blob: ea0fd8d8f2471ad0f044ceac7d3dfcaaba86a643 (
plain) (
tree)
|
|
package org.openslx.taskmanager.tasks;
import java.io.File;
import java.io.IOException;
import java.nio.charset.StandardCharsets;
import org.apache.commons.compress.archivers.tar.TarArchiveOutputStream;
import org.apache.commons.io.FileUtils;
import org.openslx.satserver.util.Archive;
import org.openslx.satserver.util.Util;
import org.openslx.taskmanager.api.AbstractTask;
import com.google.gson.annotations.Expose;
public class SshdConfigGenerator extends AbstractTask
{
private static enum PasswordLogin
{
NO, USER_ONLY, YES
};
private static enum AllowUsers
{
ROOT_ONLY, USER_ONLY, ALL
}
@Expose
private int listenPort = 0;
@Expose
private PasswordLogin allowPasswordLogin;
@Expose
private AllowUsers allowedUsersLogin;
@Expose
private String filename = null;
private Output status = new Output();
@Override
protected boolean initTask()
{
this.setStatusObject( status );
if ( !Util.isAllowedDir( this.filename ) ) {
status.error = "Invalid directory for " + this.filename;
}
if ( allowPasswordLogin == null ) {
status.error = "Invalid value for allowPasswordLogin";
}
if ( allowedUsersLogin == null ) {
status.error = "Invalid value for allowedUsersLogin";
}
if ( listenPort > 65535 || listenPort < 1 ) {
status.error = "Invalid value for listenPort: " + listenPort;
}
return status.error == null;
}
@Override
protected boolean execute()
{
TarArchiveOutputStream outArchive = null;
try {
// Prepare sshd config
String template;
try {
template = FileUtils.readFileToString( new File( "./data/sshd_config.template" ), StandardCharsets.UTF_8 );
} catch ( IOException e ) {
status.error = e.toString();
return false;
}
String allowPassword;
String allowRoot;
switch ( allowPasswordLogin ) {
default:
case NO:
allowPassword = "no";
allowRoot = "prohibit-password";
break;
case USER_ONLY:
allowPassword = "yes";
allowRoot = "prohibit-password";
break;
case YES:
allowPassword = "yes";
allowRoot = "yes";
break;
}
String allowUsers;
String denyUsers = "demo";
switch ( allowedUsersLogin ) {
case ALL:
allowUsers = "*";
break;
default:
case ROOT_ONLY:
allowUsers = "root";
break;
case USER_ONLY:
allowUsers = "*";
denyUsers += " root";
allowRoot = "no";
break;
}
template = template.replace( "%PORT%", Integer.toString( this.listenPort ) );
template = template.replace( "%ALLOW_PASSWORD%", allowPassword );
template = template.replace( "%ALLOW_ROOT%", allowRoot );
template = template.replace( "%ALLOW_USERS%", allowUsers );
template = template.replace( "%DENY_USERS%", denyUsers );
try {
outArchive = Archive.createTarArchive( this.filename );
} catch ( IOException e ) {
status.error = "Could not create archive at " + this.filename;
return false;
}
boolean ok = Archive.tarCreateFileFromString( outArchive, "/etc/ssh/sshd_config", template, 0644 );
ok |= Archive.tarCreateSymlink( outArchive, "../sshd.service", "/etc/systemd/system/multi-user.target.wants/sshd.service" );
if ( !ok ) {
status.error = "Could not create module archive contents";
return false;
}
} finally {
Util.multiClose( outArchive );
}
return true;
}
/**
* Output - contains additional status data of this task
*/
private static class Output
{
protected String error = null;
}
}
|