mirror of
https://github.com/YunoHost/moulinette.git
synced 2024-09-03 20:06:31 +02:00
GTFO samba (╯°□°)╯︵ ┻━┻)
This commit is contained in:
parent
063bbe2da2
commit
774ce2e223
4 changed files with 55 additions and 66 deletions
|
@ -1,10 +1,10 @@
|
||||||
UPNP:
|
UPNP:
|
||||||
cron: false
|
cron: false
|
||||||
ports:
|
ports:
|
||||||
TCP: [22, 25, 53, 80, 137, 138, 139, 443, 445, 465, 993, 5222, 5269, 5280, 6767, 7676]
|
TCP: [22, 25, 53, 80, 443, 465, 993, 5222, 5269, 5280, 6767, 7676]
|
||||||
UDP: [53, 137, 138]
|
UDP: [53, 137, 138]
|
||||||
ipv4:
|
ipv4:
|
||||||
TCP: [22, 25, 53, 80, 137, 138, 139, 443, 445, 465, 993, 5222, 5269, 5280, 6767, 7676]
|
TCP: [22, 25, 53, 80, 443, 465, 993, 5222, 5269, 5280, 6767, 7676]
|
||||||
UDP: [53, 137, 138]
|
UDP: [53, 137, 138]
|
||||||
ipv6:
|
ipv6:
|
||||||
TCP: [22]
|
TCP: [22]
|
||||||
|
|
|
@ -24,9 +24,6 @@ ssh:
|
||||||
metronome:
|
metronome:
|
||||||
status: metronomectl status
|
status: metronomectl status
|
||||||
log: [/var/log/metronome/metronome.log,/var/log/metronome/metronome.err]
|
log: [/var/log/metronome/metronome.log,/var/log/metronome/metronome.err]
|
||||||
samba:
|
|
||||||
status: service
|
|
||||||
log: [/var/log/samba/log.smbd,/var/log/samba/log.nmbd]
|
|
||||||
slapd:
|
slapd:
|
||||||
status: service
|
status: service
|
||||||
log: /var/log/syslog
|
log: /var/log/syslog
|
||||||
|
|
|
@ -65,30 +65,12 @@ def tools_ldapinit(password=None):
|
||||||
'uidNumber': '1007',
|
'uidNumber': '1007',
|
||||||
'homeDirectory': '/home/admin',
|
'homeDirectory': '/home/admin',
|
||||||
'loginShell': '/bin/bash',
|
'loginShell': '/bin/bash',
|
||||||
'objectClass': ['organizationalRole', 'posixAccount', 'simpleSecurityObject']
|
'objectClass': ['organizationalRole', 'posixAccount', 'simpleSecurityObject'],
|
||||||
|
'userPassword': 'yunohost'
|
||||||
}
|
}
|
||||||
|
|
||||||
yldap.update('cn=admin', admin_dict)
|
yldap.update('cn=admin', admin_dict)
|
||||||
|
|
||||||
os.system('rm /etc/smbldap-tools/smbldap_bind.conf')
|
|
||||||
with open('/etc/smbldap-tools/smbldap_bind.conf', 'w') as f:
|
|
||||||
lines = [
|
|
||||||
'masterDN="cn=admin,dc=yunohost,dc=org"',
|
|
||||||
'slaveDN="cn=admin,dc=yunohost,dc=org"',
|
|
||||||
'masterPw="yunohost"',
|
|
||||||
'slavePw="yunohost"'
|
|
||||||
]
|
|
||||||
|
|
||||||
for line in lines:
|
|
||||||
f.write(line +'\n')
|
|
||||||
|
|
||||||
os.system('chmod 600 /etc/smbldap-tools/smbldap_bind.conf')
|
|
||||||
os.system('smbpasswd -w yunohost')
|
|
||||||
sid = subprocess.check_output(['net', 'getlocalsid', 'YUNOHOST']).strip().split(':')[1][1:]
|
|
||||||
os.system('echo \'SID="'+ sid +'"\' >> /etc/smbldap-tools/smbldap.conf')
|
|
||||||
if password is not None:
|
|
||||||
os.system('echo "'+ password +'\n'+ password +'" | smbldap-populate')
|
|
||||||
|
|
||||||
win_msg(_("LDAP has been successfully initialized"))
|
win_msg(_("LDAP has been successfully initialized"))
|
||||||
|
|
||||||
|
|
||||||
|
@ -105,24 +87,13 @@ def tools_adminpw(old_password, new_password):
|
||||||
if len(new_password) < 4:
|
if len(new_password) < 4:
|
||||||
raise YunoHostError(22, _("Password is too short"))
|
raise YunoHostError(22, _("Password is too short"))
|
||||||
|
|
||||||
|
old_password.replace('"', '\\"')
|
||||||
|
old_password.replace('&', '\\&')
|
||||||
|
new_password.replace('"', '\\"')
|
||||||
|
new_password.replace('&', '\\&')
|
||||||
result = os.system('ldappasswd -h localhost -D cn=admin,dc=yunohost,dc=org -w "'+ old_password +'" -a "'+ old_password +'" -s "' + new_password + '"')
|
result = os.system('ldappasswd -h localhost -D cn=admin,dc=yunohost,dc=org -w "'+ old_password +'" -a "'+ old_password +'" -s "' + new_password + '"')
|
||||||
result2 = os.system('smbpasswd -w "'+ new_password + '"')
|
|
||||||
|
|
||||||
os.system('rm /etc/smbldap-tools/smbldap_bind.conf')
|
if result == 0:
|
||||||
with open('/etc/smbldap-tools/smbldap_bind.conf', 'w') as f:
|
|
||||||
lines = [
|
|
||||||
'masterDN="cn=admin,dc=yunohost,dc=org"',
|
|
||||||
'slaveDN="cn=admin,dc=yunohost,dc=org"',
|
|
||||||
'masterPw="'+ new_password +'"',
|
|
||||||
'slavePw="'+ new_password +'"'
|
|
||||||
]
|
|
||||||
|
|
||||||
for line in lines:
|
|
||||||
f.write(line +'\n')
|
|
||||||
|
|
||||||
os.system('chmod 600 /etc/smbldap-tools/smbldap_bind.conf')
|
|
||||||
|
|
||||||
if result == result2 == 0:
|
|
||||||
win_msg(_("Admin password has been changed"))
|
win_msg(_("Admin password has been changed"))
|
||||||
else:
|
else:
|
||||||
raise YunoHostError(22, _("Invalid password"))
|
raise YunoHostError(22, _("Invalid password"))
|
||||||
|
@ -233,7 +204,6 @@ def tools_postinstall(domain, password, dyndns=False):
|
||||||
'/etc/yunohost/apps',
|
'/etc/yunohost/apps',
|
||||||
'/etc/yunohost/certs',
|
'/etc/yunohost/certs',
|
||||||
'/var/cache/yunohost/repo',
|
'/var/cache/yunohost/repo',
|
||||||
'/home/yunohost.samba',
|
|
||||||
'/home/yunohost.backup',
|
'/home/yunohost.backup',
|
||||||
'/home/yunohost.app'
|
'/home/yunohost.app'
|
||||||
]
|
]
|
||||||
|
@ -255,15 +225,10 @@ def tools_postinstall(domain, password, dyndns=False):
|
||||||
os.system('service dspam stop')
|
os.system('service dspam stop')
|
||||||
os.system('update-rc.d dspam remove')
|
os.system('update-rc.d dspam remove')
|
||||||
os.system('sed -i "s/yes/no/g" /etc/default/dspam')
|
os.system('sed -i "s/yes/no/g" /etc/default/dspam')
|
||||||
os.system('apt-get install -y -qq samba yunohost-config-amavis')
|
os.system('apt-get install -y -qq yunohost-config-amavis')
|
||||||
os.system('service amavis start')
|
os.system('service amavis start')
|
||||||
os.system('apt-get install --reinstall -y -qq yunohost-config-postfix yunohost-config-dovecot')
|
os.system('apt-get install --reinstall -y -qq yunohost-config-postfix yunohost-config-dovecot')
|
||||||
|
|
||||||
# Samba sh*t fix
|
|
||||||
if os.system('net getlocalsid > /dev/null 2>&1') != 0:
|
|
||||||
os.system('apt-get install --reinstall -y -qq samba yunohost-config-samba')
|
|
||||||
os.system('smbpasswd -w yunohost')
|
|
||||||
|
|
||||||
# Create SSL CA
|
# Create SSL CA
|
||||||
ssl_dir = '/usr/share/yunohost/yunohost-config/ssl/yunoCA'
|
ssl_dir = '/usr/share/yunohost/yunohost-config/ssl/yunoCA'
|
||||||
command_list = [
|
command_list = [
|
||||||
|
@ -299,7 +264,6 @@ def tools_postinstall(domain, password, dyndns=False):
|
||||||
tools_adminpw(old_password='yunohost', new_password=password)
|
tools_adminpw(old_password='yunohost', new_password=password)
|
||||||
|
|
||||||
os.system('touch /etc/yunohost/installed')
|
os.system('touch /etc/yunohost/installed')
|
||||||
os.system('service samba restart')
|
|
||||||
os.system('service yunohost-api restart &')
|
os.system('service yunohost-api restart &')
|
||||||
|
|
||||||
win_msg(_("YunoHost has been successfully configured"))
|
win_msg(_("YunoHost has been successfully configured"))
|
||||||
|
|
|
@ -112,15 +112,45 @@ def user_create(username, firstname, lastname, mail, password):
|
||||||
if mail[mail.find('@')+1:] not in domain_list()['Domains']:
|
if mail[mail.find('@')+1:] not in domain_list()['Domains']:
|
||||||
raise YunoHostError(22, _("Domain not found : ")+ mail[mail.find('@')+1:])
|
raise YunoHostError(22, _("Domain not found : ")+ mail[mail.find('@')+1:])
|
||||||
|
|
||||||
user_added = os.system('/usr/sbin/smbldap-useradd -a -A 1 -m -M "'+ mail +'" -N "'+ firstname +'" -S "'+ lastname +'" -Z "objectclass=mailAccount,maildrop='+ username +'" -p '+ username)
|
# Get random UID/GID
|
||||||
pwd_changed = os.system('echo "'+ password +'\n'+ password +'" | smbldap-passwd '+ username)
|
|
||||||
|
|
||||||
if user_added == pwd_changed == 0:
|
uid_check = gid_check = 0
|
||||||
os.system('yunohost app ssowatconf > /dev/null 2>&1')
|
while uid_check == 0 and gid_check == 0:
|
||||||
hook_callback('post_user_create', [username, mail, password, firstname, lastname])
|
uid = str(random.randint(200, 99999))
|
||||||
|
uid_check = os.system("getent passwd " + uid)
|
||||||
|
gid_check = os.system("getent group " + uid)
|
||||||
|
|
||||||
|
# Adapt values for LDAP
|
||||||
|
fullname = firstname + ' ' + lastname
|
||||||
|
rdn = 'uid=' + username + ',ou=users'
|
||||||
|
char_set = string.ascii_uppercase + string.digits
|
||||||
|
salt = ''.join(random.sample(char_set,8))
|
||||||
|
salt = '$1$' + salt + '$'
|
||||||
|
pwd = '{CRYPT}' + crypt.crypt(str(password), salt)
|
||||||
|
attr_dict = {
|
||||||
|
'objectClass' : ['mailAccount', 'inetOrgPerson', 'posixAccount'],
|
||||||
|
'givenName' : firstname,
|
||||||
|
'sn' : lastname,
|
||||||
|
'displayName' : fullname,
|
||||||
|
'cn' : fullname,
|
||||||
|
'uid' : username,
|
||||||
|
'mail' : mail,
|
||||||
|
'maildrop' : username,
|
||||||
|
'userPassword' : pwd,
|
||||||
|
'gidNumber' : uid,
|
||||||
|
'uidNumber' : uid,
|
||||||
|
'homeDirectory' : '/home/' + username,
|
||||||
|
'loginShell' : '/bin/false'
|
||||||
|
|
||||||
|
}
|
||||||
|
|
||||||
|
if yldap.add(rdn, attr_dict):
|
||||||
|
os.system("su - " + username + " -c ''")
|
||||||
#TODO: Send a welcome mail to user
|
#TODO: Send a welcome mail to user
|
||||||
win_msg(_("User successfully created"))
|
win_msg(_("User successfully created"))
|
||||||
return { _("Fullname") : firstname +' '+ lastname, _("Username") : username, _("Mail") : mail }
|
hook_callback('post_user_create', [username, mail, password, firstname, lastname])
|
||||||
|
|
||||||
|
return { _("Fullname") : fullname, _("Username") : username, _("Mail") : mail }
|
||||||
else:
|
else:
|
||||||
raise YunoHostError(169, _("An error occured during user creation"))
|
raise YunoHostError(169, _("An error occured during user creation"))
|
||||||
|
|
||||||
|
@ -141,14 +171,11 @@ def user_delete(users, purge=False):
|
||||||
users = [ users ]
|
users = [ users ]
|
||||||
|
|
||||||
for user in users:
|
for user in users:
|
||||||
delete_command = '/usr/sbin/smbldap-userdel'
|
if yldap.remove('uid=' + user+ ',ou=users'):
|
||||||
if purge:
|
if purge:
|
||||||
delete_command = delete_command +' -r '+ user
|
os.system('rm -rf /home/' + user)
|
||||||
else:
|
|
||||||
delete_command = delete_command +' '+ user
|
|
||||||
user_deleted = os.system(delete_command)
|
|
||||||
if user_deleted == 0:
|
|
||||||
result['Users'].append(user)
|
result['Users'].append(user)
|
||||||
|
continue
|
||||||
else:
|
else:
|
||||||
raise YunoHostError(169, _("An error occured during user deletion"))
|
raise YunoHostError(169, _("An error occured during user deletion"))
|
||||||
|
|
||||||
|
@ -197,9 +224,10 @@ def user_update(username, firstname=None, lastname=None, mail=None, change_passw
|
||||||
new_attr_dict['cn'] = new_attr_dict['displayName'] = firstname + ' ' + lastname
|
new_attr_dict['cn'] = new_attr_dict['displayName'] = firstname + ' ' + lastname
|
||||||
|
|
||||||
if change_password:
|
if change_password:
|
||||||
pwd_changed = os.system('echo "'+ change_password +'\n'+ change_password +'" | smbldap-passwd '+ username)
|
char_set = string.ascii_uppercase + string.digits
|
||||||
if pwd_changed > 0:
|
salt = ''.join(random.sample(char_set,8))
|
||||||
raise YunoHostError(169, _("An error occured during password update"))
|
salt = '$1$' + salt + '$'
|
||||||
|
new_attr_dict['userPassword'] = '{CRYPT}' + crypt.crypt(str(change_password), salt)
|
||||||
|
|
||||||
if mail:
|
if mail:
|
||||||
yldap.validate_uniqueness({ 'mail': mail })
|
yldap.validate_uniqueness({ 'mail': mail })
|
||||||
|
|
Loading…
Reference in a new issue