diff options
Diffstat (limited to 'src/main/java/org/openslx/taskmanager/tasks/CreateLdapConfig.java')
| -rw-r--r-- | src/main/java/org/openslx/taskmanager/tasks/CreateLdapConfig.java | 115 |
1 files changed, 45 insertions, 70 deletions
diff --git a/src/main/java/org/openslx/taskmanager/tasks/CreateLdapConfig.java b/src/main/java/org/openslx/taskmanager/tasks/CreateLdapConfig.java index 35cbe31..a790ecb 100644 --- a/src/main/java/org/openslx/taskmanager/tasks/CreateLdapConfig.java +++ b/src/main/java/org/openslx/taskmanager/tasks/CreateLdapConfig.java @@ -18,7 +18,6 @@ import org.openslx.satserver.util.Constants; import org.openslx.satserver.util.Exec; import org.openslx.satserver.util.Exec.ExecCallback; import org.openslx.satserver.util.LdapMapping; -import org.openslx.satserver.util.Template; import org.openslx.satserver.util.Util; import org.openslx.taskmanager.api.AbstractTask; @@ -63,6 +62,8 @@ public class CreateLdapConfig extends AbstractTask private String fixnumeric = null; @Expose private LdapMapping mapping; + @Expose + private String ldapAttrMountOpts; // Share mode stuff @Expose @@ -86,6 +87,8 @@ public class CreateLdapConfig extends AbstractTask @Expose private String shareDomain; @Expose + private String shareHomeMountOpts; + @Expose private int credentialPassthrough; private Output status = new Output(); @@ -143,13 +146,13 @@ public class CreateLdapConfig extends AbstractTask protected boolean execute() { TarArchiveOutputStream outArchive = null; - File keyFile = new File( "/opt/ldadp/configs/" + this.moduleid + ".key.pem" ); - File certFile = new File( "/opt/ldadp/configs/" + this.moduleid + ".crt.pem" ); - File caFile = new File( "/opt/ldadp/configs/" + this.moduleid + ".ca-bundle.pem" ); - String uri = "ldaps://" + this.proxyip + ":" + this.proxyport + "/"; - String cacertPath = "/etc/ldap-proxy.pem"; - String caPath = ""; + final File keyFile = new File( "/opt/ldadp/configs/" + this.moduleid + ".key.pem" ); + final File certFile = new File( "/opt/ldadp/configs/" + this.moduleid + ".crt.pem" ); + final File caFile = new File( "/opt/ldadp/configs/" + this.moduleid + ".ca-bundle.pem" ); + final String uri = "ldaps://" + this.proxyip + ":" + this.proxyport + "/"; + final String clientCacertPath = "/etc/ldap/proxy-" + this.moduleid + ".pem"; final String subject = "/C=DE/ST=Nowhere/L=Springfield/O=Dis/CN=" + this.proxyip; + String caPath = ""; try { // If cert already exists, check if the subject (most importantly the CN) matches the desired one if ( certFile.exists() ) { @@ -239,44 +242,29 @@ public class CreateLdapConfig extends AbstractTask certFile, keyFile ); // Generic ldap config - final Template ldapConf = new Template( "./data/ad/ldap.conf.template" ); - ldapConf.replace( "%URI%", uri ); - ldapConf.replace( "%SEARCHBASE%", this.searchbase ); - ldapConf.replace( "%CACERT%", cacertPath ); - // sssd config - final Template sssdConf = new Template( "./data/ad/sssd.conf.template" ); - sssdConf.replace( "%URI%", uri ); - sssdConf.replace( "%SEARCHBASE%", this.searchbase ); - sssdConf.replace( "%CACERT%", cacertPath ); + StringBuilder ldapConf = new StringBuilder(); + addConfLine( ldapConf, "LDAP_URI", uri ); + addConfLine( ldapConf, "LDAP_BASE", this.searchbase ); + addConfLine( ldapConf, "LDAP_CACERT", clientCacertPath ); + addConfLine( ldapConf, "LDAP_ATTR_MOUNT_OPTS", this.ldapAttrMountOpts ); // Sharemode config - String shareConf = String.format( - "SHARE_REMAP_MODE=%d\n" - + "SHARE_CREATE_MISSING_REMAP=%d\n" - + "SHARE_HOME_DRIVE='%s'\n" - + "SHARE_DOCUMENTS=%d\n" - + "SHARE_DOWNLOADS=%d\n" - + "SHARE_DESKTOP=%d\n" - + "SHARE_MEDIA=%d\n" - + "SHARE_OTHER=%d\n" - + "SHARE_DOMAIN='%s'\n" - + "SHARE_CREDENTIAL_PASSTHROUGH=%d\n", - this.shareRemapMode, - this.shareRemapCreate, - escapeBashString( this.shareHomeDrive ), - this.shareDocuments, - this.shareDownloads, - this.shareDesktop, - this.shareMedia, - this.shareOther, - escapeBashString( this.shareDomain ), - this.credentialPassthrough - ); + addConfLine( ldapConf, "SHARE_HOME_MOUNT_OPTS", this.shareHomeMountOpts ); + addConfLine( ldapConf, "SHARE_REMAP_MODE", this.shareRemapMode ); + addConfLine( ldapConf, "SHARE_CREATE_MISSING_REMAP", this.shareRemapCreate ); + addConfLine( ldapConf, "SHARE_HOME_DRIVE", this.shareHomeDrive ); + addConfLine( ldapConf, "SHARE_DOCUMENTS", this.shareDocuments ); + addConfLine( ldapConf, "SHARE_DOWNLOADS", this.shareDownloads ); + addConfLine( ldapConf, "SHARE_DESKTOP", this.shareDesktop ); + addConfLine( ldapConf, "SHARE_MEDIA", this.shareMedia ); + addConfLine( ldapConf, "SHARE_OTHER", this.shareOther ); + addConfLine( ldapConf, "SHARE_DOMAIN", this.shareDomain ); + addConfLine( ldapConf, "SHARE_CREDENTIAL_PASSTHROUGH", this.credentialPassthrough ); if ( this.shares != null && !this.shares.isEmpty() ) { int i = 0; for ( Share s : this.shares ) { - shareConf += String.format( "SHARE_LINE_%d='%s\t%s\t%s\t%s\t%s'\n", - ++i, escapeBashString( s.share ), escapeBashString( s.letter ), escapeBashString( s.shortcut ), - escapeBashString( s.user ), escapeBashString( s.pass ) ); + ++i; + addConfLine( ldapConf, "SHARE_LINE_" + i, + String.format( "%s\t%s\t%s\t%s\t%s", s.share, s.letter, s.shortcut, s.user, s.pass ) ); } } // Build tar/config @@ -305,46 +293,33 @@ public class CreateLdapConfig extends AbstractTask return false; } // The cert we just created - if ( !Archive.tarAddFile( outArchive, cacertPath, certFile, 0644 ) ) { + if ( !Archive.tarAddFile( outArchive, clientCacertPath, certFile, 0644 ) ) { status.error = "Could not add ldap-proxy.pem to module"; return false; } - // nsswitch.conf with ldap enabled - if ( !Archive.tarAddFile( outArchive, "/etc/nsswitch.conf", new File( "./data/ad/nsswitch.conf" ), 0644 ) ) { - status.error = "Could not add nsswitch.conf to module"; - return false; - } - // All the pam.d common-XXXX files - for ( String file : new String[] { "common-auth", "common-account", "common-session", "common-session-noninteractive", - "common-password" } ) { - if ( !Archive.tarAddFile( outArchive, "/etc/pam.d/" + file, new File( "./data/ad/" + file ), 0644 ) ) { - status.error = "Could not add " + file + " to module"; - return false; - } - } - // Home if present - if ( !Archive.tarAddFile( outArchive, "/opt/openslx/scripts/pam_script_mount_persistent", new File( "./data/ad/mountscript" ), - 0644 ) ) { - status.error = "Could not add mount script to module"; - return false; - } - boolean ret = Archive.tarCreateFileFromString( outArchive, "/etc/ldap.conf", ldapConf.toString(), 0644 ) - && Archive.tarCreateFileFromString( outArchive, "/etc/sssd/sssd.conf", sssdConf.toString(), 0600 ) - && Archive.tarCreateFileFromString( outArchive, "/opt/openslx/inc/shares", shareConf, 0644 ) - && Archive.tarCreateSymlink( outArchive, "/etc/ldap.conf", "/etc/ldap/ldap.conf" ) - && Archive.tarCreateSymlink( outArchive, "/etc/ldap.conf", "/etc/openldap/ldap.conf" ) - && Archive.tarCreateSymlink( outArchive, "../sssd.service", "/etc/systemd/system/basic.target.wants/sssd.service" ); + boolean ret = Archive.tarCreateFileFromString( outArchive, "/opt/openslx/pam/slx-ldap.d/conf-" + this.moduleid, + ldapConf.toString(), 0644 ); if ( !ret ) { status.error = "Could not add ldap configs to module"; } return ret; - } catch ( IOException e ) { - status.error = e.toString(); - return false; } finally { Util.multiClose( outArchive ); } } + + private void addConfLine( StringBuilder sb, String varName, int value ) + { + addConfLine( sb, varName, Integer.toString( value ) ); + } + + private void addConfLine( StringBuilder sb, String varName, String value ) + { + sb.append( varName ); + sb.append( "='" ); + sb.append( escapeBashString( value ) ); + sb.append( "'\n" ); + } private String escapeBashString( String str ) { |