mirror of
https://github.com/YunoHost/moulinette.git
synced 2024-09-03 20:06:31 +02:00
213 lines
7 KiB
Python
213 lines
7 KiB
Python
# -*- coding: utf-8 -*-
|
|
|
|
import os
|
|
import sys
|
|
import yaml
|
|
import re
|
|
import getpass
|
|
from yunohost import YunoHostError, YunoHostLDAP, validate, colorize, get_required_args, win_msg
|
|
from yunohost_domain import domain_add
|
|
|
|
def tools_ldapinit():
|
|
"""
|
|
Initialize YunoHost LDAP scheme
|
|
|
|
Returns:
|
|
dict
|
|
|
|
"""
|
|
with YunoHostLDAP() as yldap:
|
|
|
|
with open('ldap_scheme.yml') as f:
|
|
ldap_map = yaml.load(f)
|
|
|
|
for rdn, attr_dict in ldap_map['parents'].items():
|
|
yldap.add(rdn, attr_dict)
|
|
|
|
for rdn, attr_dict in ldap_map['childs'].items():
|
|
yldap.add(rdn, attr_dict)
|
|
|
|
|
|
admin_dict = {
|
|
'cn': 'admin',
|
|
'uid': 'admin',
|
|
'description': 'LDAP Administrator',
|
|
'gidNumber': '1007',
|
|
'uidNumber': '1007',
|
|
'homeDirectory': '/home/admin',
|
|
'loginShell': '/bin/bash',
|
|
'objectClass': ['organizationalRole', 'posixAccount', 'simpleSecurityObject']
|
|
}
|
|
|
|
yldap.update('cn=admin', admin_dict)
|
|
|
|
win_msg(_("LDAP has been successfully initialized"))
|
|
|
|
|
|
def tools_adminpw(old_password, new_password):
|
|
"""
|
|
Change admin password
|
|
|
|
Keyword arguments:
|
|
old_password
|
|
new_password
|
|
|
|
Returns:
|
|
dict
|
|
|
|
"""
|
|
# Validate password length
|
|
if len(new_password) < 4:
|
|
raise YunoHostError(22, _("Password is too short"))
|
|
|
|
result = os.system('ldappasswd -h localhost -D cn=admin,dc=yunohost,dc=org -w "'+ old_password +'" -a "'+ old_password +'" -s "' + new_password + '"')
|
|
|
|
if result == 0:
|
|
win_msg(_("Admin password has been changed"))
|
|
else:
|
|
raise YunoHostError(22, _("Invalid password"))
|
|
|
|
|
|
def tools_maindomain(old_domain, new_domain):
|
|
"""
|
|
Change admin password
|
|
|
|
Keyword arguments:
|
|
old_domain
|
|
new_domain
|
|
|
|
Returns:
|
|
dict
|
|
|
|
"""
|
|
|
|
if not old_domain:
|
|
with open('/etc/yunohost/current_host', 'r') as f:
|
|
old_domain = f.readline().rstrip()
|
|
|
|
validate(r'^([a-zA-Z0-9]{1}([a-zA-Z0-9\-]*[a-zA-Z0-9])*)(\.[a-zA-Z0-9]{1}([a-zA-Z0-9\-]*[a-zA-Z0-9])*)*(\.[a-zA-Z]{1}([a-zA-Z0-9\-]*[a-zA-Z0-9])*)$', old_domain)
|
|
|
|
config_files = [
|
|
'/etc/postfix/main.cf',
|
|
'/etc/dovecot/dovecot.conf',
|
|
'/etc/lemonldap-ng/lemonldap-ng.ini',
|
|
'/etc/hosts',
|
|
'/usr/share/yunohost/yunohost-config/others/startup',
|
|
]
|
|
|
|
config_dir = []
|
|
|
|
for dir in config_dir:
|
|
for file in os.listdir(dir):
|
|
config_files.append(dir + '/' + file)
|
|
|
|
for file in config_files:
|
|
with open(file, "r") as sources:
|
|
lines = sources.readlines()
|
|
with open(file, "w") as sources:
|
|
for line in lines:
|
|
sources.write(re.sub(r''+ old_domain +'', new_domain, line))
|
|
|
|
domain_add([new_domain], web=True)
|
|
|
|
lemon_conf_lines = [
|
|
"$tmp->{'domain'} = '"+ new_domain +"';", # Replace Lemon domain
|
|
"$tmp->{'ldapBase'} = 'dc=yunohost,dc=org';", # Set ldap basedn
|
|
"$tmp->{'portal'} = 'https://"+ new_domain +"/sso/';", # Set SSO url
|
|
"$tmp->{'locationRules'}->{'"+ new_domain +"'}->{'(?#0ynh_admin)^/ynh-admin/'} = '$uid eq \"admin\"';",
|
|
"$tmp->{'locationRules'}->{'"+ new_domain +"'}->{'(?#0ynh_user)^/ynh-user/'} = '$uid ne \"admin\"';"
|
|
]
|
|
|
|
if old_domain is not 'yunohost.org':
|
|
lemon_conf_lines.extend([
|
|
"delete $tmp->{'locationRules'}->{'"+ old_domain +"'}->{'(?#0ynh_admin)^/ynh-admin/'};",
|
|
"delete $tmp->{'locationRules'}->{'"+ old_domain +"'}->{'(?#0ynh_user)^/ynh-user/'};"
|
|
])
|
|
|
|
with open('/tmp/tmplemonconf','w') as lemon_conf:
|
|
for line in lemon_conf_lines:
|
|
lemon_conf.write(line + '\n')
|
|
|
|
os.system('rm /etc/yunohost/apache/domains/' + old_domain + '.d/*.fixed.conf') # remove SSO apache conf dir from old domain conf (fail if postinstall)
|
|
os.system('rm /etc/ssl/private/yunohost_key.pem')
|
|
os.system('rm /etc/ssl/certs/yunohost_crt.pem')
|
|
|
|
command_list = [
|
|
'cp /etc/yunohost/apache/templates/sso.fixed.conf /etc/yunohost/apache/domains/' + new_domain + '.d/sso.fixed.conf', # add SSO apache conf dir to new domain conf
|
|
'cp /etc/yunohost/apache/templates/admin.fixed.conf /etc/yunohost/apache/domains/' + new_domain + '.d/admin.fixed.conf',
|
|
'cp /etc/yunohost/apache/templates/user.fixed.conf /etc/yunohost/apache/domains/' + new_domain + '.d/user.fixed.conf',
|
|
'/usr/share/lemonldap-ng/bin/lmYnhMoulinette',
|
|
'/etc/init.d/hostname.sh',
|
|
'cp /etc/yunohost/certs/'+ new_domain +'/key.pem /etc/metronome/certs/yunohost_key.pem',
|
|
'chown metronome: /etc/metronome/certs/yunohost_key.pem',
|
|
'ln -s /etc/yunohost/certs/'+ new_domain +'/key.pem /etc/ssl/private/yunohost_key.pem',
|
|
'ln -s /etc/yunohost/certs/'+ new_domain +'/crt.pem /etc/ssl/certs/yunohost_crt.pem',
|
|
'echo '+ new_domain +' > /etc/yunohost/current_host',
|
|
'service apache2 restart',
|
|
'service metronome restart',
|
|
'service postfix restart'
|
|
]
|
|
|
|
for command in command_list:
|
|
if os.system(command) != 0:
|
|
raise YunoHostError(17, _("There were a problem during domain changing"))
|
|
|
|
win_msg(_("Main domain has been successfully changed"))
|
|
|
|
|
|
def tools_postinstall(domain, password):
|
|
"""
|
|
Post-install configuration
|
|
|
|
Keyword arguments:
|
|
domain -- Main domain
|
|
password -- New admin password
|
|
|
|
Returns:
|
|
dict
|
|
|
|
"""
|
|
with YunoHostLDAP(password='yunohost') as yldap:
|
|
try:
|
|
with open('/etc/yunohost/installed') as f: pass
|
|
except IOError:
|
|
print('Installing YunoHost')
|
|
else:
|
|
raise YunoHostError(17, _("YunoHost is already installed"))
|
|
|
|
# Create required folders
|
|
folders_to_create = [
|
|
'/etc/yunohost/apps',
|
|
'/etc/yunohost/certs'
|
|
]
|
|
|
|
for folder in folders_to_create:
|
|
try: os.listdir(folder)
|
|
except OSError: os.makedirs(folder)
|
|
|
|
# Create SSL CA
|
|
ssl_dir = '/usr/share/yunohost/yunohost-config/ssl/yunoCA'
|
|
command_list = [
|
|
'echo "01" > '+ ssl_dir +'/serial',
|
|
'rm '+ ssl_dir +'/index.txt',
|
|
'touch '+ ssl_dir +'/index.txt',
|
|
'openssl req -x509 -new -config '+ ssl_dir +'/openssl.cnf -days 3650 -out '+ ssl_dir +'/ca/cacert.pem -keyout '+ ssl_dir +'/ca/cakey.pem -nodes -batch',
|
|
'cp '+ ssl_dir +'/ca/cacert.pem /etc/ssl/certs/ca-yunohost_crt.pem'
|
|
]
|
|
|
|
for command in command_list:
|
|
if os.system(command) != 0:
|
|
raise YunoHostError(17, _("There were a problem during CA creation"))
|
|
|
|
# Initialize YunoHost LDAP base
|
|
tools_ldapinit()
|
|
|
|
# New domain config
|
|
tools_maindomain(old_domain='yunohost.org', new_domain=domain)
|
|
|
|
# Change LDAP admin password
|
|
tools_adminpw(old_password='yunohost', new_password=password)
|
|
|
|
os.system('touch /etc/yunohost/installed')
|
|
|
|
win_msg(_("YunoHost has been successfully configured"))
|