1
2
3
4
5
6
7
8
9
10
11
12
13
14
15
16
17
18
19
20
21
22
23
24
25
26
27
28
29
30
31
32
33
34
35
36
37
38
39
40
41
42
43
44
45
46
47
48
49
50
51
52
53
54
55
56
57
58
59
60
61
62
63
64
65
66
67
68
69
70
71
72
73
74
75
76
77
78
79
80
81
82
83
84
85
86
87
88
89
90
91
92
93
94
95
96
97
98
99
100
101
102
103
104
105
106
107
108
109
110
111
112
113
114
115
116
117
118
119
120
121
122
123
124
125
126
127
128
129
130
131
132
133
134
135
|
package org.openslx.taskmanager.tasks;
import java.io.File;
import java.io.IOException;
import java.nio.charset.StandardCharsets;
import org.apache.commons.compress.archivers.tar.TarArchiveOutputStream;
import org.apache.commons.io.FileUtils;
import org.openslx.satserver.util.Archive;
import org.openslx.satserver.util.Util;
import org.openslx.taskmanager.api.AbstractTask;
import com.google.gson.annotations.Expose;
public class SshdConfigGenerator extends AbstractTask
{
private static enum PasswordLogin
{
NO, USER_ONLY, YES
};
private static enum AllowUsers
{
ROOT_ONLY, USER_ONLY, ALL
}
@Expose
private int listenPort = 0;
@Expose
private PasswordLogin allowPasswordLogin;
@Expose
private AllowUsers allowedUsersLogin;
@Expose
private String filename = null;
private Output status = new Output();
@Override
protected boolean initTask()
{
this.setStatusObject( status );
if ( !Util.isAllowedDir( this.filename ) ) {
status.error = "Invalid directory for " + this.filename;
}
if ( allowPasswordLogin == null ) {
status.error = "Invalid value for allowPasswordLogin";
}
if ( allowedUsersLogin == null ) {
status.error = "Invalid value for allowedUsersLogin";
}
if ( listenPort > 65535 || listenPort < 1 ) {
status.error = "Invalid value for listenPort: " + listenPort;
}
return status.error == null;
}
@Override
protected boolean execute()
{
TarArchiveOutputStream outArchive = null;
try {
// Prepare sshd config
String template;
try {
template = FileUtils.readFileToString( new File( "./data/sshd_config.template" ), StandardCharsets.UTF_8 );
} catch ( IOException e ) {
status.error = e.toString();
return false;
}
String allowPassword;
String allowRoot;
switch ( allowPasswordLogin ) {
default:
case NO:
allowPassword = "no";
allowRoot = "prohibit-password";
break;
case USER_ONLY:
allowPassword = "yes";
allowRoot = "prohibit-password";
break;
case YES:
allowPassword = "yes";
allowRoot = "yes";
break;
}
String allowUsers;
String denyUsers = "demo";
switch ( allowedUsersLogin ) {
case ALL:
allowUsers = "*";
break;
default:
case ROOT_ONLY:
allowUsers = "root";
break;
case USER_ONLY:
allowUsers = "*";
denyUsers += " root";
allowRoot = "no";
break;
}
template = template.replace( "%PORT%", Integer.toString( this.listenPort ) );
template = template.replace( "%ALLOW_PASSWORD%", allowPassword );
template = template.replace( "%ALLOW_ROOT%", allowRoot );
template = template.replace( "%ALLOW_USERS%", allowUsers );
template = template.replace( "%DENY_USERS%", denyUsers );
try {
outArchive = Archive.createTarArchive( this.filename );
} catch ( IOException e ) {
status.error = "Could not create archive at " + this.filename;
return false;
}
boolean ok = Archive.tarCreateFileFromString( outArchive, "/etc/ssh/sshd_config", template, 0644 );
ok |= Archive.tarCreateSymlink( outArchive, "../sshd.service", "/etc/systemd/system/network.target.wants/sshd.service" );
if ( !ok ) {
status.error = "Could not create module archive contents";
return false;
}
} finally {
Util.multiClose( outArchive );
}
return true;
}
/**
* Output - contains additional status data of this task
*/
private static class Output
{
protected String error = null;
}
}
|
