diff --git a/firewall.yml b/firewall.yml index 3cc2dd7b..075116cf 100644 --- a/firewall.yml +++ b/firewall.yml @@ -1,10 +1,10 @@ UPNP: cron: false ports: - TCP: [22, 25, 53, 80, 137, 138, 139, 443, 445, 465, 993, 5222, 5269, 5280, 6767, 7676] + TCP: [22, 25, 53, 80, 443, 465, 993, 5222, 5269, 5280, 6767, 7676] UDP: [53, 137, 138] ipv4: - TCP: [22, 25, 53, 80, 137, 138, 139, 443, 445, 465, 993, 5222, 5269, 5280, 6767, 7676] + TCP: [22, 25, 53, 80, 443, 465, 993, 5222, 5269, 5280, 6767, 7676] UDP: [53, 137, 138] ipv6: TCP: [22] diff --git a/services.yml b/services.yml index 75a73e9e..fc0bee7b 100644 --- a/services.yml +++ b/services.yml @@ -24,9 +24,6 @@ ssh: metronome: status: metronomectl status log: [/var/log/metronome/metronome.log,/var/log/metronome/metronome.err] -samba: - status: service - log: [/var/log/samba/log.smbd,/var/log/samba/log.nmbd] slapd: status: service log: /var/log/syslog diff --git a/yunohost_tools.py b/yunohost_tools.py index 699d1e3e..3cac46a6 100644 --- a/yunohost_tools.py +++ b/yunohost_tools.py @@ -65,30 +65,12 @@ def tools_ldapinit(password=None): 'uidNumber': '1007', 'homeDirectory': '/home/admin', 'loginShell': '/bin/bash', - 'objectClass': ['organizationalRole', 'posixAccount', 'simpleSecurityObject'] + 'objectClass': ['organizationalRole', 'posixAccount', 'simpleSecurityObject'], + 'userPassword': 'yunohost' } yldap.update('cn=admin', admin_dict) - os.system('rm /etc/smbldap-tools/smbldap_bind.conf') - with open('/etc/smbldap-tools/smbldap_bind.conf', 'w') as f: - lines = [ - 'masterDN="cn=admin,dc=yunohost,dc=org"', - 'slaveDN="cn=admin,dc=yunohost,dc=org"', - 'masterPw="yunohost"', - 'slavePw="yunohost"' - ] - - for line in lines: - f.write(line +'\n') - - os.system('chmod 600 /etc/smbldap-tools/smbldap_bind.conf') - os.system('smbpasswd -w yunohost') - sid = subprocess.check_output(['net', 'getlocalsid', 'YUNOHOST']).strip().split(':')[1][1:] - os.system('echo \'SID="'+ sid +'"\' >> /etc/smbldap-tools/smbldap.conf') - if password is not None: - os.system('echo "'+ password +'\n'+ password +'" | smbldap-populate') - win_msg(_("LDAP has been successfully initialized")) @@ -105,24 +87,13 @@ def tools_adminpw(old_password, new_password): if len(new_password) < 4: raise YunoHostError(22, _("Password is too short")) - result = os.system('ldappasswd -h localhost -D cn=admin,dc=yunohost,dc=org -w "'+ old_password +'" -a "'+ old_password +'" -s "' + new_password + '"') - result2 = os.system('smbpasswd -w "'+ new_password + '"') + old_password.replace('"', '\\"') + old_password.replace('&', '\\&') + new_password.replace('"', '\\"') + new_password.replace('&', '\\&') + result = os.system('ldappasswd -h localhost -D cn=admin,dc=yunohost,dc=org -w "'+ old_password +'" -a "'+ old_password +'" -s "' + new_password + '"') - os.system('rm /etc/smbldap-tools/smbldap_bind.conf') - with open('/etc/smbldap-tools/smbldap_bind.conf', 'w') as f: - lines = [ - 'masterDN="cn=admin,dc=yunohost,dc=org"', - 'slaveDN="cn=admin,dc=yunohost,dc=org"', - 'masterPw="'+ new_password +'"', - 'slavePw="'+ new_password +'"' - ] - - for line in lines: - f.write(line +'\n') - - os.system('chmod 600 /etc/smbldap-tools/smbldap_bind.conf') - - if result == result2 == 0: + if result == 0: win_msg(_("Admin password has been changed")) else: raise YunoHostError(22, _("Invalid password")) @@ -233,7 +204,6 @@ def tools_postinstall(domain, password, dyndns=False): '/etc/yunohost/apps', '/etc/yunohost/certs', '/var/cache/yunohost/repo', - '/home/yunohost.samba', '/home/yunohost.backup', '/home/yunohost.app' ] @@ -255,15 +225,10 @@ def tools_postinstall(domain, password, dyndns=False): os.system('service dspam stop') os.system('update-rc.d dspam remove') os.system('sed -i "s/yes/no/g" /etc/default/dspam') - os.system('apt-get install -y -qq samba yunohost-config-amavis') + os.system('apt-get install -y -qq yunohost-config-amavis') os.system('service amavis start') os.system('apt-get install --reinstall -y -qq yunohost-config-postfix yunohost-config-dovecot') - # Samba sh*t fix - if os.system('net getlocalsid > /dev/null 2>&1') != 0: - os.system('apt-get install --reinstall -y -qq samba yunohost-config-samba') - os.system('smbpasswd -w yunohost') - # Create SSL CA ssl_dir = '/usr/share/yunohost/yunohost-config/ssl/yunoCA' command_list = [ @@ -299,7 +264,6 @@ def tools_postinstall(domain, password, dyndns=False): tools_adminpw(old_password='yunohost', new_password=password) os.system('touch /etc/yunohost/installed') - os.system('service samba restart') os.system('service yunohost-api restart &') win_msg(_("YunoHost has been successfully configured")) diff --git a/yunohost_user.py b/yunohost_user.py index 8808c2f9..57d58371 100644 --- a/yunohost_user.py +++ b/yunohost_user.py @@ -112,15 +112,45 @@ def user_create(username, firstname, lastname, mail, password): if mail[mail.find('@')+1:] not in domain_list()['Domains']: raise YunoHostError(22, _("Domain not found : ")+ mail[mail.find('@')+1:]) - user_added = os.system('/usr/sbin/smbldap-useradd -a -A 1 -m -M "'+ mail +'" -N "'+ firstname +'" -S "'+ lastname +'" -Z "objectclass=mailAccount,maildrop='+ username +'" -p '+ username) - pwd_changed = os.system('echo "'+ password +'\n'+ password +'" | smbldap-passwd '+ username) + # Get random UID/GID - if user_added == pwd_changed == 0: - os.system('yunohost app ssowatconf > /dev/null 2>&1') - hook_callback('post_user_create', [username, mail, password, firstname, lastname]) + uid_check = gid_check = 0 + while uid_check == 0 and gid_check == 0: + uid = str(random.randint(200, 99999)) + uid_check = os.system("getent passwd " + uid) + gid_check = os.system("getent group " + uid) + + # Adapt values for LDAP + fullname = firstname + ' ' + lastname + rdn = 'uid=' + username + ',ou=users' + char_set = string.ascii_uppercase + string.digits + salt = ''.join(random.sample(char_set,8)) + salt = '$1$' + salt + '$' + pwd = '{CRYPT}' + crypt.crypt(str(password), salt) + attr_dict = { + 'objectClass' : ['mailAccount', 'inetOrgPerson', 'posixAccount'], + 'givenName' : firstname, + 'sn' : lastname, + 'displayName' : fullname, + 'cn' : fullname, + 'uid' : username, + 'mail' : mail, + 'maildrop' : username, + 'userPassword' : pwd, + 'gidNumber' : uid, + 'uidNumber' : uid, + 'homeDirectory' : '/home/' + username, + 'loginShell' : '/bin/false' + + } + + if yldap.add(rdn, attr_dict): + os.system("su - " + username + " -c ''") #TODO: Send a welcome mail to user win_msg(_("User successfully created")) - return { _("Fullname") : firstname +' '+ lastname, _("Username") : username, _("Mail") : mail } + hook_callback('post_user_create', [username, mail, password, firstname, lastname]) + + return { _("Fullname") : fullname, _("Username") : username, _("Mail") : mail } else: raise YunoHostError(169, _("An error occured during user creation")) @@ -141,14 +171,11 @@ def user_delete(users, purge=False): users = [ users ] for user in users: - delete_command = '/usr/sbin/smbldap-userdel' - if purge: - delete_command = delete_command +' -r '+ user - else: - delete_command = delete_command +' '+ user - user_deleted = os.system(delete_command) - if user_deleted == 0: + if yldap.remove('uid=' + user+ ',ou=users'): + if purge: + os.system('rm -rf /home/' + user) result['Users'].append(user) + continue else: raise YunoHostError(169, _("An error occured during user deletion")) @@ -197,9 +224,10 @@ def user_update(username, firstname=None, lastname=None, mail=None, change_passw new_attr_dict['cn'] = new_attr_dict['displayName'] = firstname + ' ' + lastname if change_password: - pwd_changed = os.system('echo "'+ change_password +'\n'+ change_password +'" | smbldap-passwd '+ username) - if pwd_changed > 0: - raise YunoHostError(169, _("An error occured during password update")) + char_set = string.ascii_uppercase + string.digits + salt = ''.join(random.sample(char_set,8)) + salt = '$1$' + salt + '$' + new_attr_dict['userPassword'] = '{CRYPT}' + crypt.crypt(str(change_password), salt) if mail: yldap.validate_uniqueness({ 'mail': mail })