From 57fa292f224c96614051cbb497744144390d7dd2 Mon Sep 17 00:00:00 2001 From: Simon Rettberg Date: Sun, 13 Sep 2015 17:51:59 +0200 Subject: minor changes --- .../org/openslx/taskmanager/tasks/CompileIPxe.java | 2 - .../openslx/taskmanager/tasks/CreateAdConfig.java | 193 --------------------- .../openslx/taskmanager/tasks/LighttpdHttps.java | 2 +- 3 files changed, 1 insertion(+), 196 deletions(-) delete mode 100644 src/main/java/org/openslx/taskmanager/tasks/CreateAdConfig.java (limited to 'src/main') diff --git a/src/main/java/org/openslx/taskmanager/tasks/CompileIPxe.java b/src/main/java/org/openslx/taskmanager/tasks/CompileIPxe.java index 7795d21..70ae195 100644 --- a/src/main/java/org/openslx/taskmanager/tasks/CompileIPxe.java +++ b/src/main/java/org/openslx/taskmanager/tasks/CompileIPxe.java @@ -2,8 +2,6 @@ package org.openslx.taskmanager.tasks; import java.io.File; import java.io.IOException; -import java.io.PrintWriter; -import java.io.StringWriter; import java.nio.charset.Charset; import java.nio.charset.StandardCharsets; diff --git a/src/main/java/org/openslx/taskmanager/tasks/CreateAdConfig.java b/src/main/java/org/openslx/taskmanager/tasks/CreateAdConfig.java deleted file mode 100644 index d548b9f..0000000 --- a/src/main/java/org/openslx/taskmanager/tasks/CreateAdConfig.java +++ /dev/null @@ -1,193 +0,0 @@ -package org.openslx.taskmanager.tasks; - -import java.io.File; -import java.io.IOException; -import java.nio.charset.StandardCharsets; -import java.nio.file.Files; -import java.nio.file.Paths; - -import org.apache.commons.compress.archivers.tar.TarArchiveOutputStream; -import org.apache.commons.io.FileUtils; -import org.openslx.satserver.util.Archive; -import org.openslx.satserver.util.Constants; -import org.openslx.satserver.util.Exec; -import org.openslx.satserver.util.Template; -import org.openslx.satserver.util.Util; -import org.openslx.taskmanager.api.AbstractTask; - -import com.google.gson.annotations.Expose; - -public class CreateAdConfig extends AbstractTask -{ - @Expose - private int moduleid = 0; - @Expose - private String filename = null; - @Expose - private String server = null; - @Expose - private String searchbase = null; - @Expose - private String binddn = null; - @Expose - private String bindpw = null; - @Expose - private String proxyip = null; - @Expose - private int proxyport = 0; - @Expose - private int adport = 0; - @Expose - private String home = null; - @Expose - private String fingerprint = ""; - - private Output status = new Output(); - - @Override - protected boolean initTask() - { - // TODO: Check path is allowed - this.setStatusObject( this.status ); - if ( filename == null || server == null || searchbase == null || binddn == null || proxyip == null || proxyport == 0 || moduleid == 0 ) { - status.error = "Missing argument to task"; - return false; - } - if ( this.home == null ) - this.home = ""; - if ( this.bindpw == null ) - this.bindpw = ""; - return true; - } - - @Override - protected boolean execute() - { - TarArchiveOutputStream outArchive = null; - String keyFile = "/opt/ldadp/configs/" + this.moduleid + ".key.pem"; - String certFile = "/opt/ldadp/configs/" + this.moduleid + ".crt.pem"; - String uri = "ldaps://" + this.proxyip + ":" + this.proxyport + "/"; - String cacertPath = "/etc/ldap-proxy.pem"; - try { - // Generate keys - { - int ret = Exec.sync( 10, "openssl", "req", - "-x509", "-new", "-newkey", "rsa:4096", "-keyout", keyFile, "-out", certFile, "-days", "5000", "-nodes", - "-subj", "/C=DE/ST=Nowhere/L=Springfield/O=Dis/CN=" + this.proxyip ); - if ( ret == -1 ) { - status.error = "openssl process didn't finish in time."; - } else if ( ret == -2 ) { - status.error = "Internal error generating certificate."; - } else if ( ret != 0 ) { - status.error = "openssl exited with code " + ret; - } - if ( ret != 0 ) - return false; - } - // ldadp config - String ldadpConf = String.format( - "[%s]\n" - + "binddn=%s\n" - + "bindpw=%s\n" - + "base=%s\n" - + "home=%s\n" - + "port=%s\n" - + "fingerprint=%s\n" - + "[local]\n" - + "port=%s\n" - + "cert=%s\n" - + "privkey=%s\n" - + "\n", - this.server, - this.binddn, - this.bindpw, - this.searchbase, - this.home, - this.adport, - this.fingerprint, - this.proxyport, - certFile, - keyFile ); - // Generic ldap config - final Template ldapConf = new Template( "./data/ad/ldap.conf.template" ); - ldapConf.replace( "%URI%", uri ); - ldapConf.replace( "%SEARCHBASE%", this.searchbase ); - ldapConf.replace( "%CACERT%", cacertPath ); - // sssd config - final Template sssdConf = new Template( "./data/ad/sssd.conf.template" ); - sssdConf.replace( "%URI%", uri ); - sssdConf.replace( "%SEARCHBASE%", this.searchbase ); - sssdConf.replace( "%CACERT%", cacertPath ); - String fileName = "/opt/ldadp/configs/" + this.moduleid + ".cfg"; - try { - Files.deleteIfExists( Paths.get( this.filename ) ); - } catch ( IOException e1 ) { - } - try { - FileUtils.writeStringToFile( new File( fileName ), ldadpConf, StandardCharsets.UTF_8 ); - if ( 0 != Exec.sync( 10, - "/usr/bin/sudo", - "-n", - "-u", "root", - Constants.BASEDIR + "/scripts/ldadp-setperms", - Integer.toString( this.moduleid ) ) ) - status.error = "Could not chown/chmod ldadp config!"; - } catch ( IOException e ) { - status.error = e.toString(); - return false; - } - try { - outArchive = Archive.createTarArchive( this.filename ); - } catch ( IOException e ) { - status.error = "Could not create archive at " + this.filename; - return false; - } - // The cert we just created - if ( !Archive.tarAddFile( outArchive, cacertPath, new File( certFile ), 0644 ) ) { - status.error = "Could not add ldap-proxy.pem to module"; - return false; - } - // nsswitch.conf with ldap enabled - if ( !Archive.tarAddFile( outArchive, "/etc/nsswitch.conf", new File( "./data/ad/nsswitch.conf" ), 0644 ) ) { - status.error = "Could not add nsswitch.conf to module"; - return false; - } - // All the pam.d common-XXXX files - for ( String file : new String[] { "common-auth", "common-account", "common-session", "common-session-noninteractive", "common-password" } ) { - if ( !Archive.tarAddFile( outArchive, "/etc/pam.d/" + file, new File( "./data/ad/" + file ), 0644 ) ) { - status.error = "Could not add " + file + " to module"; - return false; - } - } - // Home if present - if ( !Archive.tarAddFile( outArchive, "/opt/openslx/scripts/pam_script_mount_persistent", new File( "./data/ad/mountscript" ), 0644 ) ) { - status.error = "Could not add mount script to module"; - return false; - } - boolean ret = Archive.tarCreateFileFromString( outArchive, "/etc/ldap.conf", ldapConf.toString(), 0644 ) - && Archive.tarCreateFileFromString( outArchive, "/etc/sssd/sssd.conf", sssdConf.toString(), 0600 ) - && Archive.tarCreateSymlink( outArchive, "/etc/ldap.conf", "/etc/ldap/ldap.conf" ) - && Archive.tarCreateSymlink( outArchive, "/etc/ldap.conf", "/etc/openldap/ldap.conf" ) - && Archive.tarCreateSymlink( outArchive, "../sssd.service", "/etc/systemd/system/basic.target.wants/sssd.service" ); - if ( !ret ) { - status.error = "Could not add ldap configs to module"; - } - return ret; - } catch ( IOException e ) { - status.error = e.toString(); - return false; - } finally { - Util.multiClose( outArchive ); - } - } - - /** - * Output - contains additional status data of this task - */ - @SuppressWarnings( "unused" ) - private static class Output - { - protected String error = null; - } - -} diff --git a/src/main/java/org/openslx/taskmanager/tasks/LighttpdHttps.java b/src/main/java/org/openslx/taskmanager/tasks/LighttpdHttps.java index 362191b..e69907e 100644 --- a/src/main/java/org/openslx/taskmanager/tasks/LighttpdHttps.java +++ b/src/main/java/org/openslx/taskmanager/tasks/LighttpdHttps.java @@ -46,7 +46,7 @@ public class LighttpdHttps extends AbstractTask private boolean createRandom() { - int ret = Exec.sync( 10, "sudo", "-n", "-u", "root", "/opt/taskmanager/scripts/install-https", "--random", this.proxyip ); + int ret = Exec.sync( 15, "sudo", "-n", "-u", "root", "/opt/taskmanager/scripts/install-https", "--random", this.proxyip ); if ( ret != 0 ) { status.error = "generator exited with code " + ret; return false; -- cgit v1.2.3-55-g7522