mirror of
https://github.com/YunoHost/yunohost.git
synced 2024-09-03 20:06:10 +02:00
139 lines
4 KiB
Python
139 lines
4 KiB
Python
from moulinette.utils.log import getActionLogger
|
|
|
|
from yunohost.tools import Migration
|
|
|
|
logger = getActionLogger("yunohost.migration")
|
|
|
|
###################################################
|
|
# Tools used also for restoration
|
|
###################################################
|
|
|
|
|
|
class MyMigration(Migration):
|
|
"""
|
|
Add new permissions around SSH/SFTP features
|
|
"""
|
|
|
|
introduced_in_version = "11.1" # FIXME?
|
|
dependencies = []
|
|
|
|
ldap_migration_started = False
|
|
|
|
@Migration.ldap_migration
|
|
def run(self, *args):
|
|
|
|
from yunohost.user import (
|
|
user_list,
|
|
user_info,
|
|
user_group_update,
|
|
user_update,
|
|
user_group_add_mailalias,
|
|
ADMIN_ALIASES,
|
|
)
|
|
from yunohost.utils.ldap import _get_ldap_interface
|
|
from yunohost.permission import permission_sync_to_user
|
|
from yunohost.domain import _get_maindomain
|
|
|
|
main_domain = _get_maindomain()
|
|
ldap = _get_ldap_interface()
|
|
|
|
all_users = user_list()["users"].keys()
|
|
new_admin_user = None
|
|
for user in all_users:
|
|
if any(
|
|
alias.startswith("root@")
|
|
for alias in user_info(user).get("mail-aliases", [])
|
|
):
|
|
new_admin_user = user
|
|
break
|
|
|
|
self.ldap_migration_started = True
|
|
|
|
if new_admin_user:
|
|
aliases = user_info(new_admin_user).get("mail-aliases", [])
|
|
old_admin_aliases_to_remove = [
|
|
alias
|
|
for alias in aliases
|
|
if any(
|
|
alias.startswith(a)
|
|
for a in [
|
|
"root@",
|
|
"admin@",
|
|
"admins@",
|
|
"webmaster@",
|
|
"postmaster@",
|
|
"abuse@",
|
|
]
|
|
)
|
|
]
|
|
|
|
user_update(new_admin_user, remove_mailalias=old_admin_aliases_to_remove)
|
|
|
|
admin_hashs = ldap.search("cn=admin", attrs={"userPassword"})[0]["userPassword"]
|
|
|
|
stuff_to_delete = [
|
|
"cn=admin,ou=sudo",
|
|
"cn=admin",
|
|
"cn=admins,ou=groups",
|
|
]
|
|
|
|
for stuff in stuff_to_delete:
|
|
if ldap.search(stuff):
|
|
ldap.remove(stuff)
|
|
|
|
ldap.add(
|
|
"cn=admins,ou=sudo",
|
|
{
|
|
"cn": ["admins"],
|
|
"objectClass": ["top", "sudoRole"],
|
|
"sudoCommand": ["ALL"],
|
|
"sudoUser": ["%admins"],
|
|
"sudoHost": ["ALL"],
|
|
},
|
|
)
|
|
|
|
ldap.add(
|
|
"cn=admins,ou=groups",
|
|
{
|
|
"cn": ["admins"],
|
|
"objectClass": ["top", "posixGroup", "groupOfNamesYnh"],
|
|
"gidNumber": ["4001"],
|
|
},
|
|
)
|
|
|
|
user_group_add_mailalias(
|
|
"admins", [f"{alias}@{main_domain}" for alias in ADMIN_ALIASES]
|
|
)
|
|
|
|
permission_sync_to_user()
|
|
|
|
if new_admin_user:
|
|
user_group_update(groupname="admins", add=new_admin_user, sync_perm=True)
|
|
|
|
# Re-add admin as a regular user
|
|
attr_dict = {
|
|
"objectClass": [
|
|
"mailAccount",
|
|
"inetOrgPerson",
|
|
"posixAccount",
|
|
"userPermissionYnh",
|
|
],
|
|
"givenName": ["Admin"],
|
|
"sn": ["Admin"],
|
|
"displayName": ["Admin"],
|
|
"cn": ["Admin"],
|
|
"uid": ["admin"],
|
|
"mail": "admin_legacy",
|
|
"maildrop": ["admin"],
|
|
"mailuserquota": ["0"],
|
|
"userPassword": admin_hashs,
|
|
"gidNumber": ["1007"],
|
|
"uidNumber": ["1007"],
|
|
"homeDirectory": ["/home/admin"],
|
|
"loginShell": ["/bin/bash"],
|
|
}
|
|
ldap.add("uid=admin,ou=users", attr_dict)
|
|
user_group_update(groupname="admins", add="admin", sync_perm=True)
|
|
|
|
def run_after_system_restore(self):
|
|
self.run()
|