// Get a list of all members which are currently in the trash. func (m *MembershipDB) EnumerateTrashedMembers(prev string, num int32) ([]*MemberWithKey, error) { var cp *cassandra.ColumnParent = cassandra.NewColumnParent() var pred *cassandra.SlicePredicate = cassandra.NewSlicePredicate() var r *cassandra.KeyRange = cassandra.NewKeyRange() var kss []*cassandra.KeySlice var ks *cassandra.KeySlice var rv []*MemberWithKey var err error // Fetch the protobuf column of the application column family. cp.ColumnFamily = "membership_archive" pred.ColumnNames = [][]byte{ []byte("pb_data"), } if len(prev) > 0 { var uuid cassandra.UUID if uuid, err = cassandra.ParseUUID(prev); err != nil { return rv, err } r.StartKey = append([]byte(archivePrefix), []byte(uuid)...) } else { r.StartKey = []byte(archivePrefix) } r.EndKey = []byte(archiveEnd) r.Count = num kss, err = m.conn.GetRangeSlices(cp, pred, r, cassandra.ConsistencyLevel_ONE) if err != nil { return rv, err } for _, ks = range kss { var member *MemberWithKey var scol *cassandra.ColumnOrSuperColumn var uuid cassandra.UUID = cassandra.UUIDFromBytes( ks.Key[len(archivePrefix):]) if len(ks.Columns) == 0 { continue } for _, scol = range ks.Columns { var col *cassandra.Column = scol.Column if string(col.Name) == "pb_data" { var agreement = new(MembershipAgreement) member = new(MemberWithKey) err = proto.Unmarshal(col.Value, agreement) proto.Merge(&member.Member, agreement.GetMemberData()) member.Key = uuid.String() } } if member != nil { rv = append(rv, member) } } return rv, nil }
func main() { var cf string = "members" var config_file string var config_contents []byte var config membersys.MemberCreatorConfig var greatestUid uint64 = 1000 var now time.Time var noop, verbose bool var welcome *membersys.WelcomeMail var ld *ldap.Conn var sreq *ldap.SearchRequest var lres *ldap.SearchResult var entry *ldap.Entry var tlsconfig tls.Config var mmap map[string]map[string][]*cassandra.Mutation var db *cassandra.RetryCassandraClient var cp *cassandra.ColumnParent var pred *cassandra.SlicePredicate var kr *cassandra.KeyRange var kss []*cassandra.KeySlice var ks *cassandra.KeySlice var err error flag.StringVar(&config_file, "config", "", "Path to the member creator configuration file") flag.BoolVar(&noop, "dry-run", false, "Do a dry run") flag.BoolVar(&verbose, "verbose", false, "Whether or not to display verbose messages") flag.Parse() if len(config_file) == 0 { flag.Usage() return } config_contents, err = ioutil.ReadFile(config_file) if err != nil { log.Fatal("Unable to read ", config_file, ": ", err) } err = proto.Unmarshal(config_contents, &config) if err != nil { err = proto.UnmarshalText(string(config_contents), &config) } if err != nil { log.Fatal("Unable to parse ", config_file, ": ", err) } if config.WelcomeMailConfig != nil { welcome, err = membersys.NewWelcomeMail( config.WelcomeMailConfig) if err != nil { log.Fatal("Error creating WelcomeMail: ", err) } } tlsconfig.MinVersion = tls.VersionTLS12 tlsconfig.ServerName, _, err = net.SplitHostPort( config.LdapConfig.GetServer()) if err != nil { log.Fatal("Can't split ", config.LdapConfig.GetServer(), " into host and port: ", err) } if config.LdapConfig.CaCertificate != nil { var certData []byte certData, err = ioutil.ReadFile(config.LdapConfig.GetCaCertificate()) if err != nil { log.Fatal("Unable to read certificate from ", config.LdapConfig.GetCaCertificate(), ": ", err) } tlsconfig.RootCAs = x509.NewCertPool() tlsconfig.RootCAs.AppendCertsFromPEM(certData) } now = time.Now() if !noop { ld, err = ldap.DialTLS("tcp", config.LdapConfig.GetServer(), &tlsconfig) if err != nil { log.Fatal("Error connecting to LDAP server ", config.LdapConfig.GetServer(), ": ", err) } err = ld.Bind(config.LdapConfig.GetSuperUser()+","+ config.LdapConfig.GetBase(), config.LdapConfig.GetSuperPassword()) if err != nil { log.Fatal("Unable to bind as ", config.LdapConfig.GetSuperUser()+ ","+config.LdapConfig.GetBase(), " to ", config.LdapConfig.GetServer(), ": ", err) } defer ld.Close() sreq = ldap.NewSearchRequest( config.LdapConfig.GetBase(), ldap.ScopeWholeSubtree, ldap.NeverDerefAliases, 1000, 90, false, "(objectClass=posixAccount)", []string{"uidNumber"}, []ldap.Control{}) // Find the highest assigned UID. lres, err = ld.Search(sreq) if err != nil { log.Fatal("Unable to search for posix accounts in ", config.LdapConfig.GetBase(), ": ", err) } for _, entry = range lres.Entries { var uid string for _, uid = range entry.GetAttributeValues("uidNumber") { var uidNumber uint64 uidNumber, err = strconv.ParseUint(uid, 10, 64) if err != nil { log.Print("Error parsing \"", uid, "\" as a number: ", err) } else if uidNumber > greatestUid { greatestUid = uidNumber } } } } // Connect to Cassandra so we can get a list of records to be processed. db, err = cassandra.NewRetryCassandraClient( config.DatabaseConfig.GetDatabaseServer()) if err != nil { log.Fatal("Error connecting to Cassandra database at ", config.DatabaseConfig.GetDatabaseServer(), ": ", err) } err = db.SetKeyspace(config.DatabaseConfig.GetDatabaseName()) if err != nil { log.Fatal("Error setting keyspace: ", err) } cp = cassandra.NewColumnParent() cp.ColumnFamily = "membership_queue" pred = cassandra.NewSlicePredicate() pred.ColumnNames = [][]byte{[]byte("pb_data")} kr = cassandra.NewKeyRange() kr.StartKey = []byte("queue:") kr.EndKey = []byte("queue;") kss, err = db.GetRangeSlices(cp, pred, kr, cassandra.ConsistencyLevel_QUORUM) if err != nil { log.Fatal("Error getting range slice: ", err) } for _, ks = range kss { mmap = make(map[string]map[string][]*cassandra.Mutation) var csc *cassandra.ColumnOrSuperColumn for _, csc = range ks.Columns { var col *cassandra.Column = csc.Column var agreement membersys.MembershipAgreement var m *cassandra.Mutation if col == nil { continue } if string(col.Name) != "pb_data" { log.Print("Column selected was not as requested: ", col.Name) continue } err = proto.Unmarshal(col.Value, &agreement) if err != nil { log.Print("Unable to parse column ", col.Name, " of ", ks.Key, ": ", err) continue } if agreement.MemberData.Username != nil { var attrs *ldap.AddRequest greatestUid++ attrs = ldap.NewAddRequest("uid=" + asciiFilter(agreement.MemberData.GetUsername()) + "," + config.LdapConfig.GetNewUserSuffix() + "," + config.LdapConfig.GetBase()) attrs.Attribute("uidNumber", []string{ strconv.FormatUint(greatestUid, 10)}) attrs.Attribute("gecos", []string{ asciiFilter(agreement.MemberData.GetName())}) attrs.Attribute("shadowLastChange", []string{"11457"}) attrs.Attribute("shadowMax", []string{"9999"}) attrs.Attribute("shadowWarning", []string{"7"}) attrs.Attribute("gidNumber", []string{strconv.FormatUint( uint64(config.LdapConfig.GetNewUserGid()), 10)}) attrs.Attribute("objectClass", []string{ "account", "posixAccount", "shadowAccount", "top", }) attrs.Attribute("uid", []string{ asciiFilter(agreement.MemberData.GetUsername())}) attrs.Attribute("cn", []string{ asciiFilter(agreement.MemberData.GetUsername())}) attrs.Attribute("homeDirectory", []string{"/home/" + asciiFilter(agreement.MemberData.GetUsername())}) attrs.Attribute("loginShell", []string{ config.LdapConfig.GetNewUserShell()}) attrs.Attribute("userPassword", []string{ agreement.MemberData.GetPwhash(), }) agreement.MemberData.Id = proto.Uint64(greatestUid) if verbose { log.Print("Creating user: uid=" + agreement.MemberData.GetUsername() + "," + config.LdapConfig.GetNewUserSuffix() + "," + config.LdapConfig.GetBase()) } if !noop { var group string err = ld.Add(attrs) if err != nil { log.Print("Unable to create LDAP Account ", agreement.MemberData.GetUsername(), ": ", err) continue } for _, group = range config.LdapConfig.GetNewUserGroup() { var grpadd = ldap.NewModifyRequest("cn=" + group + ",ou=Groups," + config.LdapConfig.GetBase()) grpadd.Add("memberUid", []string{ agreement.MemberData.GetUsername()}) err = ld.Modify(grpadd) if err != nil { log.Print("Unable to add user ", agreement.MemberData.GetUsername(), " to group ", group, ": ", err) } } } } col.Value, err = proto.Marshal(&agreement) if err != nil { log.Print("Error marshalling agreement: ", err) continue } mmap["member:"+string(agreement.MemberData.GetEmail())] = make(map[string][]*cassandra.Mutation) mmap["member:"+string(agreement.MemberData.GetEmail())][cf] = make([]*cassandra.Mutation, 0) makeMutation(mmap["member:"+string(agreement.MemberData.GetEmail())], cf, "pb_data", col.Value, now) makeMutationString(mmap["member:"+string(agreement.MemberData.GetEmail())], cf, "name", agreement.MemberData.GetName(), now) makeMutationString(mmap["member:"+string(agreement.MemberData.GetEmail())], cf, "street", agreement.MemberData.GetStreet(), now) makeMutationString(mmap["member:"+string(agreement.MemberData.GetEmail())], cf, "city", agreement.MemberData.GetCity(), now) makeMutationString(mmap["member:"+string(agreement.MemberData.GetEmail())], cf, "country", agreement.MemberData.GetCountry(), now) makeMutationString(mmap["member:"+string(agreement.MemberData.GetEmail())], cf, "email", agreement.MemberData.GetEmail(), now) if agreement.MemberData.Phone != nil { makeMutationString(mmap["member:"+string(agreement.MemberData.GetEmail())], cf, "phone", agreement.MemberData.GetPhone(), now) } if agreement.MemberData.Username != nil { makeMutationString(mmap["member:"+string(agreement.MemberData.GetEmail())], cf, "username", agreement.MemberData.GetUsername(), now) } makeMutationLong(mmap["member:"+string(agreement.MemberData.GetEmail())], cf, "fee", agreement.MemberData.GetFee(), now) makeMutationBool(mmap["member:"+string(agreement.MemberData.GetEmail())], cf, "fee_yearly", agreement.MemberData.GetFeeYearly(), now) makeMutationLong(mmap["member:"+string(agreement.MemberData.GetEmail())], cf, "approval_ts", agreement.Metadata.GetApprovalTimestamp(), now) makeMutation(mmap["member:"+string(agreement.MemberData.GetEmail())], cf, "agreement_pdf", agreement.AgreementPdf, now) // Now, delete the original record. m = cassandra.NewMutation() m.Deletion = cassandra.NewDeletion() m.Deletion.Predicate = cassandra.NewSlicePredicate() m.Deletion.Predicate.ColumnNames = [][]byte{[]byte("pb_data")} m.Deletion.Timestamp = col.Timestamp mmap[string(ks.Key)] = make(map[string][]*cassandra.Mutation) mmap[string(ks.Key)]["membership_queue"] = []*cassandra.Mutation{m} // Write welcome e-mail to new member. if welcome != nil { err = welcome.SendMail(agreement.MemberData) if err != nil { log.Print("Error sending welcome e-mail to ", agreement.MemberData.GetEmail(), ": ", err) } } } // Apply all database mutations. err = db.BatchMutate(mmap, cassandra.ConsistencyLevel_QUORUM) if err != nil { log.Fatal("Error getting range slice: ", err) } } // Delete parting members. cp.ColumnFamily = "membership_dequeue" kr.StartKey = []byte("dequeue:") kr.EndKey = []byte("dequeue;") kss, err = db.GetRangeSlices(cp, pred, kr, cassandra.ConsistencyLevel_QUORUM) if err != nil { log.Fatal("Error getting range slice: ", err) } for _, ks = range kss { var csc *cassandra.ColumnOrSuperColumn mmap = make(map[string]map[string][]*cassandra.Mutation) for _, csc = range ks.Columns { var uuid cassandra.UUID var ldapuser string var col *cassandra.Column = csc.Column var agreement membersys.MembershipAgreement var attrs *ldap.ModifyRequest var m *cassandra.Mutation if col == nil { continue } if string(col.Name) != "pb_data" { log.Print("Column selected was not as requested: ", col.Name) continue } err = proto.Unmarshal(col.Value, &agreement) if err != nil { log.Print("Unable to parse column ", ks.Key, ": ", err) continue } if agreement.MemberData.Username == nil { continue } ldapuser = "******" + asciiFilter(agreement.MemberData.GetUsername()) + "," + config.LdapConfig.GetNewUserSuffix() + "," + config.LdapConfig.GetBase() if noop { log.Print("Would remove user ", ldapuser) } else { var groups []string var groups_differ bool var entry *ldap.Entry var group string sreq = ldap.NewSearchRequest( config.LdapConfig.GetBase(), ldap.ScopeWholeSubtree, ldap.NeverDerefAliases, 1000, 90, false, "(&(objectClass=posixGroup)(memberUid="+ asciiFilter(agreement.MemberData.GetUsername())+"))", []string{"cn"}, []ldap.Control{}) lres, err = ld.Search(sreq) if err != nil { log.Print("Error searching groups for user ", agreement.MemberData.GetUsername(), ": ", err) continue } for _, entry = range lres.Entries { var cn string var found bool cn = entry.GetAttributeValue("cn") if cn == "" { log.Print("No group name set for ", agreement.MemberData.GetUsername()) continue } groups = append(groups, cn) for _, group = range config.LdapConfig.GetNewUserGroup() { if cn == group { found = true } } for _, group = range config.LdapConfig.GetIgnoreUserGroup() { if cn == group { found = true } } if !found { groups_differ = true } } if groups_differ { log.Print("User is in other groups than expected: ", strings.Join(groups, ", ")) for _, group = range config.LdapConfig.GetNewUserGroup() { attrs = ldap.NewModifyRequest("cn=" + group + ",ou=Groups," + config.LdapConfig.GetBase()) attrs.Delete("memberUid", []string{ asciiFilter(agreement.MemberData.GetUsername())}) err = ld.Modify(attrs) if err != nil { log.Print("Error deleting ", agreement.MemberData.GetUsername(), " from ", group, ": ", err) } } } else { var dr = ldap.NewDelRequest(ldapuser, []ldap.Control{}) // The user appears to be only in the groups given in // the config. err = ld.Del(dr) if err != nil { log.Print("Unable to delete user ", ldapuser, ": ", err) } } } m = cassandra.NewMutation() m.Deletion = cassandra.NewDeletion() m.Deletion.Predicate = pred m.Deletion.Timestamp = col.Timestamp mmap[string(ks.Key)] = make(map[string][]*cassandra.Mutation) mmap[string(ks.Key)]["membership_dequeue"] = []*cassandra.Mutation{m} // 2 years retention. col.TTL = proto.Int32(720 * 24 * 3600) col.Timestamp = proto.Int64(now.UnixNano()) uuid = cassandra.UUIDFromBytes(ks.Key[len("dequeue:"):]) m = cassandra.NewMutation() m.ColumnOrSupercolumn = cassandra.NewColumnOrSuperColumn() m.ColumnOrSupercolumn.Column = col mmap["archive:"+string([]byte(uuid))] = make(map[string][]*cassandra.Mutation) mmap["archive:"+string([]byte(uuid))]["membership_archive"] = []*cassandra.Mutation{m} } // Apply all database mutations. err = db.BatchMutate(mmap, cassandra.ConsistencyLevel_QUORUM) if err != nil { log.Fatal("Error getting range slice: ", err) } } if verbose { log.Print("Greatest UID: ", greatestUid) } }
// Get a list of all membership applications currently in the database. // Returns a set of "num" entries beginning after "prev". If "criterion" is // given, it will be compared against the name of the member. func (m *MembershipDB) EnumerateMembershipRequests(criterion, prev string, num int32) ( []*MemberWithKey, error) { var cp *cassandra.ColumnParent = cassandra.NewColumnParent() var pred *cassandra.SlicePredicate = cassandra.NewSlicePredicate() var r *cassandra.KeyRange = cassandra.NewKeyRange() var kss []*cassandra.KeySlice var ks *cassandra.KeySlice var rv []*MemberWithKey var err error // Fetch the name, street, city and fee columns of the application column family. cp.ColumnFamily = "application" pred.ColumnNames = [][]byte{ []byte("name"), []byte("street"), []byte("city"), []byte("fee"), []byte("fee_yearly"), } if len(prev) > 0 { var uuid cassandra.UUID if uuid, err = cassandra.ParseUUID(prev); err != nil { return rv, err } r.StartKey = append([]byte(applicationPrefix), []byte(uuid)...) } else { r.StartKey = []byte(applicationPrefix) } r.EndKey = []byte(applicationEnd) r.Count = num kss, err = m.conn.GetRangeSlices( cp, pred, r, cassandra.ConsistencyLevel_ONE) if err != nil { return rv, err } for _, ks = range kss { var member *MemberWithKey = new(MemberWithKey) var scol *cassandra.ColumnOrSuperColumn var uuid cassandra.UUID = cassandra.UUIDFromBytes( ks.Key[len(applicationPrefix):]) member.Key = uuid.String() if len(ks.Columns) == 0 { continue } for _, scol = range ks.Columns { var col *cassandra.Column = scol.Column if string(col.Name) == "name" { member.Name = proto.String(string(col.Value)) } else if string(col.Name) == "street" { member.Street = proto.String(string(col.Value)) } else if string(col.Name) == "city" { member.City = proto.String(string(col.Value)) } else if string(col.Name) == "fee" { member.Fee = proto.Uint64(binary.BigEndian.Uint64(col.Value)) } else if string(col.Name) == "fee_yearly" { member.FeeYearly = proto.Bool(col.Value[0] == 1) } } rv = append(rv, member) } return rv, nil }
// Output a JSON list of all applicants currently waiting to become members. func (a *ApplicantListHandler) ServeHTTP(rw http.ResponseWriter, req *http.Request) { var applist applicantListType var enc *json.Encoder var err error if !a.auth.IsAuthenticatedScope(req, a.admingroup) { rw.WriteHeader(http.StatusUnauthorized) return } if req.FormValue("single") == "true" && len(req.FormValue("start")) > 0 { var memberreq *membersys.MembershipAgreement var mwk *membersys.MemberWithKey var bigint *big.Int = big.NewInt(0) var uuid cassandra.UUID var ok bool bigint, ok = bigint.SetString(req.FormValue("start"), 10) if !ok { rw.WriteHeader(http.StatusInternalServerError) rw.Write([]byte("Unable to parse " + req.FormValue("start") + " as a number")) return } if bigint.BitLen() == 128 { uuid = cassandra.UUIDFromBytes(bigint.Bytes()) memberreq, _, err = a.database.GetMembershipRequest( uuid.String(), "application", "applicant:") if err != nil { rw.WriteHeader(http.StatusInternalServerError) rw.Write([]byte("Unable to retrieve the membership request " + uuid.String() + ": " + err.Error())) return } mwk = new(membersys.MemberWithKey) mwk.Key = uuid.String() proto.Merge(&mwk.Member, memberreq.GetMemberData()) applist.Applicants = []*membersys.MemberWithKey{mwk} } } else { applist.Applicants, err = a.database.EnumerateMembershipRequests( req.FormValue("criterion"), req.FormValue("start"), a.pagesize) if err != nil { log.Print("Error enumerating applications: ", err) rw.WriteHeader(http.StatusInternalServerError) rw.Write([]byte("Error enumerating applications: " + err.Error())) return } } applist.AgreementUploadCsrfToken, err = a.auth.GenCSRFToken( req, applicantAgreementUploadURL, 10*time.Minute) if err != nil { log.Print("Error generating CSRF token: ", err) rw.WriteHeader(http.StatusInternalServerError) rw.Write([]byte("Error generating CSRF token: " + err.Error())) return } applist.ApprovalCsrfToken, err = a.auth.GenCSRFToken( req, applicantApprovalURL, 10*time.Minute) if err != nil { log.Print("Error generating CSRF token: ", err) rw.WriteHeader(http.StatusInternalServerError) rw.Write([]byte("Error generating CSRF token: " + err.Error())) return } applist.RejectionCsrfToken, err = a.auth.GenCSRFToken( req, applicantRejectionURL, 10*time.Minute) if err != nil { log.Print("Error generating CSRF token: ", err) rw.WriteHeader(http.StatusInternalServerError) rw.Write([]byte("Error generating CSRF token: " + err.Error())) return } rw.Header().Set("Content-Type", "application/json; encoding=utf8") enc = json.NewEncoder(rw) if err = enc.Encode(applist); err != nil { log.Print("Error JSON encoding member list: ", err) rw.WriteHeader(http.StatusInternalServerError) rw.Write([]byte("Error encoding result: " + err.Error())) return } }