2012-10-23 17:28:35 +02:00
# -*- coding: utf-8 -*-
2012-10-26 15:26:50 +02:00
import os
import sys
2012-10-23 17:28:35 +02:00
import yaml
2012-10-26 15:26:50 +02:00
import re
2012-10-27 17:06:43 +02:00
import getpass
2012-10-29 16:25:40 +01:00
from yunohost import YunoHostError , YunoHostLDAP , validate , colorize , get_required_args , win_msg
2012-10-25 21:15:37 +02:00
from yunohost_domain import domain_add
2012-10-27 17:06:43 +02:00
2013-02-27 22:11:10 +01:00
def tools_ldapinit ( ) :
2012-10-27 17:06:43 +02:00
"""
Initialize YunoHost LDAP scheme
2013-02-26 20:36:37 +01:00
Returns :
2012-10-27 17:06:43 +02:00
dict
"""
2012-11-09 18:04:15 +01:00
with YunoHostLDAP ( ) as yldap :
2012-10-26 15:26:50 +02:00
2013-02-26 20:36:37 +01:00
with open ( ' ldap_scheme.yml ' ) as f :
2012-11-09 18:04:15 +01:00
ldap_map = yaml . load ( f )
2012-10-23 17:28:35 +02:00
2012-11-09 18:04:15 +01:00
for rdn , attr_dict in ldap_map [ ' parents ' ] . items ( ) :
yldap . add ( rdn , attr_dict )
2012-10-23 18:10:39 +02:00
2012-11-09 18:04:15 +01:00
for rdn , attr_dict in ldap_map [ ' childs ' ] . items ( ) :
yldap . add ( rdn , attr_dict )
2013-02-26 20:36:37 +01:00
2012-11-09 18:04:15 +01:00
admin_dict = {
' cn ' : ' admin ' ,
' uid ' : ' admin ' ,
' description ' : ' LDAP Administrator ' ,
' gidNumber ' : ' 1007 ' ,
' uidNumber ' : ' 1007 ' ,
' homeDirectory ' : ' /home/admin ' ,
' loginShell ' : ' /bin/bash ' ,
' objectClass ' : [ ' organizationalRole ' , ' posixAccount ' , ' simpleSecurityObject ' ]
}
yldap . update ( ' cn=admin ' , admin_dict )
2012-10-23 19:55:40 +02:00
2012-10-29 16:06:46 +01:00
win_msg ( _ ( " LDAP has been successfully initialized " ) )
2012-10-26 15:26:50 +02:00
2012-10-27 17:06:43 +02:00
2013-02-26 20:36:37 +01:00
def tools_adminpw ( old_password , new_password ) :
2012-10-27 17:06:43 +02:00
"""
Change admin password
2013-02-26 20:36:37 +01:00
2012-10-27 17:06:43 +02:00
Keyword arguments :
2012-11-29 15:00:33 +01:00
old_password
new_password
2013-02-26 20:36:37 +01:00
Returns :
2012-10-27 17:06:43 +02:00
dict
"""
2012-10-26 15:26:50 +02:00
# Validate password length
2012-11-29 15:00:33 +01:00
if len ( new_password ) < 4 :
2012-10-26 15:26:50 +02:00
raise YunoHostError ( 22 , _ ( " Password is too short " ) )
2012-11-29 15:00:33 +01:00
result = os . system ( ' ldappasswd -h localhost -D cn=admin,dc=yunohost,dc=org -w " ' + old_password + ' " -a " ' + old_password + ' " -s " ' + new_password + ' " ' )
2012-10-27 17:06:43 +02:00
2012-10-25 21:17:26 +02:00
if result == 0 :
2012-10-29 16:06:46 +01:00
win_msg ( _ ( " Admin password has been changed " ) )
2012-10-25 21:17:26 +02:00
else :
raise YunoHostError ( 22 , _ ( " Invalid password " ) )
2012-10-27 17:06:43 +02:00
2013-02-26 20:36:37 +01:00
def tools_maindomain ( old_domain , new_domain ) :
2012-10-27 17:06:43 +02:00
"""
Change admin password
2013-02-26 20:36:37 +01:00
2012-10-27 17:06:43 +02:00
Keyword arguments :
2012-11-29 15:00:33 +01:00
old_domain
new_domain
2013-02-26 20:36:37 +01:00
Returns :
2012-10-27 17:06:43 +02:00
dict
"""
2012-11-29 15:00:33 +01:00
if not old_domain :
2012-10-27 17:06:43 +02:00
with open ( ' /usr/share/yunohost/yunohost-config/others/current_host ' , ' r ' ) as f :
2012-11-29 15:00:33 +01:00
old_domain = f . readline ( ) . rstrip ( )
2012-10-27 17:06:43 +02:00
2012-11-29 15:00:33 +01:00
validate ( r ' ^([a-zA-Z0-9] {1} ([a-zA-Z0-9 \ -]*[a-zA-Z0-9])*)( \ .[a-zA-Z0-9] {1} ([a-zA-Z0-9 \ -]*[a-zA-Z0-9])*)*( \ .[a-zA-Z] {1} ([a-zA-Z0-9 \ -]*[a-zA-Z0-9])*)$ ' , old_domain )
2012-10-26 15:26:50 +02:00
config_files = [
' /etc/postfix/main.cf ' ,
2012-10-27 17:06:43 +02:00
' /etc/dovecot/dovecot.conf ' ,
2012-10-26 15:26:50 +02:00
' /etc/lemonldap-ng/lemonldap-ng.ini ' ,
' /etc/hosts ' ,
]
config_dir = [
2013-02-12 13:18:22 +01:00
' /var/lib/lemonldap-ng/conf ' , # TODO: Use lemon perl script instead
2012-10-26 15:26:50 +02:00
' /etc/apache2/sites-available ' ,
]
for dir in config_dir :
for file in os . listdir ( dir ) :
config_files . append ( dir + ' / ' + file )
for file in config_files :
with open ( file , " r " ) as sources :
lines = sources . readlines ( )
with open ( file , " w " ) as sources :
for line in lines :
2012-11-29 15:00:33 +01:00
sources . write ( re . sub ( r ' ' + old_domain + ' ' , new_domain , line ) )
2012-10-26 15:26:50 +02:00
2013-02-27 22:29:31 +01:00
domain_add ( [ new_domain ] , web = True )
2013-02-27 22:11:10 +01:00
2013-02-26 20:36:37 +01:00
lemon_tmp_conf = ' /tmp/tmplemonconf '
if os . path . exists ( lemon_tmp_conf ) : os . remove ( lemon_tmp_conf )
lemon_conf_lines = [
" delete $tmp-> { ' locationRules ' }-> { ' " + old_domain + " ' }-> { ' ^/sso/ ' }; " , # Remove SSO access rule from old domain
" $tmp-> { ' domain ' } = ' " + old_domain + " ' ; " , # Replace Lemon domain
" $tmp-> { ' ldapBase ' } = ' dc=yunohost,dc=org ' ; " , # Set ldap basedn
" $tmp-> { ' portal ' } = ' https:// " + new_domain + " /sso/ ' ; " , # Set SSO url
" $tmp-> { ' locationRules ' }-> { ' " + new_domain + " ' }-> { ' ^/sso/ ' } = ' unprotect ' ; " # Add SSO access rule to new domain
]
with open ( lemon_tmp_conf , ' a ' ) as lemon_conf :
for line in lemon_conf_lines :
lemon_conf . write ( line + ' \n ' )
2013-02-26 23:13:49 +01:00
os . system ( ' rm /etc/yunohost/apache/domains/ ' + old_domain + ' .d/*.sso.conf ' ) # remove SSO apache conf dir from old domain conf
os . system ( ' cp /etc/yunohost/apache/templates/fixed.sso.conf /etc/yunohost/apache/domains/ ' + new_domain + ' .d/fixed.sso.conf ' ) # add SSO apache conf dir to new domain conf
2013-02-26 20:36:37 +01:00
2012-10-26 15:26:50 +02:00
os . system ( ' /etc/init.d/hostname.sh ' )
2013-02-26 20:36:37 +01:00
2012-10-27 17:06:43 +02:00
# Regenerate certificate
tmp = ' /usr/share/yunohost/yunohost-config '
2012-10-28 15:24:10 +01:00
a = os . system ( ' echo " 01 " > ' + tmp + ' /ssl/yunoCA/serial ' )
b = os . system ( ' rm ' + tmp + ' /ssl/yunoCA/index.txt ' )
c = os . system ( ' touch ' + tmp + ' /ssl/yunoCA/index.txt ' )
2012-11-29 15:00:33 +01:00
d = os . system ( ' sed -i " s/ ' + old_domain + ' / ' + new_domain + ' /g " ' + tmp + ' /ssl/yunoCA/openssl.cnf ' )
2012-10-28 15:24:10 +01:00
e = os . system ( ' openssl req -x509 -new -config ' + tmp + ' /ssl/yunoCA/openssl.cnf -days 3650 -out ' + tmp + ' /ssl/yunoCA/ca/cacert.pem -keyout ' + tmp + ' /ssl/yunoCA/ca/cakey.pem -nodes -batch ' )
f = os . system ( ' openssl req -new -config ' + tmp + ' /ssl/yunoCA/openssl.cnf -days 730 -out ' + tmp + ' /ssl/yunoCA/certs/yunohost_csr.pem -keyout ' + tmp + ' /ssl/yunoCA/certs/yunohost_key.pem -nodes -batch ' )
g = os . system ( ' openssl ca -config ' + tmp + ' /ssl/yunoCA/openssl.cnf -days 730 -in ' + tmp + ' /ssl/yunoCA/certs/yunohost_csr.pem -out ' + tmp + ' /ssl/yunoCA/certs/yunohost_crt.pem -batch ' )
h = os . system ( ' cp ' + tmp + ' /ssl/yunoCA/ca/cacert.pem /etc/ssl/certs/ca-yunohost_crt.pem ' )
i = os . system ( ' cp ' + tmp + ' /ssl/yunoCA/certs/yunohost_key.pem /etc/ssl/private/ ' )
j = os . system ( ' cp ' + tmp + ' /ssl/yunoCA/newcerts/01.pem /etc/ssl/certs/yunohost_crt.pem ' )
2013-02-27 20:45:47 +01:00
k = os . system ( ' echo ' + new_domain + ' > /usr/share/yunohost/yunohost-config/others/current_host ' )
2012-10-27 17:06:43 +02:00
# Restart services
2013-02-27 20:45:47 +01:00
l = os . system ( ' service apache2 restart ' )
m = os . system ( ' service postfix restart ' )
2012-10-27 17:06:43 +02:00
2013-02-27 20:45:47 +01:00
if a == b == c == d == e == f == g == h == i == j == k == l == m == 0 :
2012-10-29 16:06:46 +01:00
win_msg ( _ ( " YunoHost main domain has been successfully changed " ) )
2012-10-28 15:24:10 +01:00
else :
2012-10-29 16:06:46 +01:00
raise YunoHostError ( 17 , _ ( " There were a problem during domain changing " ) )
2012-10-27 17:06:43 +02:00
2012-10-26 15:26:50 +02:00
2012-11-29 15:00:33 +01:00
def tools_postinstall ( domain , password ) :
2012-10-27 17:06:43 +02:00
"""
Post - install configuration
2013-02-26 20:36:37 +01:00
2012-10-27 17:06:43 +02:00
Keyword arguments :
2012-11-29 15:00:33 +01:00
domain - - Main domain
password - - New admin password
2013-02-26 20:36:37 +01:00
Returns :
2012-10-27 17:06:43 +02:00
dict
"""
2012-11-09 18:04:15 +01:00
with YunoHostLDAP ( password = ' yunohost ' ) as yldap :
try :
with open ( ' /usr/share/yunohost/yunohost-config/others/installed ' ) as f : pass
except IOError :
print ( ' Installing YunoHost ' )
else :
raise YunoHostError ( 17 , _ ( " YunoHost is already installed " ) )
2012-10-25 19:50:14 +02:00
2012-11-09 18:04:15 +01:00
# New domain config
2012-11-29 15:00:33 +01:00
tools_maindomain ( old_domain = ' yunohost.org ' , new_domain = domain )
2012-10-28 15:24:10 +01:00
2012-11-09 18:04:15 +01:00
# Initialize YunoHost LDAP base
2013-02-27 22:11:10 +01:00
tools_ldapinit ( )
2012-10-26 15:26:50 +02:00
2012-11-09 18:04:15 +01:00
# Change LDAP admin password
2012-11-29 15:00:33 +01:00
tools_adminpw ( old_password = ' yunohost ' , new_password = password )
2012-10-26 15:26:50 +02:00
2012-11-09 18:04:15 +01:00
os . system ( ' touch /usr/share/yunohost/yunohost-config/others/installed ' )
2013-02-26 20:36:37 +01:00
2012-10-29 16:06:46 +01:00
win_msg ( _ ( " YunoHost has been successfully configured " ) )