From f44962cb4a1a7e4937f4265224430068647a8cb3 Mon Sep 17 00:00:00 2001 From: Valentin Samir Date: Mon, 3 Mar 2014 13:31:38 +0100 Subject: [PATCH 1/9] =?UTF-8?q?[utils/robots=5Fperso.py]=20Script=20pour?= =?UTF-8?q?=20collecter=20et=20assembler=20les=20robots.txt=20des=20www=20?= =?UTF-8?q?des=20adh=C3=A9rents?= MIME-Version: 1.0 Content-Type: text/plain; charset=UTF-8 Content-Transfer-Encoding: 8bit --- utils/robots_perso.py | 53 +++++++++++++++++++++++++++++++++++++++++++ 1 file changed, 53 insertions(+) create mode 100755 utils/robots_perso.py diff --git a/utils/robots_perso.py b/utils/robots_perso.py new file mode 100755 index 00000000..63f4f0bb --- /dev/null +++ b/utils/robots_perso.py @@ -0,0 +1,53 @@ +#!/usr/bin/env python +# -*- coding: utf-8 -*- + +import os +import sys +import robotparser +import collections +base_file = '/var/www/perso/robots.txt' + +robots_file = '/usr/scripts/var/perso/robots.txt' + +robots = collections.defaultdict(lambda:collections.defaultdict(list)) +def add_robots(user, robots): + if os.path.exists('/home/%s/www/robots.txt' % user): + rp = robotparser.RobotFileParser() + rp.parse(open('/home/%s/www/robots.txt' % user)) + for entry in ([rp.default_entry] if rp.default_entry else []) + rp.entries: + for user_agent in entry.useragents: + for rule in entry.rulelines: + what = "Allow" if rule.allowance else "Disallow" + robots["User-agent: %s" % user_agent][what].append("/%s%s" % (user, rule.path)) + robots["User-agent: %s" % user_agent][what].append("/~%s%s" % (user, rule.path)) + +def write_robots(file, robots): + for user_agent, whats in robots.items(): + f.write(user_agent + "\n") + for rule in whats.get("Disallow", []): + f.write("Disallow: %s\n" % rule) + for rule in whats.get("Allow", []): + f.write("Allow: %s\n" % rule) + f.write("\n") + +def get_users(): + return os.listdir('/home/') + + +if __name__ == '__main__': + tmp_file = robots_file + '.tmp' + rp = robotparser.RobotFileParser() + rp.parse(open(base_file)) + for entry in ([rp.default_entry] if rp.default_entry else []) + rp.entries: + for user_agent in entry.useragents: + for rule in entry.rulelines: + what = "Allow" if rule.allowance else "Disallow" + robots["User-agent: %s" % user_agent][what].append("%s" % (rule.path)) + for user in get_users(): + try: + add_robots(user, robots) + except Exception as e: + sys.stderr.write("%r\n" % e) + with open(tmp_file, 'w') as f: + write_robots(f, robots) + os.rename(tmp_file, robots_file) From a4d264ebaf85110bd1d526e69b5d795c961b0d92 Mon Sep 17 00:00:00 2001 From: Vincent Le Gallic Date: Mon, 3 Mar 2014 23:37:26 +0100 Subject: [PATCH 2/9] [wiki/macro] Nouvelle macro pour voir qui est inscrit avec une typo dans les groupes. --- wiki/macro/LostSoulsInGroups.py | 68 +++++++++++++++++++++++++++++++++ 1 file changed, 68 insertions(+) create mode 100644 wiki/macro/LostSoulsInGroups.py diff --git a/wiki/macro/LostSoulsInGroups.py b/wiki/macro/LostSoulsInGroups.py new file mode 100644 index 00000000..8258399c --- /dev/null +++ b/wiki/macro/LostSoulsInGroups.py @@ -0,0 +1,68 @@ +# -*- coding: utf-8 -*- +""" + MoinMoin - LostSoulsInGroups macro + + List all items in custom groups that do not have user accounts + (either haven't registered yet or have been deleted or there's a typo) + + @copyright: 2007 Alexander "Loki" Agibalov + @license: GNU GPL, see COPYING for details. + + changes: + 12.2007 - conversion to new syntax by Bolesław Kulbabiński +""" + +from MoinMoin import wikiutil, user +from MoinMoin.Page import Page +from MoinMoin.PageEditor import PageEditor +import re, sys + +def macro_LostSoulsInGroups(macro, args): + request = macro.request + _ = macro.request.getText + + sRet = "

Items in custom groups (Users in custom groups who don't have user accounts)

" + sRet = sRet + "" + userlist = [] + lostsouls = {} + for uid in user.getUserList(request): + userlist.append(user.User(request, uid).name) + + isgroup = request.cfg.cache.page_group_regex.search + grouppages = request.rootpage.getPageList(user='', filter=isgroup) + + srch = re.compile("^ \* [^ ]*", re.M) + for pg in grouppages: + pged = PageEditor(request, pg) + pagelines = pged.getlines() + for lin in pagelines: + srchS = srch.match(lin) + if srchS: + st = srchS.group() + st = st[3:] + try: + usr = userlist.index(st) + except ValueError: + if lostsouls.has_key(pg): + temp_lst = lostsouls[pg] + temp_lst.append(st) + lostsouls[pg] = temp_lst + else: + lostsouls[pg] = [st] + + for k, v in lostsouls.iteritems(): + st = '' % (Page(request, k).link_to(request), ", ".join(v)) + sRet = sRet + st + + sRet = sRet + "
%s%s
" + return macro.formatter.rawHTML(sRet) + + +def execute(macro, args): + try: + return wikiutil.invoke_extension_function( + macro.request, macro_LostSoulsInGroups, args, [macro]) + except ValueError, err: + return macro.request.formatter.text( + "<>" % err.args[0]) + From 688ac1d129968c8808e9d51d24974ee894e9b38a Mon Sep 17 00:00:00 2001 From: Vincent Le Gallic Date: Mon, 3 Mar 2014 23:43:50 +0100 Subject: [PATCH 3/9] [macro] Traduction + obvious unicode-fail --- gestion/secrets_new.py | 4 ++-- munin/wifi_auth | 4 ++-- wiki/macro/LostSoulsInGroups.py | 6 +++--- 3 files changed, 7 insertions(+), 7 deletions(-) diff --git a/gestion/secrets_new.py b/gestion/secrets_new.py index 1706db34..56ee7014 100644 --- a/gestion/secrets_new.py +++ b/gestion/secrets_new.py @@ -25,12 +25,12 @@ Recuperation des secrets depuis /etc/crans/secrets. import sys import os -from syslog import syslog, openlog +from syslog import syslog, openlog, closelog import getpass def get(secret): """ Recupere un secret. """ - openlog('secrets_new') + #openlog('secrets_new') prog = os.path.basename(getattr(sys, 'argv', ['undefined'])[0]) syslog('%s (in %s) asked for %s' % (getpass.getuser(), prog, secret)) try: diff --git a/munin/wifi_auth b/munin/wifi_auth index edc1f1ad..24f7c7d1 100755 --- a/munin/wifi_auth +++ b/munin/wifi_auth @@ -53,9 +53,9 @@ TEMP_FILE=$(mktempfile munin-radius-wifi.XXXXXX) if [ -n "$TEMP_FILE" -a -f "$TEMP_FILE" ] then if [ $ARGS != 0 ]; then - $LOGTAIL -f ${FREERADIUS_LOG} -o ${STATEFILE} | grep 'freeradius\[.*\]:' > ${TEMP_FILE} + $LOGTAIL -f ${FREERADIUS_LOG} -o ${STATEFILE} | grep 'freeradius\(\[.*\]\)\?:' > ${TEMP_FILE} else - $LOGTAIL ${FREERADIUS_LOG} ${STATEFILE} | grep 'freeradius\[.*\]:' > ${TEMP_FILE} + $LOGTAIL ${FREERADIUS_LOG} ${STATEFILE} | grep 'freeradius\(\[.*\]\)\?:' > ${TEMP_FILE} fi success=$(grep -c 'Login OK' ${TEMP_FILE}) failures=$(grep -c 'Login incorrect' ${TEMP_FILE}) diff --git a/wiki/macro/LostSoulsInGroups.py b/wiki/macro/LostSoulsInGroups.py index 8258399c..42740497 100644 --- a/wiki/macro/LostSoulsInGroups.py +++ b/wiki/macro/LostSoulsInGroups.py @@ -21,8 +21,8 @@ def macro_LostSoulsInGroups(macro, args): request = macro.request _ = macro.request.getText - sRet = "

Items in custom groups (Users in custom groups who don't have user accounts)

" - sRet = sRet + "" + sRet = u"

Éléments dans des groupes custom qui ne correspondent pas à un compte wiki :

" + sRet = sRet + u"
" userlist = [] lostsouls = {} for uid in user.getUserList(request): @@ -51,7 +51,7 @@ def macro_LostSoulsInGroups(macro, args): lostsouls[pg] = [st] for k, v in lostsouls.iteritems(): - st = '' % (Page(request, k).link_to(request), ", ".join(v)) + st = u'' % (Page(request, k).link_to(request), ", ".join(v)) sRet = sRet + st sRet = sRet + "
%s%s
%s%s
" From 9c6da2330d96ca52c405db60550871888ee3dd75 Mon Sep 17 00:00:00 2001 From: Vincent Le Gallic Date: Mon, 3 Mar 2014 23:48:16 +0100 Subject: [PATCH 4/9] Je sais pas faire un commit This reverts commit 688ac1d129968c8808e9d51d24974ee894e9b38a. --- gestion/secrets_new.py | 4 ++-- munin/wifi_auth | 4 ++-- wiki/macro/LostSoulsInGroups.py | 6 +++--- 3 files changed, 7 insertions(+), 7 deletions(-) diff --git a/gestion/secrets_new.py b/gestion/secrets_new.py index 56ee7014..1706db34 100644 --- a/gestion/secrets_new.py +++ b/gestion/secrets_new.py @@ -25,12 +25,12 @@ Recuperation des secrets depuis /etc/crans/secrets. import sys import os -from syslog import syslog, openlog, closelog +from syslog import syslog, openlog import getpass def get(secret): """ Recupere un secret. """ - #openlog('secrets_new') + openlog('secrets_new') prog = os.path.basename(getattr(sys, 'argv', ['undefined'])[0]) syslog('%s (in %s) asked for %s' % (getpass.getuser(), prog, secret)) try: diff --git a/munin/wifi_auth b/munin/wifi_auth index 24f7c7d1..edc1f1ad 100755 --- a/munin/wifi_auth +++ b/munin/wifi_auth @@ -53,9 +53,9 @@ TEMP_FILE=$(mktempfile munin-radius-wifi.XXXXXX) if [ -n "$TEMP_FILE" -a -f "$TEMP_FILE" ] then if [ $ARGS != 0 ]; then - $LOGTAIL -f ${FREERADIUS_LOG} -o ${STATEFILE} | grep 'freeradius\(\[.*\]\)\?:' > ${TEMP_FILE} + $LOGTAIL -f ${FREERADIUS_LOG} -o ${STATEFILE} | grep 'freeradius\[.*\]:' > ${TEMP_FILE} else - $LOGTAIL ${FREERADIUS_LOG} ${STATEFILE} | grep 'freeradius\(\[.*\]\)\?:' > ${TEMP_FILE} + $LOGTAIL ${FREERADIUS_LOG} ${STATEFILE} | grep 'freeradius\[.*\]:' > ${TEMP_FILE} fi success=$(grep -c 'Login OK' ${TEMP_FILE}) failures=$(grep -c 'Login incorrect' ${TEMP_FILE}) diff --git a/wiki/macro/LostSoulsInGroups.py b/wiki/macro/LostSoulsInGroups.py index 42740497..8258399c 100644 --- a/wiki/macro/LostSoulsInGroups.py +++ b/wiki/macro/LostSoulsInGroups.py @@ -21,8 +21,8 @@ def macro_LostSoulsInGroups(macro, args): request = macro.request _ = macro.request.getText - sRet = u"

Éléments dans des groupes custom qui ne correspondent pas à un compte wiki :

" - sRet = sRet + u"" + sRet = "

Items in custom groups (Users in custom groups who don't have user accounts)

" + sRet = sRet + "
" userlist = [] lostsouls = {} for uid in user.getUserList(request): @@ -51,7 +51,7 @@ def macro_LostSoulsInGroups(macro, args): lostsouls[pg] = [st] for k, v in lostsouls.iteritems(): - st = u'' % (Page(request, k).link_to(request), ", ".join(v)) + st = '' % (Page(request, k).link_to(request), ", ".join(v)) sRet = sRet + st sRet = sRet + "
%s%s
%s%s
" From afed588141bd8a950ef6c680ff53c4940e174604 Mon Sep 17 00:00:00 2001 From: Vincent Le Gallic Date: Mon, 3 Mar 2014 23:50:40 +0100 Subject: [PATCH 5/9] re-[macro] Traduction + obvious unicode-fail c'est ce que je voulais faire en 688ac1d129968c8808e9d51d24974ee894e9b38a --- wiki/macro/LostSoulsInGroups.py | 6 +++--- 1 file changed, 3 insertions(+), 3 deletions(-) diff --git a/wiki/macro/LostSoulsInGroups.py b/wiki/macro/LostSoulsInGroups.py index 8258399c..42740497 100644 --- a/wiki/macro/LostSoulsInGroups.py +++ b/wiki/macro/LostSoulsInGroups.py @@ -21,8 +21,8 @@ def macro_LostSoulsInGroups(macro, args): request = macro.request _ = macro.request.getText - sRet = "

Items in custom groups (Users in custom groups who don't have user accounts)

" - sRet = sRet + "" + sRet = u"

Éléments dans des groupes custom qui ne correspondent pas à un compte wiki :

" + sRet = sRet + u"
" userlist = [] lostsouls = {} for uid in user.getUserList(request): @@ -51,7 +51,7 @@ def macro_LostSoulsInGroups(macro, args): lostsouls[pg] = [st] for k, v in lostsouls.iteritems(): - st = '' % (Page(request, k).link_to(request), ", ".join(v)) + st = u'' % (Page(request, k).link_to(request), ", ".join(v)) sRet = sRet + st sRet = sRet + "
%s%s
%s%s
" From bd7bd8eb093268e45c12549ae18630b8178f7085 Mon Sep 17 00:00:00 2001 From: Daniel STAN Date: Tue, 4 Mar 2014 18:55:04 +0100 Subject: [PATCH 6/9] secrets_new: utilisation d'un vrai logger MIME-Version: 1.0 Content-Type: text/plain; charset=UTF-8 Content-Transfer-Encoding: 8bit Pour éviter de concurrence le syslog perso de l'application qui importe secrets_new (c'est ce qui arrive avec freeradius) --- gestion/secrets_new.py | 22 +++++++++++++++++----- 1 file changed, 17 insertions(+), 5 deletions(-) diff --git a/gestion/secrets_new.py b/gestion/secrets_new.py index 1706db34..977d68fe 100644 --- a/gestion/secrets_new.py +++ b/gestion/secrets_new.py @@ -25,14 +25,26 @@ Recuperation des secrets depuis /etc/crans/secrets. import sys import os -from syslog import syslog, openlog +import logging +import logging.handlers import getpass +# Initialisation d'un logger pour faire des stats etc +# pour l'instant, on centralise tout sur thot en mode debug +logger = logging.getLogger('secrets_new') +logger.setLevel(logging.DEBUG) +formatter = logging.Formatter('%(name)s: [%(levelname)s] %(message)s') +handler = logging.handlers.SysLogHandler(address = '/dev/log') +try: + handler.addFormatter(formatter) +except AttributeError: + handler.formatter = formatter +logger.addHandler(handler) + def get(secret): - """ Recupere un secret. """ - openlog('secrets_new') + """ Récupère un secret. """ prog = os.path.basename(getattr(sys, 'argv', ['undefined'])[0]) - syslog('%s (in %s) asked for %s' % (getpass.getuser(), prog, secret)) + logger.debug('%s (in %s) asked for %s' % (getpass.getuser(), prog, secret)) try: f = open("/etc/crans/secrets/" + secret) result = f.read().strip() @@ -45,5 +57,5 @@ def get(secret): sys.path.pop() return getattr(module, secret) except: - syslog('...and that failed.') + logger.critical('...and that failed.') raise Exception("Impossible d'acceder au secret %s!" % secret) From e142825b193a3378052bc666af2b664bdce7a4c9 Mon Sep 17 00:00:00 2001 From: Daniel STAN Date: Tue, 4 Mar 2014 23:45:37 +0100 Subject: [PATCH 7/9] munin/wifi_auth: graphing des auths TTLS/PEAP --- munin/wifi_auth | 17 +++++++++++++++-- 1 file changed, 15 insertions(+), 2 deletions(-) diff --git a/munin/wifi_auth b/munin/wifi_auth index edc1f1ad..68d350f1 100755 --- a/munin/wifi_auth +++ b/munin/wifi_auth @@ -42,6 +42,12 @@ if [ "$1" = "config" ]; then echo 'success.label Succès' echo 'success.draw AREASTACK' echo 'success.colour 00FF00' + echo 'peap.label Authentifications PEAP' + echo 'ttls.label Authentifications TTLS' + echo 'peap.draw LINE1' + echo 'peap.colour 000000' + echo 'ttls.draw LINE2' + echo 'ttls.colour F6FF00' exit 0 fi @@ -53,16 +59,23 @@ TEMP_FILE=$(mktempfile munin-radius-wifi.XXXXXX) if [ -n "$TEMP_FILE" -a -f "$TEMP_FILE" ] then if [ $ARGS != 0 ]; then - $LOGTAIL -f ${FREERADIUS_LOG} -o ${STATEFILE} | grep 'freeradius\[.*\]:' > ${TEMP_FILE} + $LOGTAIL -f ${FREERADIUS_LOG} -o ${STATEFILE} > ${TEMP_FILE} else - $LOGTAIL ${FREERADIUS_LOG} ${STATEFILE} | grep 'freeradius\[.*\]:' > ${TEMP_FILE} + $LOGTAIL ${FREERADIUS_LOG} ${STATEFILE} > ${TEMP_FILE} fi success=$(grep -c 'Login OK' ${TEMP_FILE}) failures=$(grep -c 'Login incorrect' ${TEMP_FILE}) + peap=$(grep -c 'authenticated - EAP type: 25' ${TEMP_FILE}) + ttls=$(grep -c 'authenticated - EAP type: 21' ${TEMP_FILE}) /bin/rm -f $TEMP_FILE fi echo "success.value ${success}" echo "failures.value ${failures}" +# NB: chaque authentification réussie en TTLS ou PEAP produit deux "succès" +# (inner et outer-tunnels) +echo "peap.value ${peap}" +echo "ttls.value ${ttls}" + From 965da3babfeec92ee4b6a48385cf3c26679f8c38 Mon Sep 17 00:00:00 2001 From: Daniel STAN Date: Tue, 4 Mar 2014 23:47:38 +0100 Subject: [PATCH 8/9] chambres_vides: typo dans le filter --- gestion/chambres_vides.py | 2 +- 1 file changed, 1 insertion(+), 1 deletion(-) diff --git a/gestion/chambres_vides.py b/gestion/chambres_vides.py index 1d568e3a..e3027dc2 100755 --- a/gestion/chambres_vides.py +++ b/gestion/chambres_vides.py @@ -39,7 +39,7 @@ delai = config.demenagement_delai # On récupère ceux qui n'ont pas payé cette année if config.periode_transitoire: - bad_boys_e_s = conn.search(u'(&(aid)*)(chbre=????)(paiement=%d)(!(paiement=%d)))' % (year-1,year)) + bad_boys_e_s = conn.search(u'(&(aid=*)(chbre=????)(paiement=%d)(!(paiement=%d)))' % (year-1,year)) else: bad_boys_e_s = conn.search(u'(&(aid=*)(chbre=????)(paiement=%d))' % year) now = time.time() From 7ba600343d72144da83a3f6e01fb857820e5ae77 Mon Sep 17 00:00:00 2001 From: Daniel STAN Date: Wed, 5 Mar 2014 00:06:15 +0100 Subject: [PATCH 9/9] firewall6: ignore mac auto dans blacklist MIME-Version: 1.0 Content-Type: text/plain; charset=UTF-8 Content-Transfer-Encoding: 8bit On avait oublié ce passage (sic). --- gestion/ipt.py | 7 +++++-- 1 file changed, 5 insertions(+), 2 deletions(-) diff --git a/gestion/ipt.py b/gestion/ipt.py index 37c0a1c9..e9a79d47 100644 --- a/gestion/ipt.py +++ b/gestion/ipt.py @@ -187,11 +187,14 @@ ACCEPT' % (dev, proto, ip, port)) mac=machine.mac() break - self.filter.blacklist_src('-m mac --mac-source %s -j REJECT --reject-with icmp6-port-unreachable' % mac) if ip: self.filter.blacklist_dst('-d %s -j REJECT --reject-with icmp6-adm-prohibited' % ip) + elif mac == '': + # else: si mac auto, c'est normal de pas avoir pu calculer l'ip + return else: - print "Ipv6 de la machine %s impossible à calculer" % machine.nom() + print (u"Ipv6 de la machine %s impossible à calculer" % machine.nom()).encode('utf-8') + self.filter.blacklist_src('-m mac --mac-source %s -j REJECT --reject-with icmp6-port-unreachable' % mac) def version(self):