This commit is contained in:
Adrian Amaglio 2021-02-15 12:38:46 +01:00
parent 4130d113ba
commit 15a80a883c
5 changed files with 75 additions and 165 deletions

View File

@ -3,5 +3,6 @@ services:
app:
build: .
volumes:
- ./users.txt:/usr/share/app/users.txt
- ./data:/usr/share/app/data
- ./production_eleves:/usr/share/app/python_app/modules
network_mode: "host"

View File

@ -2,33 +2,59 @@
HOME_BASE="/usr/share/app/python_app/modules"
# Check we got users
if [ ! -f 'users.txt' ] ; then
echo "Missing file users.txt"
exit 1
fi
USERS_LIST="/usr/share/app/data/users.txt"
PASSWD_LIST="/usr/share/app/data/passwords.txt"
CUSTOM_SCRIPT="/usr/share/app/data/init.sh"
# Must be ascii for cut
separator="="
forbidden_chars=". /"
# Check we got users
if [ ! -f "$USERS_LIST" ] && [ ! -f "$PASSWD_LIST" ] ; then
echo "Les fichiers des utilisateurs ou des passwords nont pas étés trouvées."
exit 1
fi
for c in $forbidden_chars ; do
for file in "$USERS_LIST" "$PASSWD_LIST" ; do
if [ -n "$(cat "$USERS_LIST" | grep -F $c)" ] ; then
echo "Le fichier « $file » ne doit pas contenir le caractère « $c » !"
exit 1
fi
done
done
# Generate passwords if not done yet
genPassowrd () {
tr -dc A-Za-z0-9 </dev/urandom | head -c $1
}
if [ ! -f 'passwords.txt' ] ; then
for user in $(cat users.txt) ; do
echo "$user$separator$(genPassowrd 10)" >> passwords.txt
if [ ! -f $PASSWD_LIST ] ; then
for user in $(cat "$USERS_LIST") ; do
echo "$user$separator$(genPassowrd 10)" >> $PASSWD_LIST
done
fi
# Create users
for line in $(cat passwords.txt) ; do
for line in $(cat $PASSWD_LIST) ; do
name="$(echo "$line" | cut -d "$separator" -f 1)"
pass="$(echo "$line" | cut -d "$separator" -f 2)"
echo "$pass\n$pass" | useradd --home-dir "$HOME_BASE/$name" --create-home --no-user-group -G eleve "$name"
home="$HOME_BASE/$name"
mkdir -p "$home"
#useradd --home-dir "$home" --no-user-group -G eleve --shell /bin/bash --root "$home" "$name"
useradd --home-dir "$home" --no-user-group -G eleve --shell /bin/bash "$name"
echo "$pass\n$pass" | passwd "$name" &> /dev/null
chown "$name":eleve "$home"
done
# Custom script
if [ -f "$CUSTOM_SCRIPT" ] ; then
if [ ! -x "$CUSTOM_SCRIPT" ] ; then
chmod +x "$CUSTOM_SCRIPT"
fi
"$CUSTOM_SCRIPT"
fi
# Nginx
nginx -c '/etc/nginx/nginx.conf'

View File

@ -4,6 +4,9 @@ import importlib
# Get function args
import inspect
# check file properties
import os
# The directory where student work will be
# not a real path, do not use ./ or stuff like this
BASE_MODULE_PATH = 'python_app/modules'
@ -13,60 +16,58 @@ if BASE_MODULE_PATH != '':
def application(env, start_response):
""" Cette fonction est appellée à chaque requête HTTP et doit exécuter le bon code python. """
# Find which python module and function will be called
# And remove empty elements
elements = tuple(e for e in env['PATH_INFO'].split('/') if e != '')
print(env)
#m = importlib.import_module('python_app.modules.main')
#f = getattr(m,'index')
#if env['REQUEST_URI'] == '/':
# return htmlresp(200, f(), start_response)
# Defaults
path = ''
module = 'main'
function = 'index'
# Get from url path
if len(elements) == 1:
module = elements[0]
elif len(elements) == 2:
module = elements[0]
function = elements[1]
elif len(elements) > 2:
path = '/'.join(elements[0:-2])
module = elements[-2]
function = elements[-1]
path = env['PATH_INFO'][1:] # removing first slash
# slash stuff
if path != '':
path += '/'
if path.endswith('/'):
path = path[:-1]
path_elements = tuple(d for d in path.split('/') if d != '')
path_minus_one = '/'.join(path_elements[:-1])
# Find which python module and function will be called
if os.path.isfile(BASE_MODULE_PATH + path_minus_one):
path = path_minus_one
function = path_elements[-1]
elif os.path.isfile(BASE_MODULE_PATH + path):
function = 'index'
elif os.path.isdir(BASE_MODULE_PATH + path):
path += '/main'
function = 'index'
else:
return htmlresp(404, 'Le dossier <em>{}</em> na pas été trouvé.'.format(path), start_response)
# Module full path
module_path = BASE_MODULE_PATH + path + module
module_path = BASE_MODULE_PATH + path
module_path = module_path.replace('/', '.')
# Import the function
try:
m = importlib.import_module(module_path)
except ModuleNotFoundError:
print('Le fichier {} na pas été trouvé. {}'.format(module_path, str(elements)))
return htmlresp(404, 'Le fichier <em>{}</em> na pas été trouvé.'.format(path + module), start_response)
#print('Le fichier {} na pas été trouvé. {}'.format(module_path, str(path_elements)))
return htmlresp(404, 'Le fichier <em>{}</em> na pas été trouvé.'.format(path), start_response)
# Find which parameters the function needs
try:
f = getattr(m,function)
# Call the function with the rigth attributes
except AttributeError:
return htmlresp(404, 'La fonction <em>{}</em> na pas été trouvée.'.format(function), start_response)
return htmlresp(404, 'La fonction <em>{}</em> na pas été trouvée dans {}'.format(function, module_path), start_response)
# Pass url parameters to the function
try:
params = {p:'' for p in list(inspect.getargspec(f).args)}
#print(inspect.getargspec(f))
#params = {p:(d if d is not None else '') for p,d in zip(inspect.getargspec(f).args, inspect.getargspec(f).defaults)}
expected_params = inspect.getargspec(f).args
params = {}
# TODO POST params?
for item in env['QUERY_STRING'].split('&'):
if item == '':
continue
k,v = tuple(item.split('='))
if k in params:
if k in expected_params:
params[k] = v
except Exception:
return htmlresp(400, 'La fonction <em>{}</em> demande les arguments suivants : {}. On a uniquement {}.'.format(function, params, ), start_response)
@ -77,8 +78,8 @@ def application(env, start_response):
return htmlresp(response[0], str(response[1]), start_response, False)
else:
return htmlresp(200, str(response), start_response, False)
except Exception:
return htmlresp(400, 'Erreur à lexécution de la fonction <em>{}</em>.'.format(function), start_response)
except Exception as e:
return htmlresp(400, 'Erreur à lexécution de la fonction <em>{}</em>.<pre style="color:#d90303;">{}</pre>'.format(function, e), start_response)
def htmlresp(code, message, start_response, squelette=True):

View File

@ -1,116 +0,0 @@
# $OpenBSD: sshd_config,v 1.103 2018/04/09 20:41:22 tj Exp $
# This is the sshd server system-wide configuration file. See
# sshd_config(5) for more information.
# This sshd was compiled with PATH=/usr/local/sbin:/usr/local/bin:/usr/bin
# The strategy used for options in the default sshd_config shipped with
# OpenSSH is to specify options with their default value where
# possible, but leave them commented. Uncommented options override the
# default value.
#Port 22
#AddressFamily any
#ListenAddress 0.0.0.0
#ListenAddress ::
#HostKey /etc/ssh/ssh_host_rsa_key
#HostKey /etc/ssh/ssh_host_ecdsa_key
#HostKey /etc/ssh/ssh_host_ed25519_key
# Ciphers and keying
#RekeyLimit default none
# Logging
#SyslogFacility AUTH
#LogLevel INFO
# Authentication:
#LoginGraceTime 2m
#PermitRootLogin prohibit-password
#StrictModes yes
#MaxAuthTries 6
#MaxSessions 10
#PubkeyAuthentication yes
# The default is to check both .ssh/authorized_keys and .ssh/authorized_keys2
# but this is overridden so installations will only check .ssh/authorized_keys
AuthorizedKeysFile .ssh/authorized_keys
#AuthorizedPrincipalsFile none
#AuthorizedKeysCommand none
#AuthorizedKeysCommandUser nobody
# For this to work you will also need host keys in /etc/ssh/ssh_known_hosts
#HostbasedAuthentication no
# Change to yes if you don't trust ~/.ssh/known_hosts for
# HostbasedAuthentication
#IgnoreUserKnownHosts no
# Don't read the user's ~/.rhosts and ~/.shosts files
#IgnoreRhosts yes
# To disable tunneled clear text passwords, change to no here!
#PasswordAuthentication yes
#PermitEmptyPasswords no
# Change to no to disable s/key passwords
ChallengeResponseAuthentication no
# Kerberos options
#KerberosAuthentication no
#KerberosOrLocalPasswd yes
#KerberosTicketCleanup yes
#KerberosGetAFSToken no
# GSSAPI options
#GSSAPIAuthentication no
#GSSAPICleanupCredentials yes
# Set this to 'yes' to enable PAM authentication, account processing,
# and session processing. If this is enabled, PAM authentication will
# be allowed through the ChallengeResponseAuthentication and
# PasswordAuthentication. Depending on your PAM configuration,
# PAM authentication via ChallengeResponseAuthentication may bypass
# the setting of "PermitRootLogin without-password".
# If you just want the PAM account and session checks to run without
# PAM authentication, then enable this but set PasswordAuthentication
# and ChallengeResponseAuthentication to 'no'.
UsePAM yes
#AllowAgentForwarding yes
#AllowTcpForwarding yes
#GatewayPorts no
#X11Forwarding no
#X11DisplayOffset 10
#X11UseLocalhost yes
#PermitTTY yes
PrintMotd no # pam does that
#PrintLastLog yes
#TCPKeepAlive yes
#PermitUserEnvironment no
#Compression delayed
#ClientAliveInterval 0
#ClientAliveCountMax 3
#UseDNS no
#PidFile /run/sshd.pid
#MaxStartups 10:30:100
#PermitTunnel no
#ChrootDirectory none
#VersionAddendum none
# no default banner path
#Banner none
# override default of no subsystems
Subsystem sftp /usr/lib/ssh/sftp-server
# Example of overriding settings on a per-user basis
#Match User anoncvs
# X11Forwarding no
# AllowTcpForwarding no
# PermitTTY no
# ForceCommand cvs server

View File

@ -1,2 +0,0 @@
218.amine
218.chems