Redbrick User management tool
You can not select more than 25 topics Topics must start with a letter or number, can include dashes ('-') and can be up to 35 characters long.

248 lines
6.7 KiB

  1. #-----------------------------------------------------------------------------#
  2. # MODULE DESCRIPTION #
  3. #-----------------------------------------------------------------------------#
  4. """RedBrick Configuration Module; contains local configuration information."""
  5. # System modules
  6. import os
  7. import random
  8. #---------------------------------------------------------------------#
  9. # DATA #
  10. #---------------------------------------------------------------------#
  11. __version__ = '$Revision: 1.11 $'
  12. __author__ = 'Cillian Sharkey'
  13. # Find out where the rrs directory is.
  14. dir_rrs = (os.path.dirname(__file__) or '.') + '/'
  15. # Maximum length of usernames and groups.
  16. maxlen_uname = 8
  17. maxlen_group = 8
  18. # Default LDAP account attribute values.
  19. ldap_default_objectClass = ['posixAccount', 'top', 'shadowAccount']
  20. ldap_default_hosts = ['paphos', 'metharme']
  21. # RedBrick LDAP settings.
  22. ldap_uri = 'ldap://ldap.internal'
  23. ldap_root_dn = 'cn=root,ou=ldap,o=redbrick'
  24. ldap_rootpw_file = '/etc/ldap.secret'
  25. ldap_tree = 'o=redbrick'
  26. ldap_accounts_tree = 'ou=accounts,o=redbrick'
  27. ldap_group_tree = 'ou=groups,o=redbrick'
  28. ldap_reserved_tree = 'ou=reserved,o=redbrick'
  29. # DCU LDAP settings.
  30. ldap_dcu_uri = 'ldap://ad.dcu.ie'
  31. ldap_dcu_tree = 'o=ad,o=dcu,o=ie'
  32. ldap_dcu_rbdn = 'CN=rblookup,OU=Service Accounts,DC=ad,DC=dcu,DC=ie'
  33. ldap_dcu_rbpw = '/etc/dcu_ldap.secret'
  34. ldap_dcu_students_tree = 'OU=Students,DC=ad,DC=dcu,DC=ie'
  35. #'ou=students,dc=ad,dc=dcu,dc=ie'
  36. ldap_dcu_staff_tree = 'OU=Staff,DC=ad,DC=dcu,DC=ie'
  37. #'ou=staff,dc=ad,dc=dcu,dc=ie'
  38. ldap_dcu_alumni_tree = 'OU=Alumni,DC=ad,DC=dcu,DC=ie'
  39. #'ou=alumni,o=dcu'
  40. # DNS zones RedBrick is authorative for.
  41. dns_zones = (
  42. 'redbrick.dcu.ie',
  43. 'club.dcu.ie',
  44. 'soc.dcu.ie',
  45. )
  46. # Mailman list suffixes.
  47. mailman_list_suffixes = ("-admin", "-bounces", "-confirm", "-join", "-leave", "-owner", "-request", "-subscribe", "-unsubscribe")
  48. # Directory pathnames.
  49. dir_home = '/home'
  50. dir_webtree = '/webtree'
  51. dir_signaway_state = '/local/share/agreement/statedir'
  52. dir_daft = '/local/share/daft'
  53. dir_skel = '/etc/skel'
  54. dir_mailman = '/var/lib/mailman'
  55. # Filenames.
  56. file_uidNumber = dir_rrs + 'uidNumber.txt'
  57. file_pre_sync = dir_rrs + 'presync.txt'
  58. file_rrslog = dir_rrs + 'rrs.log'
  59. file_shells = '/etc/shells'
  60. file_backup_passwd = '/var/backups/passwd.pre-expired'
  61. shell_default = '/usr/local/shells/zsh'
  62. shell_expired = '/usr/local/shells/expired'
  63. # Unix group files: (group file, hostname) pairs.
  64. files_group = (
  65. ('/etc/group', 'Deathray'),
  66. ('/local/share/var/carbon/group', 'Carbon')
  67. )
  68. # host files: (host file, hostname) pairs.
  69. files_host = (
  70. ('/etc/hosts', 'Deathray'),
  71. ('/local/share/var/carbon/hosts', 'Carbon')
  72. )
  73. # Email alias files.
  74. files_alias = (
  75. ('/etc/mail/exim_aliases.txt', 'Mail alias'),
  76. )
  77. # Commands.
  78. command_setquota = '/usr/sbin/setquota'
  79. command_chown = '/bin/chown'
  80. command_chgrp = '/bin/chgrp'
  81. command_cp = '/bin/cp'
  82. command_sendmail = '/usr/sbin/sendmail'
  83. # Valid account usertypes and descriptions.
  84. #
  85. usertypes = {
  86. 'founders': 'RedBrick founder',
  87. 'member': 'Normal member',
  88. 'associat': 'Graduate/associate member',
  89. 'staff': 'DCU staff member',
  90. 'society': 'DCU society',
  91. 'club': 'DCU club',
  92. 'projects': 'RedBrick/DCU/Course project account',
  93. 'guest': 'Guest account',
  94. 'intersoc': 'Account for society from another college',
  95. 'committe': 'Committee member or a position account',
  96. 'redbrick': 'RedBrick related account',
  97. 'dcu': 'DCU related account'
  98. }
  99. # "Ordered" list of usertypes for listing with the exception of founders.
  100. #
  101. usertypes_list = (
  102. 'member', 'associat', 'staff', 'committe',
  103. 'society', 'club', 'dcu',
  104. 'projects', 'redbrick', 'intersoc', 'guest'
  105. )
  106. # List of paying usertypes.
  107. #
  108. usertypes_paying = ('member', 'associat', 'staff', 'committe', 'guest')
  109. # List of dcu usertypes (i.e. require a id number)
  110. #
  111. usertypes_dcu = ('member', 'associat', 'staff', 'committe')
  112. # Pseudo usertypes for conversion to committee positions.
  113. #
  114. convert_usertypes = {
  115. 'admin': 'Elected admin',
  116. 'webmaster': 'Elected webmaster',
  117. 'helpdesk': 'Elected helpdesk'
  118. }
  119. # Supplementary groups when converting an account to given usertype.
  120. #
  121. # Format: 'usertype': 'a string of comma seperated groups with no spaces'
  122. #
  123. convert_extra_groups = {
  124. 'admin': 'root,log',
  125. 'webmaster': 'root,log,webgroup',
  126. 'helpdesk': 'helpdesk'
  127. }
  128. # Actual primary group to use when converting an account to given usertype
  129. # (typically a 'pseudo-usertype').
  130. #
  131. # Format: 'usertype': 'actual unix group name'
  132. #
  133. convert_primary_groups = {
  134. 'admin': 'committe',
  135. 'webmaster': 'committe',
  136. 'helpdesk': 'committe'
  137. }
  138. #---------------------------------------------------------------------#
  139. # MODULE FUNCTIONS #
  140. #---------------------------------------------------------------------#
  141. def gen_passwd():
  142. """Generate a random plaintext password.
  143. Alternates between vowels & consonants and decimal digits. We don't use
  144. upper case letters, solves the CAPS LOCK and clueless user problem.
  145. Characters and numbers that are similar in appearance (1, l, O, 0) or
  146. difficult to 'pronounce' (x, q) are not used.
  147. """
  148. passchars = (
  149. 'a e i o u'.split(),
  150. 'b c d f g h j k m n p r s t v w y z'.split(),
  151. )
  152. numchars = '2 3 4 5 6 7 8 9'.split()
  153. password = ''
  154. offset = random.randrange(2)
  155. for c in range(8):
  156. password += passchars[(c + offset) % 2][random.randrange(len(passchars[(c + offset) % 2]))]
  157. offset = random.randrange(2) and 8 or 0
  158. password = password[offset:] + numchars[random.randrange(len(numchars))] + numchars[random.randrange(len(numchars))] + password[:offset]
  159. return password
  160. def gen_homedir(username, usertype):
  161. """Construct a user's home directory path given username and usertype."""
  162. if usertype in ('member', 'associat'):
  163. hash = username[0] + '/'
  164. else:
  165. hash = ''
  166. return '%s/%s/%s%s' % (dir_home, usertype, hash, username)
  167. def gen_webtree(username):
  168. """Generate a user's webtree path for given username."""
  169. return '%s/%s/%s' % (dir_webtree, username[0], username)
  170. def gen_quotas(usertype = None):
  171. """Returns a dictionary of quota limits for filesystems (possibly
  172. depending on the given usertype, if any).
  173. The format of the quota dictionary is as follows:
  174. 'filesystem': (block quota soft, block quota hard,
  175. inode quota soft, inode quota hard),
  176. ...
  177. Block quota is in kilobytes, inode quota is number of inodes.
  178. """
  179. return {
  180. '/storage': (1000000, 1100000, 800000, 1000000)
  181. }
  182. def gen_extra_user_files(username):
  183. """Return list of files that may belong to the given user outside of
  184. their main storage areas. For purposes of renaming or deleting."""
  185. # XXX: need files for carbon now aswell.
  186. return (
  187. '%s/%s' % (dir_signaway_state, username),
  188. '/var/mail/%s' % username,
  189. '/var/spool/cron/crontabs/%s' % username
  190. )