GTFO samba (╯°□°)╯︵ ┻━┻)

This commit is contained in:
kload 2013-12-18 16:16:06 +00:00
parent 063bbe2da2
commit 774ce2e223
4 changed files with 55 additions and 66 deletions

View file

@ -1,10 +1,10 @@
UPNP: UPNP:
cron: false cron: false
ports: ports:
TCP: [22, 25, 53, 80, 137, 138, 139, 443, 445, 465, 993, 5222, 5269, 5280, 6767, 7676] TCP: [22, 25, 53, 80, 443, 465, 993, 5222, 5269, 5280, 6767, 7676]
UDP: [53, 137, 138] UDP: [53, 137, 138]
ipv4: ipv4:
TCP: [22, 25, 53, 80, 137, 138, 139, 443, 445, 465, 993, 5222, 5269, 5280, 6767, 7676] TCP: [22, 25, 53, 80, 443, 465, 993, 5222, 5269, 5280, 6767, 7676]
UDP: [53, 137, 138] UDP: [53, 137, 138]
ipv6: ipv6:
TCP: [22] TCP: [22]

View file

@ -24,9 +24,6 @@ ssh:
metronome: metronome:
status: metronomectl status status: metronomectl status
log: [/var/log/metronome/metronome.log,/var/log/metronome/metronome.err] log: [/var/log/metronome/metronome.log,/var/log/metronome/metronome.err]
samba:
status: service
log: [/var/log/samba/log.smbd,/var/log/samba/log.nmbd]
slapd: slapd:
status: service status: service
log: /var/log/syslog log: /var/log/syslog

View file

@ -65,30 +65,12 @@ def tools_ldapinit(password=None):
'uidNumber': '1007', 'uidNumber': '1007',
'homeDirectory': '/home/admin', 'homeDirectory': '/home/admin',
'loginShell': '/bin/bash', 'loginShell': '/bin/bash',
'objectClass': ['organizationalRole', 'posixAccount', 'simpleSecurityObject'] 'objectClass': ['organizationalRole', 'posixAccount', 'simpleSecurityObject'],
'userPassword': 'yunohost'
} }
yldap.update('cn=admin', admin_dict) yldap.update('cn=admin', admin_dict)
os.system('rm /etc/smbldap-tools/smbldap_bind.conf')
with open('/etc/smbldap-tools/smbldap_bind.conf', 'w') as f:
lines = [
'masterDN="cn=admin,dc=yunohost,dc=org"',
'slaveDN="cn=admin,dc=yunohost,dc=org"',
'masterPw="yunohost"',
'slavePw="yunohost"'
]
for line in lines:
f.write(line +'\n')
os.system('chmod 600 /etc/smbldap-tools/smbldap_bind.conf')
os.system('smbpasswd -w yunohost')
sid = subprocess.check_output(['net', 'getlocalsid', 'YUNOHOST']).strip().split(':')[1][1:]
os.system('echo \'SID="'+ sid +'"\' >> /etc/smbldap-tools/smbldap.conf')
if password is not None:
os.system('echo "'+ password +'\n'+ password +'" | smbldap-populate')
win_msg(_("LDAP has been successfully initialized")) win_msg(_("LDAP has been successfully initialized"))
@ -105,24 +87,13 @@ def tools_adminpw(old_password, new_password):
if len(new_password) < 4: if len(new_password) < 4:
raise YunoHostError(22, _("Password is too short")) raise YunoHostError(22, _("Password is too short"))
old_password.replace('"', '\\"')
old_password.replace('&', '\\&')
new_password.replace('"', '\\"')
new_password.replace('&', '\\&')
result = os.system('ldappasswd -h localhost -D cn=admin,dc=yunohost,dc=org -w "'+ old_password +'" -a "'+ old_password +'" -s "' + new_password + '"') result = os.system('ldappasswd -h localhost -D cn=admin,dc=yunohost,dc=org -w "'+ old_password +'" -a "'+ old_password +'" -s "' + new_password + '"')
result2 = os.system('smbpasswd -w "'+ new_password + '"')
os.system('rm /etc/smbldap-tools/smbldap_bind.conf') if result == 0:
with open('/etc/smbldap-tools/smbldap_bind.conf', 'w') as f:
lines = [
'masterDN="cn=admin,dc=yunohost,dc=org"',
'slaveDN="cn=admin,dc=yunohost,dc=org"',
'masterPw="'+ new_password +'"',
'slavePw="'+ new_password +'"'
]
for line in lines:
f.write(line +'\n')
os.system('chmod 600 /etc/smbldap-tools/smbldap_bind.conf')
if result == result2 == 0:
win_msg(_("Admin password has been changed")) win_msg(_("Admin password has been changed"))
else: else:
raise YunoHostError(22, _("Invalid password")) raise YunoHostError(22, _("Invalid password"))
@ -233,7 +204,6 @@ def tools_postinstall(domain, password, dyndns=False):
'/etc/yunohost/apps', '/etc/yunohost/apps',
'/etc/yunohost/certs', '/etc/yunohost/certs',
'/var/cache/yunohost/repo', '/var/cache/yunohost/repo',
'/home/yunohost.samba',
'/home/yunohost.backup', '/home/yunohost.backup',
'/home/yunohost.app' '/home/yunohost.app'
] ]
@ -255,15 +225,10 @@ def tools_postinstall(domain, password, dyndns=False):
os.system('service dspam stop') os.system('service dspam stop')
os.system('update-rc.d dspam remove') os.system('update-rc.d dspam remove')
os.system('sed -i "s/yes/no/g" /etc/default/dspam') os.system('sed -i "s/yes/no/g" /etc/default/dspam')
os.system('apt-get install -y -qq samba yunohost-config-amavis') os.system('apt-get install -y -qq yunohost-config-amavis')
os.system('service amavis start') os.system('service amavis start')
os.system('apt-get install --reinstall -y -qq yunohost-config-postfix yunohost-config-dovecot') os.system('apt-get install --reinstall -y -qq yunohost-config-postfix yunohost-config-dovecot')
# Samba sh*t fix
if os.system('net getlocalsid > /dev/null 2>&1') != 0:
os.system('apt-get install --reinstall -y -qq samba yunohost-config-samba')
os.system('smbpasswd -w yunohost')
# Create SSL CA # Create SSL CA
ssl_dir = '/usr/share/yunohost/yunohost-config/ssl/yunoCA' ssl_dir = '/usr/share/yunohost/yunohost-config/ssl/yunoCA'
command_list = [ command_list = [
@ -299,7 +264,6 @@ def tools_postinstall(domain, password, dyndns=False):
tools_adminpw(old_password='yunohost', new_password=password) tools_adminpw(old_password='yunohost', new_password=password)
os.system('touch /etc/yunohost/installed') os.system('touch /etc/yunohost/installed')
os.system('service samba restart')
os.system('service yunohost-api restart &') os.system('service yunohost-api restart &')
win_msg(_("YunoHost has been successfully configured")) win_msg(_("YunoHost has been successfully configured"))

View file

@ -112,15 +112,45 @@ def user_create(username, firstname, lastname, mail, password):
if mail[mail.find('@')+1:] not in domain_list()['Domains']: if mail[mail.find('@')+1:] not in domain_list()['Domains']:
raise YunoHostError(22, _("Domain not found : ")+ mail[mail.find('@')+1:]) raise YunoHostError(22, _("Domain not found : ")+ mail[mail.find('@')+1:])
user_added = os.system('/usr/sbin/smbldap-useradd -a -A 1 -m -M "'+ mail +'" -N "'+ firstname +'" -S "'+ lastname +'" -Z "objectclass=mailAccount,maildrop='+ username +'" -p '+ username) # Get random UID/GID
pwd_changed = os.system('echo "'+ password +'\n'+ password +'" | smbldap-passwd '+ username)
if user_added == pwd_changed == 0: uid_check = gid_check = 0
os.system('yunohost app ssowatconf > /dev/null 2>&1') while uid_check == 0 and gid_check == 0:
hook_callback('post_user_create', [username, mail, password, firstname, lastname]) uid = str(random.randint(200, 99999))
uid_check = os.system("getent passwd " + uid)
gid_check = os.system("getent group " + uid)
# Adapt values for LDAP
fullname = firstname + ' ' + lastname
rdn = 'uid=' + username + ',ou=users'
char_set = string.ascii_uppercase + string.digits
salt = ''.join(random.sample(char_set,8))
salt = '$1$' + salt + '$'
pwd = '{CRYPT}' + crypt.crypt(str(password), salt)
attr_dict = {
'objectClass' : ['mailAccount', 'inetOrgPerson', 'posixAccount'],
'givenName' : firstname,
'sn' : lastname,
'displayName' : fullname,
'cn' : fullname,
'uid' : username,
'mail' : mail,
'maildrop' : username,
'userPassword' : pwd,
'gidNumber' : uid,
'uidNumber' : uid,
'homeDirectory' : '/home/' + username,
'loginShell' : '/bin/false'
}
if yldap.add(rdn, attr_dict):
os.system("su - " + username + " -c ''")
#TODO: Send a welcome mail to user #TODO: Send a welcome mail to user
win_msg(_("User successfully created")) win_msg(_("User successfully created"))
return { _("Fullname") : firstname +' '+ lastname, _("Username") : username, _("Mail") : mail } hook_callback('post_user_create', [username, mail, password, firstname, lastname])
return { _("Fullname") : fullname, _("Username") : username, _("Mail") : mail }
else: else:
raise YunoHostError(169, _("An error occured during user creation")) raise YunoHostError(169, _("An error occured during user creation"))
@ -141,14 +171,11 @@ def user_delete(users, purge=False):
users = [ users ] users = [ users ]
for user in users: for user in users:
delete_command = '/usr/sbin/smbldap-userdel' if yldap.remove('uid=' + user+ ',ou=users'):
if purge: if purge:
delete_command = delete_command +' -r '+ user os.system('rm -rf /home/' + user)
else:
delete_command = delete_command +' '+ user
user_deleted = os.system(delete_command)
if user_deleted == 0:
result['Users'].append(user) result['Users'].append(user)
continue
else: else:
raise YunoHostError(169, _("An error occured during user deletion")) raise YunoHostError(169, _("An error occured during user deletion"))
@ -197,9 +224,10 @@ def user_update(username, firstname=None, lastname=None, mail=None, change_passw
new_attr_dict['cn'] = new_attr_dict['displayName'] = firstname + ' ' + lastname new_attr_dict['cn'] = new_attr_dict['displayName'] = firstname + ' ' + lastname
if change_password: if change_password:
pwd_changed = os.system('echo "'+ change_password +'\n'+ change_password +'" | smbldap-passwd '+ username) char_set = string.ascii_uppercase + string.digits
if pwd_changed > 0: salt = ''.join(random.sample(char_set,8))
raise YunoHostError(169, _("An error occured during password update")) salt = '$1$' + salt + '$'
new_attr_dict['userPassword'] = '{CRYPT}' + crypt.crypt(str(change_password), salt)
if mail: if mail:
yldap.validate_uniqueness({ 'mail': mail }) yldap.validate_uniqueness({ 'mail': mail })