diff --git a/gestion/chambres_vides.py b/gestion/chambres_vides.py index 1d568e3a..e3027dc2 100755 --- a/gestion/chambres_vides.py +++ b/gestion/chambres_vides.py @@ -39,7 +39,7 @@ delai = config.demenagement_delai # On récupère ceux qui n'ont pas payé cette année if config.periode_transitoire: - bad_boys_e_s = conn.search(u'(&(aid)*)(chbre=????)(paiement=%d)(!(paiement=%d)))' % (year-1,year)) + bad_boys_e_s = conn.search(u'(&(aid=*)(chbre=????)(paiement=%d)(!(paiement=%d)))' % (year-1,year)) else: bad_boys_e_s = conn.search(u'(&(aid=*)(chbre=????)(paiement=%d))' % year) now = time.time() diff --git a/gestion/ipt.py b/gestion/ipt.py index 37c0a1c9..e9a79d47 100644 --- a/gestion/ipt.py +++ b/gestion/ipt.py @@ -187,11 +187,14 @@ ACCEPT' % (dev, proto, ip, port)) mac=machine.mac() break - self.filter.blacklist_src('-m mac --mac-source %s -j REJECT --reject-with icmp6-port-unreachable' % mac) if ip: self.filter.blacklist_dst('-d %s -j REJECT --reject-with icmp6-adm-prohibited' % ip) + elif mac == '': + # else: si mac auto, c'est normal de pas avoir pu calculer l'ip + return else: - print "Ipv6 de la machine %s impossible à calculer" % machine.nom() + print (u"Ipv6 de la machine %s impossible à calculer" % machine.nom()).encode('utf-8') + self.filter.blacklist_src('-m mac --mac-source %s -j REJECT --reject-with icmp6-port-unreachable' % mac) def version(self): diff --git a/gestion/secrets_new.py b/gestion/secrets_new.py index 1706db34..977d68fe 100644 --- a/gestion/secrets_new.py +++ b/gestion/secrets_new.py @@ -25,14 +25,26 @@ Recuperation des secrets depuis /etc/crans/secrets. import sys import os -from syslog import syslog, openlog +import logging +import logging.handlers import getpass +# Initialisation d'un logger pour faire des stats etc +# pour l'instant, on centralise tout sur thot en mode debug +logger = logging.getLogger('secrets_new') +logger.setLevel(logging.DEBUG) +formatter = logging.Formatter('%(name)s: [%(levelname)s] %(message)s') +handler = logging.handlers.SysLogHandler(address = '/dev/log') +try: + handler.addFormatter(formatter) +except AttributeError: + handler.formatter = formatter +logger.addHandler(handler) + def get(secret): - """ Recupere un secret. """ - openlog('secrets_new') + """ Récupère un secret. """ prog = os.path.basename(getattr(sys, 'argv', ['undefined'])[0]) - syslog('%s (in %s) asked for %s' % (getpass.getuser(), prog, secret)) + logger.debug('%s (in %s) asked for %s' % (getpass.getuser(), prog, secret)) try: f = open("/etc/crans/secrets/" + secret) result = f.read().strip() @@ -45,5 +57,5 @@ def get(secret): sys.path.pop() return getattr(module, secret) except: - syslog('...and that failed.') + logger.critical('...and that failed.') raise Exception("Impossible d'acceder au secret %s!" % secret) diff --git a/munin/wifi_auth b/munin/wifi_auth index edc1f1ad..68d350f1 100755 --- a/munin/wifi_auth +++ b/munin/wifi_auth @@ -42,6 +42,12 @@ if [ "$1" = "config" ]; then echo 'success.label Succès' echo 'success.draw AREASTACK' echo 'success.colour 00FF00' + echo 'peap.label Authentifications PEAP' + echo 'ttls.label Authentifications TTLS' + echo 'peap.draw LINE1' + echo 'peap.colour 000000' + echo 'ttls.draw LINE2' + echo 'ttls.colour F6FF00' exit 0 fi @@ -53,16 +59,23 @@ TEMP_FILE=$(mktempfile munin-radius-wifi.XXXXXX) if [ -n "$TEMP_FILE" -a -f "$TEMP_FILE" ] then if [ $ARGS != 0 ]; then - $LOGTAIL -f ${FREERADIUS_LOG} -o ${STATEFILE} | grep 'freeradius\[.*\]:' > ${TEMP_FILE} + $LOGTAIL -f ${FREERADIUS_LOG} -o ${STATEFILE} > ${TEMP_FILE} else - $LOGTAIL ${FREERADIUS_LOG} ${STATEFILE} | grep 'freeradius\[.*\]:' > ${TEMP_FILE} + $LOGTAIL ${FREERADIUS_LOG} ${STATEFILE} > ${TEMP_FILE} fi success=$(grep -c 'Login OK' ${TEMP_FILE}) failures=$(grep -c 'Login incorrect' ${TEMP_FILE}) + peap=$(grep -c 'authenticated - EAP type: 25' ${TEMP_FILE}) + ttls=$(grep -c 'authenticated - EAP type: 21' ${TEMP_FILE}) /bin/rm -f $TEMP_FILE fi echo "success.value ${success}" echo "failures.value ${failures}" +# NB: chaque authentification réussie en TTLS ou PEAP produit deux "succès" +# (inner et outer-tunnels) +echo "peap.value ${peap}" +echo "ttls.value ${ttls}" + diff --git a/utils/robots_perso.py b/utils/robots_perso.py new file mode 100755 index 00000000..63f4f0bb --- /dev/null +++ b/utils/robots_perso.py @@ -0,0 +1,53 @@ +#!/usr/bin/env python +# -*- coding: utf-8 -*- + +import os +import sys +import robotparser +import collections +base_file = '/var/www/perso/robots.txt' + +robots_file = '/usr/scripts/var/perso/robots.txt' + +robots = collections.defaultdict(lambda:collections.defaultdict(list)) +def add_robots(user, robots): + if os.path.exists('/home/%s/www/robots.txt' % user): + rp = robotparser.RobotFileParser() + rp.parse(open('/home/%s/www/robots.txt' % user)) + for entry in ([rp.default_entry] if rp.default_entry else []) + rp.entries: + for user_agent in entry.useragents: + for rule in entry.rulelines: + what = "Allow" if rule.allowance else "Disallow" + robots["User-agent: %s" % user_agent][what].append("/%s%s" % (user, rule.path)) + robots["User-agent: %s" % user_agent][what].append("/~%s%s" % (user, rule.path)) + +def write_robots(file, robots): + for user_agent, whats in robots.items(): + f.write(user_agent + "\n") + for rule in whats.get("Disallow", []): + f.write("Disallow: %s\n" % rule) + for rule in whats.get("Allow", []): + f.write("Allow: %s\n" % rule) + f.write("\n") + +def get_users(): + return os.listdir('/home/') + + +if __name__ == '__main__': + tmp_file = robots_file + '.tmp' + rp = robotparser.RobotFileParser() + rp.parse(open(base_file)) + for entry in ([rp.default_entry] if rp.default_entry else []) + rp.entries: + for user_agent in entry.useragents: + for rule in entry.rulelines: + what = "Allow" if rule.allowance else "Disallow" + robots["User-agent: %s" % user_agent][what].append("%s" % (rule.path)) + for user in get_users(): + try: + add_robots(user, robots) + except Exception as e: + sys.stderr.write("%r\n" % e) + with open(tmp_file, 'w') as f: + write_robots(f, robots) + os.rename(tmp_file, robots_file) diff --git a/wiki/macro/LostSoulsInGroups.py b/wiki/macro/LostSoulsInGroups.py new file mode 100644 index 00000000..42740497 --- /dev/null +++ b/wiki/macro/LostSoulsInGroups.py @@ -0,0 +1,68 @@ +# -*- coding: utf-8 -*- +""" + MoinMoin - LostSoulsInGroups macro + + List all items in custom groups that do not have user accounts + (either haven't registered yet or have been deleted or there's a typo) + + @copyright: 2007 Alexander "Loki" Agibalov + @license: GNU GPL, see COPYING for details. + + changes: + 12.2007 - conversion to new syntax by Bolesław Kulbabiński +""" + +from MoinMoin import wikiutil, user +from MoinMoin.Page import Page +from MoinMoin.PageEditor import PageEditor +import re, sys + +def macro_LostSoulsInGroups(macro, args): + request = macro.request + _ = macro.request.getText + + sRet = u"

Éléments dans des groupes custom qui ne correspondent pas à un compte wiki :

" + sRet = sRet + u"" + userlist = [] + lostsouls = {} + for uid in user.getUserList(request): + userlist.append(user.User(request, uid).name) + + isgroup = request.cfg.cache.page_group_regex.search + grouppages = request.rootpage.getPageList(user='', filter=isgroup) + + srch = re.compile("^ \* [^ ]*", re.M) + for pg in grouppages: + pged = PageEditor(request, pg) + pagelines = pged.getlines() + for lin in pagelines: + srchS = srch.match(lin) + if srchS: + st = srchS.group() + st = st[3:] + try: + usr = userlist.index(st) + except ValueError: + if lostsouls.has_key(pg): + temp_lst = lostsouls[pg] + temp_lst.append(st) + lostsouls[pg] = temp_lst + else: + lostsouls[pg] = [st] + + for k, v in lostsouls.iteritems(): + st = u'' % (Page(request, k).link_to(request), ", ".join(v)) + sRet = sRet + st + + sRet = sRet + "
%s%s
" + return macro.formatter.rawHTML(sRet) + + +def execute(macro, args): + try: + return wikiutil.invoke_extension_function( + macro.request, macro_LostSoulsInGroups, args, [macro]) + except ValueError, err: + return macro.request.formatter.text( + "<>" % err.args[0]) +