diff options
Diffstat (limited to 'src/main/java/org/openslx/taskmanager/tasks/CreateAdConfig.java')
-rw-r--r-- | src/main/java/org/openslx/taskmanager/tasks/CreateAdConfig.java | 161 |
1 files changed, 161 insertions, 0 deletions
diff --git a/src/main/java/org/openslx/taskmanager/tasks/CreateAdConfig.java b/src/main/java/org/openslx/taskmanager/tasks/CreateAdConfig.java new file mode 100644 index 0000000..71ef249 --- /dev/null +++ b/src/main/java/org/openslx/taskmanager/tasks/CreateAdConfig.java @@ -0,0 +1,161 @@ +package org.openslx.taskmanager.tasks; + +import java.io.File; +import java.io.IOException; +import java.nio.charset.StandardCharsets; +import java.nio.file.Files; +import java.nio.file.Paths; + +import org.apache.commons.compress.archivers.tar.TarArchiveOutputStream; +import org.apache.commons.io.FileUtils; +import org.openslx.satserver.util.Archive; +import org.openslx.satserver.util.Util; +import org.openslx.taskmanager.api.AbstractTask; + +import com.google.gson.annotations.Expose; + +public class CreateAdConfig extends AbstractTask +{ + @Expose + private int moduleid = 0; + @Expose + private String filename = null; + @Expose + private String server = null; + @Expose + private String searchbase = null; + @Expose + private String binddn = null; + @Expose + private String bindpw = null; + @Expose + private String proxyip = null; + @Expose + private int proxyport = 0; + @Expose + private String home = null; + + private Output status = new Output(); + + @Override + protected boolean initTask() + { + // TODO: Check path is allowed + this.setStatusObject( this.status ); + if ( filename == null || server == null || searchbase == null || binddn == null || bindpw == null || proxyip == null || proxyport == 0 || moduleid == 0 ) { + status.error = "Missing argument to task"; + return false; + } + if ( this.home == null ) + this.home = ""; + return true; + } + + @Override + protected boolean execute() + { + TarArchiveOutputStream outArchive = null; + try { + // ldadp config + String ldadpConf = String.format( + "[%s]\n" + + "binddn=%s\n" + + "bindpw=%s\n" + + "base=%s\n" + + "port=%s\n" + + "home=%s\n" + + "\n", + this.server, + this.binddn, + this.bindpw, + this.searchbase, + this.proxyport, + this.home ); + String fileName = "/opt/ldadp/configs/" + this.moduleid + ".cfg"; + try { + Files.deleteIfExists( Paths.get( filename ) ); + } catch ( IOException e1 ) { + } + try { + FileUtils.writeStringToFile( new File( fileName ), ldadpConf, StandardCharsets.UTF_8 ); + } catch ( IOException e ) { + status.error = e.toString(); + return false; + } + try { + outArchive = Archive.createTarArchive( this.filename ); + } catch ( IOException e ) { + status.error = "Could not create archive at " + this.filename; + return false; + } + // Generic ldap config + String ldapConf = String + .format( + "URI ldap://%s:%d/\n" + + "BASE %s\n" + + "BIND_TIMELIMIT 10\n" + + "TIMELIMIT 30\n" + + "nss_base_passwd %s\n" + + "nss_base_group %s\n" + + "nss_initgroups_ignoreusers avahi,avahi-autoipd,backup,bin,colord,daemon,dnsmasq,games,gnats,hplip,irc,kernoops,libuuid,lightdm,list,lp,mail,man,messagebus,news,proxy,pulse,root,rtkit,saned,speech-dispatcher,sshd,sync,sys,syslog,usbmux,uucp,whoopsie,www-data\n", + this.proxyip, this.proxyport, + this.searchbase, + this.searchbase, + this.searchbase + ); + // nslcd config + String nslcdConf = String + .format( + "URI ldap://%s:%d/\n" + + "BASE %s\n" + + "BIND_TIMELIMIT 10\n" + + "TIMELIMIT 30\n" + + "scope sub\n" + + "nss_initgroups_ignoreusers avahi,avahi-autoipd,backup,bin,colord,daemon,dnsmasq,games,gnats,hplip,irc,kernoops,libuuid,lightdm,list,lp,mail,man,messagebus,news,proxy,pulse,root,rtkit,saned,speech-dispatcher,sshd,sync,sys,syslog,usbmux,uucp,whoopsie,www-data\n", + this.proxyip, this.proxyport, + this.searchbase, + this.searchbase, + this.searchbase + ); + // nsswitch.conf with ldap enabled + if ( !Archive.tarAddFile( outArchive, "/etc/nsswitch.conf", new File( "./data/ad/nsswitch.conf" ), 0644 ) ) { + status.error = "Could not add nsswitch.conf to module"; + return false; + } + // All the pam.d common-XXXX files + for ( String file : new String[] { "common-auth", "common-account", "common-session", "common-session-noninteractive", "common-password" } ) { + if ( !Archive.tarAddFile( outArchive, "/etc/pam.d/" + file, new File( "./data/ad/" + file ), 0644 ) ) { + status.error = "Could not add " + file + " to module"; + return false; + } + } + // Home if present + if ( this.home.length() != 0 + && !Archive.tarAddFile( outArchive, "/opt/openslx/scripts/pam_script_mount_persistent", new File( "./data/ad/mountscript" ), 0644 ) ) { + status.error = "Could not add mount script to module"; + return false; + } + boolean ret = Archive.tarCreateFileFromString( outArchive, "/etc/ldap.conf", ldapConf, 0644 ) + && Archive.tarCreateFileFromString( outArchive, "/etc/nslcd.conf", nslcdConf, 0644 ) + && Archive.tarCreateSymlink( outArchive, "/etc/ldap.conf", "/etc/ldap/ldap.conf" ) + && Archive.tarCreateSymlink( outArchive, "/etc/ldap.conf", "/etc/openldap/ldap.conf" ) + && Archive.tarCreateSymlink( outArchive, "../nslcd.service", "/etc/systemd/system/basic.target.wants/nslcd.service" ); + if ( !ret ) { + status.error = "Could not add ldap configs to module"; + } + return ret; + } finally { + Util.multiClose( outArchive ); + } + } + + /** + * Output - contains additional status data of this task + */ + @SuppressWarnings( "unused" ) + private static class Output + { + protected String error = null; + } + +} |