",

170

"Initial creation of work directory for Informatics 1")

171

except Exception, exc:

172

logging.warning("While mkdiring info1: %s" % str(exc))

173

pass

174

logging.debug("Creating /stuff")

175

try:

176

svn.mkdir(conf.svn_addr + login + "/stuff",

177

"Initial creation of directory for miscellania")

178

except Exception, exc:

179

logging.warning("While mkdiring stuff: %s" % str(exc))

180

pass

181

182

logging.debug("Creating jail")

183

common.makeuser.make_jail(login, details.unixid, svn_pass=passwd)

184

185

common.makeuser.mount_jail(login)

186

187

do_checkout(props, svn_pass=passwd)

188

189

# FIXME: should this be nicer?

190

os.system("chown -R %d:%d %s" \

191

% (details.unixid, details.unixid,

192

common.studpath.url_to_local(login)[1]))

193

194

logging.info("Enabling user")

195

db.update_user(login, state='enabled')

196

199

finally:

200

db.close()

201

def rebuild_svn_config(props):

"""Rebuilds the svn config file

Return value:

response (okay, failure)

"""

try:

common.makeuser.rebuild_svn_config()

except Exception, e:

logging.warning('Rebuild of Subversion authorization config failed!')

return{'response': 'failure', 'msg': repr(e)}

return {'response': 'okay'}

def rebuild_svn_group_config(props):

"""Rebuilds the svn group config file

Return value:

response (okay, failure)

"""

try:

common.makeuser.rebuild_svn_group_config()

except Exception, e:

logging.warning(

'Rebuild of Subversion group authorization config failed!')

return{'response': 'failure', 'msg': repr(e)}

100

return {'response': 'okay'}

101

102

def create_group_repository(props):

103

"""Creates on disk repository for the given group

104

Expected properties:

105

subj_short_name, year, semester, groupnm

106

Return value:

107

response (okay, failure)

108

"""

109

110

subj_short_name = props['subj_short_name']

111

year = props['year']

112

semester = props['semester']

113

groupnm = props['groupnm']

114

115

namespace = "_".join([subj_short_name, year, semester, groupnm])

116

repopath = os.path.join(conf.svn_repo_path, 'groups', namespace)

117

logging.debug("Creating Subversion repository %s"%repopath)

118

try:

119

common.makeuser.make_svn_repo(repopath)

120

except Exception, e:

121

logging.error("Failed to create Subversion repository %s: %s"%

122

(repopath,repr(e)))

123

return {'response': 'failure', 'msg': repr(e)}

124

125

return {'response': 'okay'}

202

def do_checkout(props, svn_pass=None):

203

"""Create the default contents of a user's jail by checking out from the

204

repositories.

205

If any directory already exists, just fail silently (so this is not a

206

"wipe-and-checkout", merely a checkout if it failed or something).

207

Expected properties:

208

209

STRING REQUIRED

210

Return Value: None

211

"""

212

213

214

db = common.db.DB()

215

user = db.get_user(login)

216

# If svn_pass isn't supplied, grab it from the DB

217

if svn_pass is None:

218

svn_pass = user.svn_pass

219

db.close()

220

221

svn = pysvn.Client()

222

svn.callback_get_login = partial(get_login, login, svn_pass)

223

224

if conf.svn_addr[-1] != os.sep:

225

conf.svn_addr += os.sep

226

227

# FIXME: <hack>

228

229

logging.debug("Checking out directories in the jail")

230

try:

231

svn.checkout(conf.svn_addr + login + "/stuff",

232

common.studpath.url_to_local(login + "/stuff")[1])

233

os.system("chown -R %d:%d %s" \

234

% (user.unixid, user.unixid,

235

common.studpath.url_to_local(login + "/stuff")[1]))

236

except Exception, exc:

237

logging.warning("While mkdiring stuff: %s" % str(exc))

238

pass

239

try:

240

svn.checkout(conf.svn_addr + login + "/info1",

241

common.studpath.url_to_local(login + "/info1")[1])

242

os.system("chown -R %d:%d %s" \

243

% (user.unixid, user.unixid,

244

common.studpath.url_to_local(login + "/info1")[1]))

245

except Exception, exc:

246

logging.warning("While mkdiring info1: %s" % str(exc))

247

pass

248

249

# FIXME: </hack>

250

251

return {"response": "okay"}

126

252

127

253

actions = {

254

'create_user':create_user,

255

'update_user':update_user,

128

256

'activate_user':activate_user,

129

'create_group_repository':create_group_repository,

130

'rebuild_svn_config':rebuild_svn_config,

131

'rebuild_svn_group_config':rebuild_svn_group_config,

257

'do_checkout':do_checkout,

132

258

}

133

259

134

260

def initializer():

146

272

return actions[action](props[action])

147

273

148

274

if __name__ == "__main__":

275

if len(sys.argv) <3:

276

print >>sys.stderr, "Usage: usrmgt-server <port> <magic>"

277

sys.exit(1)

278

port = int(sys.argv[1])

279

magic = sys.argv[2]

280

149

281

pid = os.getpid()

150

282

151

283

logging.basicConfig(filename="/var/log/usrmgt.log", level=logging.INFO)

152

logging.info("Starting usrmgt server on port %d (pid = %d)" %

153

(conf.usrmgt_port, pid))

284

logging.info("Starting usrmgt server on port %d (pid = %d)" % (port, pid))

154

285

155

common.chat.start_server(conf.usrmgt_port, conf.usrmgt_magic, True, dispatch, initializer)

286

common.chat.start_server(port, magic, True, dispatch, initializer)

Older »